admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-26T16:00:25.284962+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-26 16:00:28 +00:00
parent 668baeea6d
commit be258b3f4a
72 changed files with 5286 additions and 351 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
CVE-2022/CVE-2022-39xx/CVE-2022-3962.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-3962",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-23T20:15:10.747",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:24:34.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de suplantaci\u00f3n de contenido en Kiali. Se descubri\u00f3 que Kiali no implementa el manejo de errores cuando no se puede encontrar la p\u00e1gina o el endpoint al que se accede. Este problema permite a un atacante realizar una inyecci\u00f3n de texto arbitrario cuando se recupera una respuesta de error de la URL a la que se accede."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,94 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kiali:kiali:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65D32C-2ADC-40D9-BEC9-D6F4CDB484CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_service_mesh:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79A8314E-7930-4C13-BBF4-B7992C8115AE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD90EA8-3C35-48E1-A3B5-FEB6E3207E62"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:0542",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3962",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2148661",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-16xx/CVE-2023-1625.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-1625",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:43.577",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:57:28.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una fuga de informaci\u00f3n en OpenStack Heat. Este problema podr\u00eda permitir que un atacante remoto y autenticado utilice el comando 'stack show' para revelar par\u00e1metros que se supone deben permanecer ocultos. Esto tiene un impacto bajo en la confidencialidad, integridad y disponibilidad del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,22 +58,96 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openstack:heat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35EFBEEB-51E5-4202-A451-7C1B72E72497"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C52600BF-9E87-4CD2-91F3-685AFE478C1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-1625",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181621",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/openstack/heat/commit/a49526c278e52823080c7f3fcb72785b93fd4dcb",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://launchpad.net/bugs/1999665",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-233xx/CVE-2023-23362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23362",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-09-22T04:15:50.487",
"lastModified": "2023-09-22T13:24:08.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:03:46.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +80,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.4",
"versionEndExcluding": "4.5.4.2374",
"matchCriteriaId": "1A2FA593-DD2F-4A3E-ABD1-3DDA45F280B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.1",
"versionEndExcluding": "5.0.1.2376",
"matchCriteriaId": "EBEFE8FD-0419-4951-9728-382FAD96C8C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h4.5.4",
"versionEndExcluding": "h4.5.4.2374",
"matchCriteriaId": "C2A57CCE-9BB1-4E65-B4EC-97ECF574F326"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.0.1",
"versionEndExcluding": "h5.0.1.2376",
"matchCriteriaId": "BEF85F30-5F30-4DE5-9DEF-ABCBE1A507B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "c5.0.1",
"versionEndIncluding": "c5.0.1.2374",
"matchCriteriaId": "0837A154-0A11-481B-9356-B77387C53C2E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-18",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-326xx/CVE-2023-32614.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32614",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-09-25T16:15:13.800",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:44:23.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento del b\u00fafer en la funcionalidad create_png_object de Accusoft ImageGear 20.1. Un archivo con formato incorrecto especialmente manipulado puede provocar da\u00f1os en la memoria. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:accusoft:imagegear:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D503BC72-1F75-41FB-8CCF-ABFC640C3CC0"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1749",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-32xx/CVE-2023-3226.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-3226",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.187",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:49:11.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento Popup Builder de WordPress hasta la versi\u00f3n 4.1.15 no sanitiza y escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripnting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sygnoos:popup_builder:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1.15",
"matchCriteriaId": "829A9326-39EB-42E5-8D6E-8BDCCCA92D57"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/941a9aa7-f4b2-474a-84d9-9a74c99079e2",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-340xx/CVE-2023-34047.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34047",
"sourceIdentifier": "security@vmware.com",
"published": "2023-09-20T10:15:14.247",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:13:48.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spring:spring:*:*:*:*:*:graphql:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
"matchCriteriaId": "A6102CDA-D93F-4EE2-9B63-DC3254FB705B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spring:spring:*:*:*:*:*:graphql:*:*",
"versionStartIncluding": "1.2.0",
"versionEndIncluding": "1.2.2",
"matchCriteriaId": "BE140B29-6DCE-43FA-BF2D-C61A8D8F7C76"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2023-34047",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-383xx/CVE-2023-38346.json
View File

@ -2,27 +2,100 @@
"id": "CVE-2023-38346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:09.593",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:58:24.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7. La funci\u00f3n ``tarExtract`` implementa la extracci\u00f3n de archivos TAR y, por lo tanto, tambi\u00e9n procesa archivos dentro de un archivo que tienen rutas de archivo relativas o absolutas. Un desarrollador que utilice la funci\u00f3n \"tarExtract\" puede esperar que la funci\u00f3n elimine las barras diagonales iniciales de las rutas absolutas o detenga el procesamiento cuando encuentre rutas relativas que est\u00e9n fuera de la ruta de extracci\u00f3n, a menos que se fuerce lo contrario. Esto podr\u00eda dar lugar a un comportamiento inesperado y no documentado, que en general podr\u00eda dar lugar a un Directory Traversal y un comportamiento inesperado asociado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "01004955-97D1-4F7E-80D4-4B1509945FBF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F3497F9B-A721-4289-A49F-A19D0F7F0148"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://support2.windriver.com/index.php?page=security-notices",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-401xx/CVE-2023-40183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40183",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T15:15:10.197",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:59:41.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18.11",
"matchCriteriaId": "663C4AF0-7E54-43AE-9B19-031662BCEA62"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dataease/dataease/commit/826513053146721a2b3e09a9c9d3ea41f8f10569",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dataease/dataease/releases/tag/v1.18.11",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-w2r4-2r4w-fjxv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

