admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-04T18:00:26.115710+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-04 18:00:29 +00:00
parent e8bdf3b294
commit c20d2c0993
74 changed files with 43352 additions and 308 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-360xx/CVE-2020-36062.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36062", "id": "CVE-2020-36062",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-02-11T16:15:08.557", "published": "2022-02-11T16:15:08.557",
"lastModified": "2022-02-18T01:57:24.543", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47D23DC0-4F7B-421D-A24F-B40A4406ADB3" "matchCriteriaId": "6772CE9E-56D7-4CC7-9E1A-97E740D2D000"
} }
] ]
} }

55
CVE-2021/CVE-2021-37xx/CVE-2021-3784.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-3784",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:09.940",
"lastModified": "2023-10-04T16:15:09.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/garuda-linux-improper-authorization",
"source": "cve-coordination@incibe.es"
}
]
}

6
CVE-2022/CVE-2022-289xx/CVE-2022-28992.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-28992", "id": "CVE-2022-28992",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-05-20T13:15:15.350", "published": "2022-05-20T13:15:15.350",
"lastModified": "2022-05-26T14:16:01.933", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:online_banquet_booking_system_project:online_banquet_booking_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:online_banquet_booking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F48CBE0-DE29-48FA-9BB2-93FBCC1EF212" "matchCriteriaId": "52AD55AE-55B7-4780-B064-648A8D67734D"
} }
] ]
} }

6
CVE-2022/CVE-2022-290xx/CVE-2022-29006.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29006", "id": "CVE-2022-29006",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-05-11T14:15:07.947", "published": "2022-05-11T14:15:07.947",
"lastModified": "2022-10-12T02:45:13.413", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:directory_management_system_project:directory_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:directory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94A92032-525A-499E-9B5A-EA6933C82BA5" "matchCriteriaId": "77986F29-8C0B-4B73-BD32-6A610A89C64B"
} }
] ]
} }

6
CVE-2022/CVE-2022-290xx/CVE-2022-29007.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29007", "id": "CVE-2022-29007",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-05-11T14:15:07.987", "published": "2022-05-11T14:15:07.987",
"lastModified": "2022-10-12T02:45:41.050", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47D23DC0-4F7B-421D-A24F-B40A4406ADB3" "matchCriteriaId": "6772CE9E-56D7-4CC7-9E1A-97E740D2D000"
} }
] ]
} }

6
CVE-2022/CVE-2022-290xx/CVE-2022-29009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-29009", "id": "CVE-2022-29009",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-05-11T14:15:08.073", "published": "2022-05-11T14:15:08.073",
"lastModified": "2022-10-06T18:00:34.930", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:cyber_cafe_management_system_project:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FC08DB-0DA4-4D77-8BCE-D956250E4B77" "matchCriteriaId": "076A2810-A876-4B7D-B728-BCCE977A7225"
} }
] ]
} }

6
CVE-2022/CVE-2022-313xx/CVE-2022-31382.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-31382", "id": "CVE-2022-31382",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-06-16T17:15:08.537", "published": "2022-06-16T17:15:08.537",
"lastModified": "2022-06-27T17:55:17.513", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:directory_management_system_project:directory_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:directory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94A92032-525A-499E-9B5A-EA6933C82BA5" "matchCriteriaId": "77986F29-8C0B-4B73-BD32-6A610A89C64B"
} }
] ]
} }

6
CVE-2022/CVE-2022-313xx/CVE-2022-31383.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-31383", "id": "CVE-2022-31383",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-06-16T17:15:08.580", "published": "2022-06-16T17:15:08.580",
"lastModified": "2022-06-27T17:55:45.230", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:directory_management_system_project:directory_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:directory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94A92032-525A-499E-9B5A-EA6933C82BA5" "matchCriteriaId": "77986F29-8C0B-4B73-BD32-6A610A89C64B"
} }
] ]
} }

6
CVE-2022/CVE-2022-313xx/CVE-2022-31384.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-31384", "id": "CVE-2022-31384",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-06-16T17:15:08.627", "published": "2022-06-16T17:15:08.627",
"lastModified": "2022-06-27T17:56:02.497", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -84,8 +84,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:directory_management_system_project:directory_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:directory_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94A92032-525A-499E-9B5A-EA6933C82BA5" "matchCriteriaId": "77986F29-8C0B-4B73-BD32-6A610A89C64B"
} }
] ]
} }