83
CVE-2023/CVE-2023-406xx/CVE-2023-40618.json
View File

@ -2,19 +2,94 @@
"id": "CVE-2023-40618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T18:15:12.383",
"lastModified": "2023-09-20T18:27:45.307",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:09:16.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en OpenKnowledgeMaps Head Start versiones 4, 5, 6, 7 as\u00ed como Visual Project Explorer 1.0, permite a atacantes remotos ejecutar JavaScript arbitrario en el navegador web de un usuario, al incluir un payload malicioso en el par\u00e1metro 'servicio' en 'headstart_snapshot.php'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openknowledgemaps:head_start:4:*:*:*:*:*:*:*",
"matchCriteriaId": "25AD49A8-470C-4733-A330-6F51499EF0A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openknowledgemaps:head_start:5:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E7E532-628C-4086-A2AF-CB3EBC712F1E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openknowledgemaps:head_start:6:*:*:*:*:*:*:*",
"matchCriteriaId": "89754EAE-277E-4916-A81C-160017B87B42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openknowledgemaps:head_start:7:*:*:*:*:*:*:*",
"matchCriteriaId": "C97EBF11-737C-4DA0-92C7-3BE35319C320"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40618",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-410xx/CVE-2023-41027.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41027",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:09.880",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:28:27.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint.\n\n"
},
{
"lang": "es",
"value": "La divulgaci\u00f3n de credenciales en el endpoint '/webs/userpasswd.htm' en las versiones de firmware del router Wifi Juplink RX4-1500 V1.0.4 y V1.0.5 permite a un atacante autenticado filtrar la contrase\u00f1a de la cuenta administrativa mediante solicitudes al endpoint vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,47 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-credential-disclosure-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-410xx/CVE-2023-41029.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41029",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:10.957",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:27:48.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in the\u00a0homemng.htm endpoint\u00a0in\u00a0Juplink RX4-1500 Wifi router firmware versions\u00a0V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de comando en el endpoint homemng.htm en las versiones de firmware del router Wifi Juplink RX4-1500 V1.0.2, V1.0.3, V1.0.4 y V1.0.5 permite a atacantes remotos autenticados ejecutar comandos como root a trav\u00e9s de solicitudes HTTP especialmente manipuladas al endpoint vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC3F8E0-7228-4A73-B167-62DC28CF4908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-410xx/CVE-2023-41031.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41031",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:14.027",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:27:31.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."
},
{
"lang": "es",
"value": "La inyecci\u00f3n de comandos en homemng.htm en Juplink RX4-1500 versiones V1.0.2, V1.0.3, V1.0.4 y V1.0.5 permite a atacantes remotos autenticados ejecutar comandos a trav\u00e9s de solicitudes especialmente manipuladas al endpoint vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -71,10 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC3F8E0-7228-4A73-B167-62DC28CF4908"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41863",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T19:15:10.063",
"lastModified": "2023-09-26T11:17:59.483",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:36:16.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:peprodev:peprodev_cf7_database:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "AA1F6D23-A961-44F0-A9D5-1EEF2AB4209F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pepro-cf7-database/wordpress-peprodev-cf7-database-plugin-1-7-0-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41867",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T19:15:10.177",
"lastModified": "2023-09-26T11:17:55.947",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:36:32.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acymailing:acymailing:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.6.3",
"matchCriteriaId": "0927132A-681A-45AD-885E-C13E18EC2640"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/acymailing/wordpress-acymailing-plugin-8-6-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41868",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T19:15:10.280",
"lastModified": "2023-09-26T11:17:53.787",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:53:37.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codestag:stagtools:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.3.7",
"matchCriteriaId": "81F0299D-0D51-46E9-AFAC-56DAC46732C9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/stagtools/wordpress-stagtools-plugin-2-3-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41871",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T19:15:10.387",
"lastModified": "2023-09-26T11:17:50.123",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:49:28.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:poll_maker:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.7.0",
"matchCriteriaId": "9DCFC194-1EB9-495D-9C87-5D44EAECE9EF"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/poll-maker/wordpress-poll-maker-best-wordpress-poll-plugin-plugin-4-7-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-418xx/CVE-2023-41874.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41874",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T01:15:17.280",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:22:47.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <=\u00a03.20.0 versions."
},
{
"lang": "es",
"value": "No autorizado. Vulnerabilidad de Cross-Site Scripting (XSS) reflejada en Tyche Softwares Order Delivery Date para el complemento WooCommerce &lt;= versiones 3.20.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tychesoftwares:order_delivery_date_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.20.0",
"matchCriteriaId": "44D0E382-DD9D-49E5-920F-5EA2A45C729C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/order-delivery-date-for-woocommerce/wordpress-order-delivery-date-for-woocommerce-plugin-3-20-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-419xx/CVE-2023-41902.json
View File

@ -2,27 +2,100 @@
"id": "CVE-2023-41902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.217",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:00:18.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files."
},
{
"lang": "es",
"value": "Una vulnerabilidad de configuraci\u00f3n incorrecta de XPC en CoreCode MacUpdater anterior a 2.3.8 y 3.x anterior a 3.1.2 permite a los atacantes escalar privilegios mediante la creaci\u00f3n de archivos .pkg maliciosos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:corecode:macupdater:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.8",
"matchCriteriaId": "52C92317-407A-43F5-B8FF-F6142CA929B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:corecode:macupdater:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.1.2",
"matchCriteriaId": "E8D7388E-F308-4B21-818C-BF465A4D7E3F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.corecode.io/macupdater/history2.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.corecode.io/macupdater/history3.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

51
CVE-2023/CVE-2023-419xx/CVE-2023-41948.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41948",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T01:15:19.130",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:22:22.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <=\u00a01.6.0 versions."
},
{
"lang": "es",
"value": "Autenticaci\u00f3n. (admin+) Vulnerabilidad de Stored Cross-Site Scripting (XSS) en el complemento Christoph Rado Cookie Notice &amp; Consent &lt;= versiones 1.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:christophrado:cookie_notice_\\&_consent:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.0",
"matchCriteriaId": "F1BC1D00-0B11-4340-8AFE-621C9B893D69"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookie-notice-consent/wordpress-cookie-notice-consent-plugin-1-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-419xx/CVE-2023-41949.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41949",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-09-25T01:15:19.217",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:21:56.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <=\u00a01.5.0 versions."
},
{
"lang": "es",
"value": "Autenticaci\u00f3n. (admin+) Vulnerabilidad de Cross-Site Scripting (XSS) en el complemento Avirtum iFolders &lt;= versiones 1.5.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avirtum:ifolders:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.0",
"matchCriteriaId": "FE1E490F-A175-44F2-B524-B51967B1FFFD"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ifolders/wordpress-ifolders-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-41xx/CVE-2023-4148.json
View File

@ -2,18 +2,45 @@
"id": "CVE-2023-4148",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.760",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:45:04.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
},
{
"lang": "es",
"value": "El complemento Ditty WordPress anterior a la versi\u00f3n 3.1.25 no desinfecta ni escapa algunos par\u00e1metros y URL generadas antes de devolverlos en atributos, lo que genera secuencias de comandos reflejadas entre sitios que podr\u00edan usarse contra usuarios con privilegios elevados, como el administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -21,12 +48,44 @@
"value": "CWE-79"
}
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:metaphorcreations:ditty:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.25",
"matchCriteriaId": "0D0D4E5A-3A18-4B01-8286-1DDE121C4140"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/aa39de78-55b3-4237-84db-6fdf6820c58d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-422xx/CVE-2023-42261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T22:15:11.823",
"lastModified": "2023-09-23T04:15:11.757",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:21:13.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,26 +11,98 @@
},
{
"lang": "es",
"value": "Mobile Security Framework (MobSF) &lt;=v3.7.8 Beta es vulnerable a Permisos Inseguros."
"value": "** DISPUTA ** Mobile Security Framework (MobSF) &lt;=v3.7.8 Beta es vulnerable a permisos inseguros. NOTA: la posici\u00f3n del proveedor es que la autenticaci\u00f3n no se implementa intencionalmente porque el producto no est\u00e1 dise\u00f1ado para un entorno de red que no sea de confianza. Los casos de uso que requieran autenticaci\u00f3n podr\u00edan, por ejemplo, utilizar un servidor proxy inverso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.6",
"matchCriteriaId": "33891183-C56B-4054-8CC8-5AE4BF10C711"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensecurity:mobile_security_framework:3.7.8:beta:*:*:*:*:*:*",
"matchCriteriaId": "B56DF4FF-DDE6-493B-AD2D-90F6BB147E3B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/abb47659a19ac772765934f184c65fe16cb3bee7/docker-compose.yml#L30-L31",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1211",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/748",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

73
CVE-2023/CVE-2023-424xx/CVE-2023-42426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42426",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T21:15:15.640",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:39:54.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,80 @@
"value": "Vulnerabilidad de cross-site scripting (XSS) en Froala Froala Editor v.4.1.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del par\u00e1metro 'Insertar enlace' en el componente 'Insertar imagen'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:froala:froala_editor:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB68CF8-9500-4619-B1CF-32FE03ED6B61"
}
]
}
]
}
],
"references": [
{
"url": "http://froala.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/b0marek/CVE-2023-42426",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.youtube.com/watch?v=Me33Dx1_XqQ",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

64
CVE-2023/CVE-2023-424xx/CVE-2023-42456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42456",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T16:15:09.980",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:18:33.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,14 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:memorysafety:sudo:*:*:*:*:*:rust:*:*",
"versionEndExcluding": "0.2.1",
"matchCriteriaId": "B8E119A1-5AFE-4E8E-AB2A-889307A83799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

95
CVE-2023/CVE-2023-427xx/CVE-2023-42753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T21:15:15.923",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:44:17.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,18 +58,83 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5",
"matchCriteriaId": "9E3BCCDE-3830-434C-9D47-F8B46B03DEFA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42753",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239843",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/22/10",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
}
]
}