55
CVE-2022/CVE-2022-362xx/CVE-2022-36276.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-36276",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:10.033",
"lastModified": "2023-10-04T16:15:10.033",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-362xx/CVE-2022-36277.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-36277",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:10.103",
"lastModified": "2023-10-04T16:15:10.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim",
"source": "cve-coordination@incibe.es"
}
]
}

6
CVE-2022/CVE-2022-409xx/CVE-2022-40943.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40943", "id": "CVE-2022-40943",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-09-30T19:15:16.117", "published": "2022-09-30T19:15:16.117",
"lastModified": "2022-10-04T16:46:20.570", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -59,8 +59,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47D23DC0-4F7B-421D-A24F-B40A4406ADB3" "matchCriteriaId": "6772CE9E-56D7-4CC7-9E1A-97E740D2D000"
} }
] ]
} }

6
CVE-2022/CVE-2022-409xx/CVE-2022-40944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40944", "id": "CVE-2022-40944",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2022-09-30T18:15:11.840", "published": "2022-09-30T18:15:11.840",
"lastModified": "2022-10-04T17:06:17.787", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -59,8 +59,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47D23DC0-4F7B-421D-A24F-B40A4406ADB3" "matchCriteriaId": "6772CE9E-56D7-4CC7-9E1A-97E740D2D000"
} }
] ]
} }

61
CVE-2023/CVE-2023-08xx/CVE-2023-0809.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-0809", "id": "CVE-2023-0809",
"sourceIdentifier": "emo@eclipse.org", "sourceIdentifier": "emo@eclipse.org",
"published": "2023-10-02T19:15:09.717", "published": "2023-10-02T19:15:09.717",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T17:01:04.683",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets." "value": "In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets."
},
{
"lang": "es",
"value": "En Mosquitto anterior a 2.0.16, el exceso de memoria se asigna en funci\u00f3n de paquetes iniciales maliciosos que no son paquetes CONNECT."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "emo@eclipse.org", "source": "emo@eclipse.org",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{ {
"source": "emo@eclipse.org", "source": "emo@eclipse.org",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.16",
"matchCriteriaId": "C744F41F-1469-4455-8C1C-B06373070721"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/", "url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/",
"source": "emo@eclipse.org" "source": "emo@eclipse.org",
"tags": [
"Release Notes"
]
} }
] ]
} }

43
CVE-2023/CVE-2023-201xx/CVE-2023-20101.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20101",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.837",
"lastModified": "2023-10-04T17:15:09.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted.\r\n\r This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20235.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20235",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.917",
"lastModified": "2023-10-04T17:15:09.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20259.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20259",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.990",
"lastModified": "2023-10-04T17:15:09.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF",
"source": "ykramarz@cisco.com"
}
]
}

4
CVE-2023/CVE-2023-222xx/CVE-2023-22283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22283", "id": "CVE-2023-22283",
"sourceIdentifier": "f5sirt@f5.com", "sourceIdentifier": "f5sirt@f5.com",
"published": "2023-02-01T18:15:10.727", "published": "2023-02-01T18:15:10.727",
"lastModified": "2023-10-04T00:15:11.743", "lastModified": "2023-10-04T16:53:45.020",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

8
CVE-2023/CVE-2023-223xx/CVE-2023-22374.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-22374", "id": "CVE-2023-22374",
"sourceIdentifier": "f5sirt@f5.com", "sourceIdentifier": "f5sirt@f5.com",
"published": "2023-02-01T18:15:11.363", "published": "2023-02-01T18:15:11.363",
"lastModified": "2023-10-04T03:15:10.497", "lastModified": "2023-10-04T16:55:31.157",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n" "value": "\nA format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.\n\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cadena de formato en iControl SOAP que permite a un atacante autenticado bloquear el proceso CGI de iControl SOAP o, potencialmente, ejecutar c\u00f3digo arbitrario. En el modo de dispositivo BIG-IP, una explotaci\u00f3n exitosa de esta vulnerabilidad puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
} }
], ],
"metrics": { "metrics": {