65
CVE-2023/CVE-2023-427xx/CVE-2023-42798.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42798",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T16:15:09.753",
"lastModified": "2023-09-22T16:38:32.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:34:42.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hollowaykeanho:automataci:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"matchCriteriaId": "38ABEABE-2FD7-4B8C-B5B2-DDC892D2CE75"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ChewKeanHo/AutomataCI/issues/93",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/ChewKeanHo/AutomataCI/security/advisories/GHSA-6q23-vhhg-8h89",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-428xx/CVE-2023-42806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T17:15:23.583",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:41:00.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iohk:hydra:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.13.0",
"matchCriteriaId": "556BF21B-9F61-4C1D-BD51-A2EC64EA1CE7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/HeadLogic.hs#L357",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-node/src/Hydra/Snapshot.hs#L50-L54",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/blob/ec6c7a2ab651462228475d0b34264e9a182c22bb/hydra-plutus/src/Hydra/Contract/Head.hs#L583-L599",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-gr36-mc6v-72qq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-428xx/CVE-2023-42811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42811",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T16:15:10.583",
"lastModified": "2023-09-22T17:15:14.397",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:33:51.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aes-gcm_project:aes-gcm:*:*:*:*:*:rust:*:*",
"versionStartIncluding": "0.10.0",
"versionEndExcluding": "0.10.3",
"matchCriteriaId": "A3BCA7D5-B854-4222-A64F-FC7E60029662"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-428xx/CVE-2023-42817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42817",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-25T19:15:10.493",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:57:45.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.1.2",
"matchCriteriaId": "60E1D658-E228-45EC-9B34-0DA4F469A1AC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/abd7739298f974319e3cac3fd4fcd7f995b63e4c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-m988-7375-7g2c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-428xx/CVE-2023-42821.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T17:15:14.990",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:59:06.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue."
},
{
"lang": "es",
"value": "El paquete `github.com/gomarkdown/markdown` es una liber\u00eda Go para analizar texto Markdown y representarlo como HTML. Antes de la pseudoversi\u00f3n `0.0.0-20230922105210-14b16010c2ee`, que corresponde con el commit `14b16010c2ee7ff33a940a541d993bd043a88940`, analizando el markdown con formato incorrecto con un analizador que utiliza la extensi\u00f3n parser.Mmark podr\u00eda resultar en una vulnerabilidad de lectura fuera de los l\u00edmites. Para explotar la vulnerabilidad, el analizador debe tener configurada la extensi\u00f3n `parser.Mmark`. El p\u00e1nico ocurre dentro del archivo `citation.go` en la l\u00ednea 69 cuando el analizador intenta acceder al elemento m\u00e1s all\u00e1 de su longitud. Esto puede resultar en una denegaci\u00f3n de servicio. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contiene un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +68,57 @@
"value": "CWE-125"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gomarkdown:markdown:-:*:*:*:*:go:*:*",
"matchCriteriaId": "0982DB0A-C064-4EEE-814A-730F890C5F6F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gomarkdown/markdown/blob/7478c230c7cd3e7328803d89abe591d0b61c41e4/parser/citation.go#L69",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-42xx/CVE-2023-4238.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4238",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.837",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:44:42.280",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server."
},
{
"lang": "es",
"value": "El complemento Impedir el acceso a archivos/carpetas de WordPress anteriores a 2.5.2 no valida los archivos que se cargar\u00e1n, lo que podr\u00eda permitir a los atacantes cargar archivos arbitrarios como PHP en el servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miniorange:prevent_files_\\/_folders_access:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.2",
"matchCriteriaId": "90699DDE-E529-4C9B-A598-6F6C544B38D1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-42xx/CVE-2023-4281.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4281",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:14.923",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:44:07.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic."
},
{
"lang": "es",
"value": "Este complemento de WordPress de registro de actividad anterior a 2.8.8 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para ocultar la fuente del tr\u00e1fico malicioso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activity_log_project:activity_log:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.8",
"matchCriteriaId": "2E45DBD5-954F-47B2-9F03-3BDDDE0FD0C1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/f5ea6c8a-6b07-4263-a1be-dd033f078d49",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-431xx/CVE-2023-43129.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43129",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T23:15:09.483",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:27:14.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters."
},
{
"lang": "es",
"value": "El router inal\u00e1mbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyecci\u00f3n de comandos debido al filtrado laxo de los par\u00e1metros REMOTE_PORT."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-806_firmware:100cnb11:*:*:*:*:*:*:*",
"matchCriteriaId": "292887DC-FC69-4159-9123-AFF5F8CC5797"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-806:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E87253-0A09-40DC-BC77-8DECE8939684"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mmmmmx1/dlink/blob/main/DIR-806/2/readme.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-431xx/CVE-2023-43130.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43130",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T23:15:10.050",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:26:58.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection."
},
{
"lang": "es",
"value": "El router inal\u00e1mbrico D-LINK DIR-806 1200M11AC DIR806A1_FW100CNb11 es vulnerable a la inyecci\u00f3n de comandos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-806_firmware:100cnb11:*:*:*:*:*:*:*",
"matchCriteriaId": "292887DC-FC69-4159-9123-AFF5F8CC5797"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-806:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80E87253-0A09-40DC-BC77-8DECE8939684"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/mmmmmx1/dlink/tree/main/DIR-806/3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-431xx/CVE-2023-43132.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43132",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T21:15:16.250",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:48:58.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "szvone vmqphp &lt;=1.13 es vulnerable a la inyecci\u00f3n SQL. Los usuarios remotos no autorizados pueden utilizar ataques de inyecci\u00f3n SQL para obtener el hash de la contrase\u00f1a del administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:szvone:vmqphp:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.13",
"matchCriteriaId": "F2C1236C-BCE5-4A2C-B3E9-163152561C19"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/8FishMan/a37417d1fd97046fb00eb11a257008a7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gist.github.com/8FishMan/d42032b1cdcf401a9c27532aa72ccb37",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/szvone/vmqphp",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-432xx/CVE-2023-43278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43278",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T23:15:10.703",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:38:05.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Un Cross-Site Request Forgery (CSRF) en admin_manager.php de Seacms hasta v12.8 permite a los atacantes agregar arbitrariamente una cuenta de administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:seacms:seacms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.8",
"matchCriteriaId": "1387A5B3-00DF-47D3-8482-136F59D91D77"
}
]
}
]
}
],
"references": [
{
"url": "http://seacms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://blog.csdn.net/sugaryzheng/article/details/133283101?spm=1001.2014.3001.5501",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.seacms.net/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

64
CVE-2023/CVE-2023-433xx/CVE-2023-43319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43319",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T19:15:10.587",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:37:04.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en la p\u00e1gina de inicio de sesi\u00f3n de IceWarp WebClient 10.3.5 permite a los atacantes ejecutar scripts web arbitrarias o HTML a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de nombre de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icewarp:webclient:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "22F50388-540E-46AD-B499-D5BA66022C20"
}
]
}
]
}
],
"references": [
{
"url": "https://medium.com/@muthumohanprasath.r/reflected-cross-site-scripting-on-icewarp-webclient-product-cve-2023-43319-c2ad758ac2bc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-433xx/CVE-2023-43325.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43325",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-26T00:15:10.593",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:37:19.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en el par\u00e1metro data[redirect_url] de mooSocial v3.1.8 permite a los atacantes robar las cookies de sesi\u00f3n del usuario y hacerse pasar por su cuenta a trav\u00e9s de una URL manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFC6658-3CF4-4FDA-B119-2A0687F3F5A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-43325",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://moosocial.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://travel.moosocial.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-433xx/CVE-2023-43326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43326",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T22:15:10.943",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:38:16.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que mooSocial v3.1.8 contiene una vulnerabilidad de cross-site scripting (XSS) a trav\u00e9s de la funci\u00f3n de cambio de correo electr\u00f3nico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFC6658-3CF4-4FDA-B119-2A0687F3F5A2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ahrixia/CVE-2023-43326",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://moosocial.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-433xx/CVE-2023-43338.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-43338",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.170",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:25:26.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Cesanta mjs v2.20.0 conten\u00eda una vulnerabilidad de secuestro de puntero de funci\u00f3n a trav\u00e9s de la funci\u00f3n mjs_get_ptr(). Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cesanta:mjs:2.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8D39F6-ACB1-46F8-87CF-1B41EFC157BE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cesanta/mjs/issues/250",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-433xx/CVE-2023-43339.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2023-43339",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.640",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:46:47.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Scripting (XSS) en cmsmadesimple v.2.2.18 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado inyectado en los componentes Nombre de la base de datos, Usuario de la base de datos o Puerto de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cmsmadesimple:cmsmadesimple:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB3581E-8935-4576-B21A-F03A45256E22"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.cmsmadesimple.org/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/sromanhu/CVE-2023-43339-CMSmadesimple-Reflected-XSS---Installation/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/sromanhu/Cmsmadesimple-CMS-Stored-XSS/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-433xx/CVE-2023-43382.json
View File

@ -2,27 +2,92 @@
"id": "CVE-2023-43382",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T16:15:14.703",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:46:32.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function."
},
{
"lang": "es",
"value": "Vulnerabilidad de directory traversal en itechyou dreamer CMS v.4.1.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de themePath en la funci\u00f3n uploaded template."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iteachyou:dreamer_cms:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "113EEBC1-2B91-4AE0-995F-E24A4AD607BC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://aecous.github.io/2023/09/17/Text/?password=Aecous",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gist.github.com/Aecous/7c6524859d624c00f4a975ecd5a743a7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://gitee.com/iteachyou/dreamer_cms/issues/I821AI",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

69
CVE-2023/CVE-2023-434xx/CVE-2023-43458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43458",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T20:15:11.557",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:47:14.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Resort Reservation System v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n sensible a trav\u00e9s de los par\u00e1metros de habitaci\u00f3n, nombre y descripci\u00f3n en la funci\u00f3n administrar_habitaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:resort_reservation_system_project:resort_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57B25E14-73A3-436D-900D-0E09E0A423DE"
}
]
}
]
}
],
"references": [
{
"url": "https://samh4cks.github.io/posts/cve-2023-43458/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.sourcecodester.com/php/16447/resort-reservation-system-php-and-sqlite3-source-code-free-download.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

64
CVE-2023/CVE-2023-436xx/CVE-2023-43633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43633",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.330",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:07:19.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -54,10 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lfedge:eve:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.6.0",
"matchCriteriaId": "95D311A8-5FBD-49AF-AD11-8B78420BAEAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lfedge:eve:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.5.0",
"matchCriteriaId": "A3648A14-186C-4E6A-AA73-7D2F5C78019D"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/debug-functions-unlockable-without-triggering-measured-boot/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-436xx/CVE-2023-43634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43634",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.477",
"lastModified": "2023-09-21T16:08:49.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:05:34.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -54,10 +84,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lfedge:eve:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.6.0",
"matchCriteriaId": "95D311A8-5FBD-49AF-AD11-8B78420BAEAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:lfedge:eve:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.5.0",
"matchCriteriaId": "A3648A14-186C-4E6A-AA73-7D2F5C78019D"
}
]
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/config-partition-not-protected-by-measured-boot/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-436xx/CVE-2023-43642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43642",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-25T20:15:11.723",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:46:35.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.10.4",
"matchCriteriaId": "A4D939A7-FF7A-4C6D-A2B5-D9D3C9D02023"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
}
]
}

122
CVE-2023/CVE-2023-436xx/CVE-2023-43644.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43644",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-25T20:15:11.977",
"lastModified": "2023-09-26T12:45:48.413",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:45:28.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,106 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.5",
"matchCriteriaId": "4972A756-DC5E-43FB-B620-E427D21C2C75"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "ADAC3151-F2C5-4980-A536-98BDDDD8E3ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D264A330-9D7F-43C3-856E-3396ACC0833A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "2504CDDA-98C0-468C-9086-A5E1751F5DEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "D8EDF2D9-103D-45AD-ACCD-C6DF4BB9A404"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3300566A-5BD3-4A71-AF67-E531E3370BAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "75092672-6335-4EEF-A93C-AE2AA748D7CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "703D6A00-02E1-4106-AB7F-97DC45765EFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "216B8A68-7463-4C0C-9076-AAB69D05C366"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "13845DC3-7381-49F4-A247-AA568E451078"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "2892FCCF-A001-4466-8070-62CD7EBE1B28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2BC1E39F-E7D8-41C9-B64A-2241A540D543"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "2C1725F2-4B98-46F1-8EF2-11E42C3B6260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "91E7CBF9-8577-4F59-83D4-1505AED807B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "31FA3E9E-8ED2-4DDF-93DB-8F0325DDD752"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sagernet:sing-box:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "8C21D94A-A22B-46E5-987B-304920106669"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SagerNet/sing-box/security/advisories/GHSA-r5hm-mp3j-285g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

176
CVE-2023/CVE-2023-437xx/CVE-2023-43760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43760",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.240",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:51:03.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,181 @@
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s de un archivo PE32 difuso. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

176
CVE-2023/CVE-2023-437xx/CVE-2023-43761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43761",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.457",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:51:14.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,181 @@
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio (bucle infinito). Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

83
CVE-2023/CVE-2023-437xx/CVE-2023-43762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43762",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.530",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:06:14.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,88 @@
"value": "Ciertos productos WithSecure permiten la Ejecuci\u00f3n Remota de C\u00f3digo No Autenticado a trav\u00e9s del servidor web (backend), n\u00famero 1 de 2. Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "3D9F1F8D-83A9-45F3-8663-C74C01680DEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*",
"matchCriteriaId": "B9339090-9BBC-42D7-8754-A450AB7F51E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "FAF05F1B-0F21-45E4-B5D6-16E70F60B65F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*",
"matchCriteriaId": "7CD6A445-7C2D-43DE-89DC-9B98EB4835FB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

73
CVE-2023/CVE-2023-437xx/CVE-2023-43763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43763",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.630",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:17:46.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Ciertos productos WithSecure permiten XSS a trav\u00e9s de un par\u00e1metro no validado en endpoint. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "3D9F1F8D-83A9-45F3-8663-C74C01680DEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*",
"matchCriteriaId": "B9339090-9BBC-42D7-8754-A450AB7F51E5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

73
CVE-2023/CVE-2023-437xx/CVE-2023-43764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.720",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:40:45.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Ciertos productos WithSecure permiten la Ejecuci\u00f3n Remota de C\u00f3digo No Autenticado a trav\u00e9s del servidor web (backend), n\u00famero 2 de 2. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*",
"matchCriteriaId": "3D9F1F8D-83A9-45F3-8663-C74C01680DEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*",
"matchCriteriaId": "B9339090-9BBC-42D7-8754-A450AB7F51E5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

176
CVE-2023/CVE-2023-437xx/CVE-2023-43765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43765",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.793",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:52:04.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,181 @@
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio en el componente aeelf. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

176
CVE-2023/CVE-2023-437xx/CVE-2023-43766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.867",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:51:56.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,181 @@
"value": "Ciertos productos WithSecure permiten la escalada de privilegios Locales a trav\u00e9s del controlador de descompresi\u00f3n de archivos lhz. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

176
CVE-2023/CVE-2023-437xx/CVE-2023-43767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43767",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T05:15:09.937",
"lastModified": "2023-09-22T10:59:53.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:51:32.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,181 @@
"value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s del controlador de descompresi\u00f3n del archivo aepack. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_protection:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B5DD2D-9D5C-4475-8E8D-24950C7C5E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:linux_security_64:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA4ED9C-9739-435C-940E-97D6B18F217A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:atlant:1.0.35-1:*:*:*:*:*:*:*",
"matchCriteriaId": "17C9517C-5EAD-4039-A80F-934D658143DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:email_and_server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "75B976BB-2359-472B-8A70-4B854C2E6749"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:server_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "96BF356E-12D9-4E39-AFAE-E7B03C8D7700"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:client_security:15.00:*:*:*:*:*:*:*",
"matchCriteriaId": "13507004-1DD0-4DB3-B152-DA23CE1317E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"matchCriteriaId": "F24DCDA1-6736-4CAC-A626-5871A6FEB283"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

105
CVE-2023/CVE-2023-437xx/CVE-2023-43770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43770",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T06:15:10.090",
"lastModified": "2023-09-22T14:15:46.093",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:42:07.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,112 @@
"value": "Roundcube anterior a 1.4.14, 1.5.x anterior a 1.5.4 y 1.6.x anterior a 1.6.3 permiten XSS a trav\u00e9s de mensajes de texto/correo electr\u00f3nico plano con enlaces manipuados debido al comportamiento de program/lib/Roundcube/rcube_string_replacer.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.14",
"matchCriteriaId": "98F5DF3C-3CA0-4E0F-9C8A-7B18F3AEDB77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.0",
"versionEndExcluding": "1.5.4",
"matchCriteriaId": "772EC31F-EAC3-455E-953F-8FC04EA2A186"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndExcluding": "1.6.3",
"matchCriteriaId": "463446A7-DA28-41D3-B358-FA3BEBD6397E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00024.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://roundcube.net/news/2023/09/15/security-update-1.6.3-released",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-437xx/CVE-2023-43784.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43784",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T06:15:10.827",
"lastModified": "2023-09-22T13:24:08.480",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T15:50:16.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,73 @@
"value": "** DISPUTA ** Plesk Onyx 17.8.11 tiene campos accessKeyId y secretAccessKey que est\u00e1n relacionados con un componente de Amazon AWS Firehose. NOTA: la posici\u00f3n del proveedor es que no existe ninguna amenaza para la seguridad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plesk:onyx:17.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E3884F-3CB1-4485-A1D3-CEE043E42E81"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://talk.plesk.com/threads/why-in-plesk-firehouse-aws-keys-are-public.369925/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-43xx/CVE-2023-4300.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4300",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.000",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:44:32.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution."
},
{
"lang": "es",
"value": "El complemento de WordPress Import XML y RSS Feeds anterior a 2.1.4 no filtra las extensiones de archivos para los archivos cargados, lo que permite a un atacante cargar un archivo PHP malicioso, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.4",
"matchCriteriaId": "BB226814-58BF-4E4B-B960-75DC1F4CB477"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-44xx/CVE-2023-4476.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4476",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.070",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:42:49.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
},
{
"lang": "es",
"value": "El complemento de WordPress Locatoraid Store Locator anterior a 3.9.24 no sanitiza y escapa del par\u00e1metro lpr-search antes de devolverlo a la p\u00e1gina, lo que genera un cross site scripnting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador.\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plainware:locatoraid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.24",
"matchCriteriaId": "CF447151-8237-471F-AF42-0BD5B0AB16F3"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3ca22b22-fe89-42be-94ec-b164838bcf50",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-44xx/CVE-2023-4490.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4490",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.137",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:42:40.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users"
},
{
"lang": "es",
"value": "El complemento de WordPress WP Job Portal hasta la versi\u00f3n 2.0.3 no sanitiza y escapa un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios no autenticados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "146056D3-6ECD-48BD-B17D-0F585355AAE4"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/986024f0-3c8d-44d8-a9c9-1dd284d7db0d",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-45xx/CVE-2023-4502.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4502",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.217",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:42:22.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters."
},
{
"lang": "es",
"value": "El complemento Translate WordPress con GTranslate WordPress anterior a 3.0.4 no sanitiza y escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de cross site scripting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, configuraci\u00f3n en multisitio). Esta vulnerabilidad afecta a m\u00faltiples par\u00e1metros."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.4",
"matchCriteriaId": "A0259C3D-F814-41CF-89ED-E558698AE3FB"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e4804850-2ac2-4cec-bc27-07ed191d96da",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

86
CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4504",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-09-21T23:15:12.293",
"lastModified": "2023-09-23T16:15:20.993",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:16:44.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,11 +11,44 @@
},
{
"lang": "es",
"value": "Debido a un error al validar la longitud proporcionada por un documento PostScript manipula por un atacante, CUPS y libppd son susceptibles a un Desbordamiento del B\u00fafer y posiblemente a la ejecuci\u00f3n de c\u00f3digo. Este problema se solucion\u00f3 en la versi\u00f3n 2.4.7 de CUPS, lanzada en Septiembre de 2023."
"value": "Debido a un error al validar la longitud proporcionada por un documento PPD PostScript creado por un atacante, CUPS y libppd son susceptibles a un desbordamiento del b\u00fafer y posiblemente a la ejecuci\u00f3n de c\u00f3digo. Este problema se solucion\u00f3 en la versi\u00f3n 2.4.7 de CUPS, lanzada en septiembre de 2023."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve@takeonme.org",
"type": "Secondary",
@ -27,22 +60,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.4.7",
"matchCriteriaId": "8ED9EF47-64F8-4C9F-BD01-38E61B622052"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openprinting:libppd:2.0:rc2:*:*:*:linux:*:*",
"matchCriteriaId": "4656F9B5-8D8A-465A-AAF2-3B2AAFD04E35"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://takeonme.org/cves/CVE-2023-4504.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Exploit"
]
}
]
}

57
CVE-2023/CVE-2023-45xx/CVE-2023-4521.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4521",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.297",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:42:06.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version."
},
{
"lang": "es",
"value": "El complemento de WordPress Import XML and RSS Feeds anterior a 2.1.5 contiene un shell web que permite a atacantes no autenticados realizar RCE. El complemento/proveedor no se vio comprometido y los archivos son el resultado de ejecutar una PoC para un problema informado anteriormente (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) y no eliminar los archivos creados cuando lanzando la nueva versi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.5",
"matchCriteriaId": "CB86B8CC-1AF8-48F7-A2DC-ED9DB255042C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/de2cdb38-3a9f-448e-b564-a798d1e93481",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-45xx/CVE-2023-4549.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4549",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.377",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T14:41:52.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form."
},
{
"lang": "es",
"value": "El complemento DoLogin Security para WordPress anterior a 3.7 no sanitiza adecuadamente las direcciones IP provenientes del encabezado X-Forwarded-For, que los atacantes pueden utilizar para realizar ataques XSS almacenados a trav\u00e9s del formulario de inicio de sesi\u00f3n de WordPress."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdo5ea:dologin_security:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "D6D555E3-3639-4040-97F7-0A21CC3CDF5C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/8aebead0-0eab-4d4e-8ceb-8fea0760374f",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-46xx/CVE-2023-4631.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-4631",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-25T16:15:15.450",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:00:02.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing."
},
{
"lang": "es",
"value": "El complemento DoLogin Security de WordPress anterior a 3.7 utiliza encabezados como X-Forwarded-For para recuperar la direcci\u00f3n IP de la solicitud, lo que podr\u00eda provocar una suplantaci\u00f3n de IP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "contact@wpscan.com",
@ -23,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdo5ea:dologin_security:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "D6D555E3-3639-4040-97F7-0A21CC3CDF5C"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/28613fc7-1400-4553-bcc3-24df1cee418e",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-47xx/CVE-2023-4760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4760",
"sourceIdentifier": "emo@eclipse.org",
"published": "2023-09-21T08:15:09.403",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:09:03.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "emo@eclipse.org",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "emo@eclipse.org",
"type": "Secondary",
@ -54,14 +84,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:remote_application_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndIncluding": "3.25.0",
"matchCriteriaId": "11B55478-B8C8-47E0-B87D-7A02BB498FCD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-rap/org.eclipse.rap/pull/141",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/160",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

119
CVE-2023/CVE-2023-51xx/CVE-2023-5146.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5146",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-25T00:15:11.300",
"lastModified": "2023-09-25T01:35:47.210",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T14:54:53.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240242 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** ** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Se encontr\u00f3 una vulnerabilidad en D-Link DAR-7000 y DAR-8000 hasta 20151231 y se clasific\u00f3 como cr\u00edtica. Una funci\u00f3n desconocida del archivo /sysmanage/updatelib.php es afectada por este problema. La manipulaci\u00f3n del argumento file_upload conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-240242 es el identificador asignado a esta vulnerabilidad. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,26 +97,105 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-7000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20151231",
"matchCriteriaId": "4836497D-D886-4025-B250-F70132145453"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1500AB3C-D11B-4683-86AC-FEB6AF6AD69F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dar-8000_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "20151231",
"matchCriteriaId": "A16E2C03-B169-4CAD-BAC7-951E0C1C62AD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dar-8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E74A904C-319A-4DC0-A0E2-2247272C68DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-7000_upload_%20updatelib.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/llixixi/cve/blob/main/D-LINK-DAR-8000-10_upload_%20updatelib.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.240242",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.240242",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

101
CVE-2023/CVE-2023-51xx/CVE-2023-5156.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5156",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T16:15:15.613",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T15:02:42.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en la librer\u00eda GNU C. Una soluci\u00f3n reciente para CVE-2023-4806 introdujo la posibilidad de una p\u00e9rdida de memoria, lo que puede provocar un bloqueo de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,22 +58,87 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.39",
"matchCriteriaId": "9B07E72A-FA10-49C2-BBE3-468AF836A462"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5156",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240541",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=30884",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ec6b95c3303c700eb89eebeda2d7264cc184a796",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

69
CVE-2023/CVE-2023-51xx/CVE-2023-5158.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5158",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T16:15:15.690",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-26T15:58:02.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en vringh_kiov_advance en drivers/vhost/vringh.c en el lado del host de un virtio ring en el kernel de Linux. Este problema puede provocar una denegaci\u00f3n de servicio del hu\u00e9sped al anfitri\u00f3n a trav\u00e9s de un descriptor de longitud cero.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,14 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.12.19",
"matchCriteriaId": "7882C22D-02DD-4595-8576-BD42F6A8A410"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5158",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240561",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
}
]
}

63
CVE-2023/CVE-2023-51xx/CVE-2023-5165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5165",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:15.773",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:50:49.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. \n\nThis issue has been fixed in Docker Desktop 4.23.0. \n\nAffected Docker Desktop versions: from 4.13.0 before 4.23.0.\n"
},
{
"lang": "es",
"value": "Docker Desktop anterior a 4.23.0 permite a un usuario sin privilegios evitar las restricciones de Enhanced Container Isolation (ECI) a trav\u00e9s del shell de depuraci\u00f3n, al que permanece accesible durante un breve per\u00edodo de tiempo despu\u00e9s de iniciar Docker Desktop. La funcionalidad afectada est\u00e1 disponible solo para clientes de Docker Business y asume un entorno donde los usuarios no reciben privilegios de administrador o root local. Este problema se solucion\u00f3 en Docker Desktop 4.23.0. Versiones de Docker Desktop afectadas: desde 4.13.0 anterior a 4.23.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "security@docker.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security@docker.com",
"type": "Secondary",
@ -50,10 +84,33 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.13.0",
"versionEndExcluding": "4.23.0",
"matchCriteriaId": "B958322D-1E03-46F3-9AFA-0467DE4DC4EC"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4230",
"source": "security@docker.com"
"source": "security@docker.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-51xx/CVE-2023-5166.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5166",
"sourceIdentifier": "security@docker.com",
"published": "2023-09-25T16:15:15.857",
"lastModified": "2023-09-25T16:16:30.717",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-26T15:51:51.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.\n\nThis issue affects Docker Desktop: before 4.23.0.\n\n"
},
{
"lang": "es",
"value": "Docker Desktop anterior a 4.23.0 permite el robo de tokens de acceso a trav\u00e9s de una URL de icono de extensi\u00f3n manipulada. Este problema afecta a Docker Desktop: versiones anteriores a 4.23.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@docker.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@docker.com",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.23.0",
"matchCriteriaId": "4C2CEE04-40A4-4B41-A543-CC5695DAB0CF"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.docker.com/desktop/release-notes/#4230",
"source": "security@docker.com"
"source": "security@docker.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-26T14:00:24.883345+00:00
2023-09-26T16:00:25.284962+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-26T13:49:34.530000+00:00
2023-09-26T15:58:02.723000+00:00
```
### Last Data Feed Release
@ -40,33 +40,33 @@ Recently added CVEs: `0`
### CVEs modified in the last Commit
Recently modified CVEs: `30`
Recently modified CVEs: `71`
* [CVE-2022-3874](CVE-2022/CVE-2022-38xx/CVE-2022-3874.json) (`2023-09-26T13:49:34.530`)
* [CVE-2023-42817](CVE-2023/CVE-2023-428xx/CVE-2023-42817.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43319](CVE-2023/CVE-2023-433xx/CVE-2023-43319.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43458](CVE-2023/CVE-2023-434xx/CVE-2023-43458.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43642](CVE-2023/CVE-2023-436xx/CVE-2023-43642.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43644](CVE-2023/CVE-2023-436xx/CVE-2023-43644.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-42426](CVE-2023/CVE-2023-424xx/CVE-2023-42426.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43132](CVE-2023/CVE-2023-431xx/CVE-2023-43132.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43457](CVE-2023/CVE-2023-434xx/CVE-2023-43457.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-5129](CVE-2023/CVE-2023-51xx/CVE-2023-5129.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43326](CVE-2023/CVE-2023-433xx/CVE-2023-43326.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-4258](CVE-2023/CVE-2023-42xx/CVE-2023-4258.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-38907](CVE-2023/CVE-2023-389xx/CVE-2023-38907.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43278](CVE-2023/CVE-2023-432xx/CVE-2023-43278.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-43325](CVE-2023/CVE-2023-433xx/CVE-2023-43325.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-4259](CVE-2023/CVE-2023-42xx/CVE-2023-4259.json) (`2023-09-26T12:45:48.413`)
* [CVE-2023-39640](CVE-2023/CVE-2023-396xx/CVE-2023-39640.json) (`2023-09-26T12:45:55.280`)
* [CVE-2023-40581](CVE-2023/CVE-2023-405xx/CVE-2023-40581.json) (`2023-09-26T12:45:55.280`)
* [CVE-2023-43782](CVE-2023/CVE-2023-437xx/CVE-2023-43782.json) (`2023-09-26T13:05:39.297`)
* [CVE-2023-43771](CVE-2023/CVE-2023-437xx/CVE-2023-43771.json) (`2023-09-26T13:09:31.350`)
* [CVE-2023-43090](CVE-2023/CVE-2023-430xx/CVE-2023-43090.json) (`2023-09-26T13:10:22.500`)
* [CVE-2023-23364](CVE-2023/CVE-2023-233xx/CVE-2023-23364.json) (`2023-09-26T13:13:26.473`)
* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-09-26T13:20:27.583`)
* [CVE-2023-23363](CVE-2023/CVE-2023-233xx/CVE-2023-23363.json) (`2023-09-26T13:41:02.627`)
* [CVE-2023-43767](CVE-2023/CVE-2023-437xx/CVE-2023-43767.json) (`2023-09-26T14:51:32.377`)
* [CVE-2023-43766](CVE-2023/CVE-2023-437xx/CVE-2023-43766.json) (`2023-09-26T14:51:56.633`)
* [CVE-2023-43765](CVE-2023/CVE-2023-437xx/CVE-2023-43765.json) (`2023-09-26T14:52:04.797`)
* [CVE-2023-41868](CVE-2023/CVE-2023-418xx/CVE-2023-41868.json) (`2023-09-26T14:53:37.590`)
* [CVE-2023-5146](CVE-2023/CVE-2023-51xx/CVE-2023-5146.json) (`2023-09-26T14:54:53.567`)
* [CVE-2023-1625](CVE-2023/CVE-2023-16xx/CVE-2023-1625.json) (`2023-09-26T14:57:28.787`)
* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-26T14:58:24.360`)
* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-26T14:59:06.790`)
* [CVE-2023-40183](CVE-2023/CVE-2023-401xx/CVE-2023-40183.json) (`2023-09-26T14:59:41.697`)
* [CVE-2023-4631](CVE-2023/CVE-2023-46xx/CVE-2023-4631.json) (`2023-09-26T15:00:02.983`)
* [CVE-2023-41902](CVE-2023/CVE-2023-419xx/CVE-2023-41902.json) (`2023-09-26T15:00:18.523`)
* [CVE-2023-5156](CVE-2023/CVE-2023-51xx/CVE-2023-5156.json) (`2023-09-26T15:02:42.643`)
* [CVE-2023-43762](CVE-2023/CVE-2023-437xx/CVE-2023-43762.json) (`2023-09-26T15:06:14.940`)
* [CVE-2023-43763](CVE-2023/CVE-2023-437xx/CVE-2023-43763.json) (`2023-09-26T15:17:46.050`)
* [CVE-2023-43764](CVE-2023/CVE-2023-437xx/CVE-2023-43764.json) (`2023-09-26T15:40:45.620`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2023-09-26T15:42:07.133`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-09-26T15:44:17.537`)
* [CVE-2023-43644](CVE-2023/CVE-2023-436xx/CVE-2023-43644.json) (`2023-09-26T15:45:28.193`)
* [CVE-2023-43642](CVE-2023/CVE-2023-436xx/CVE-2023-43642.json) (`2023-09-26T15:46:35.600`)
* [CVE-2023-43458](CVE-2023/CVE-2023-434xx/CVE-2023-43458.json) (`2023-09-26T15:47:14.577`)
* [CVE-2023-43784](CVE-2023/CVE-2023-437xx/CVE-2023-43784.json) (`2023-09-26T15:50:16.683`)
* [CVE-2023-5165](CVE-2023/CVE-2023-51xx/CVE-2023-5165.json) (`2023-09-26T15:50:49.217`)
* [CVE-2023-5166](CVE-2023/CVE-2023-51xx/CVE-2023-5166.json) (`2023-09-26T15:51:51.887`)
* [CVE-2023-42817](CVE-2023/CVE-2023-428xx/CVE-2023-42817.json) (`2023-09-26T15:57:45.363`)
* [CVE-2023-5158](CVE-2023/CVE-2023-51xx/CVE-2023-5158.json) (`2023-09-26T15:58:02.723`)
## Download and Usage