6550
CVE-2023/CVE-2023-223xx/CVE-2023-22385.json
View File

File diff suppressed because it is too large Load Diff

1825
CVE-2023/CVE-2023-248xx/CVE-2023-24843.json
View File

File diff suppressed because it is too large Load Diff

1204
CVE-2023/CVE-2023-248xx/CVE-2023-24844.json
View File

File diff suppressed because it is too large Load Diff

6982
CVE-2023/CVE-2023-248xx/CVE-2023-24847.json
View File

File diff suppressed because it is too large Load Diff

6631
CVE-2023/CVE-2023-248xx/CVE-2023-24848.json
View File

File diff suppressed because it is too large Load Diff

6469
CVE-2023/CVE-2023-248xx/CVE-2023-24849.json
View File

File diff suppressed because it is too large Load Diff

5605
CVE-2023/CVE-2023-248xx/CVE-2023-24850.json
View File

File diff suppressed because it is too large Load Diff

95
CVE-2023/CVE-2023-261xx/CVE-2023-26150.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26150", "id": "CVE-2023-26150",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:49.963", "published": "2023-10-03T05:15:49.963",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:12:15.133",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "report@snyk.io", "source": "report@snyk.io",
"type": "Secondary", "type": "Secondary",
@ -38,34 +58,91 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freeopcua:opcua-asyncio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "0.9.96",
"matchCriteriaId": "D64D2A05-90B8-43AA-B8BE-9D79959CFC61"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121", "url": "https://gist.github.com/artfire52/84f7279a4119d6f90381ac49d7121121",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a", "url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/2be7ce80df05de8d6c6ae1ebce6fa2bb7147844a",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513", "url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/b4106dfd5037423c9d1810b48a97296b59cde513",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1014", "url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1014",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1015", "url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1015",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96", "url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Product",
"Release Notes"
]
}, },
{ {
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435", "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673435",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

90
CVE-2023/CVE-2023-261xx/CVE-2023-26151.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26151", "id": "CVE-2023-26151",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:50.507", "published": "2023-10-03T05:15:50.507",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:12:33.987",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "report@snyk.io", "source": "report@snyk.io",
"type": "Secondary", "type": "Secondary",
@ -38,30 +58,84 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freeopcua:opcua-asyncio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "0.9.96",
"matchCriteriaId": "D64D2A05-90B8-43AA-B8BE-9D79959CFC61"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8", "url": "https://gist.github.com/artfire52/1540b234350795e0ecb4d672608dbec8",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262", "url": "https://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013", "url": "https://github.com/FreeOpcUa/opcua-asyncio/issues/1013",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039", "url": "https://github.com/FreeOpcUa/opcua-asyncio/pull/1039",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96", "url": "https://github.com/FreeOpcUa/opcua-asyncio/releases/tag/v0.9.96",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Product",
"Release Notes"
]
}, },
{ {
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709", "url": "https://security.snyk.io/vuln/SNYK-PYTHON-ASYNCUA-5673709",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

71
CVE-2023/CVE-2023-261xx/CVE-2023-26152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26152", "id": "CVE-2023-26152",
"sourceIdentifier": "report@snyk.io", "sourceIdentifier": "report@snyk.io",
"published": "2023-10-03T05:15:50.580", "published": "2023-10-03T05:15:50.580",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:10:53.407",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "report@snyk.io", "source": "report@snyk.io",
"type": "Secondary", "type": "Secondary",
@ -38,18 +58,59 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nbluis:static-server:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "3.0.0",
"matchCriteriaId": "67CD3612-917D-4363-903B-40F649A46F11"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d", "url": "https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223", "url": "https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Product"
]
}, },
{ {
"url": "https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341", "url": "https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341",
"source": "report@snyk.io" "source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

4147
CVE-2023/CVE-2023-285xx/CVE-2023-28540.json
View File

File diff suppressed because it is too large Load Diff

10
CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32707", "id": "CVE-2023-32707",
"sourceIdentifier": "prodsec@splunk.com", "sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.117", "published": "2023-06-01T17:15:10.117",
"lastModified": "2023-09-11T19:15:42.337", "lastModified": "2023-10-04T16:15:10.187",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests." "value": "In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the \u2018edit_user\u2019 capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests."
},
{
"lang": "es",
"value": "En las versiones de Splunk Enterprise anteriores a 9.0.5, 8.2.11 y 8.1.14, y de Splunk Cloud Platform anteriores a la versi\u00f3n 9.0.2303.100, un usuario con pocos privilegios que tenga un rol que tenga asignada la capacidad de \"edit_user\" puede escalar sus privilegios a los del usuario administrador proporcionando solicitudes web especialmente manipuladas."
} }
], ],
"metrics": { "metrics": {
@ -106,10 +110,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174602/Splunk-Enterprise-Account-Takeover.html",
"source": "prodsec@splunk.com"
},
{ {
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602", "url": "https://advisory.splunk.com/advisories/SVD-2023-0602",
"source": "prodsec@splunk.com", "source": "prodsec@splunk.com",

6
CVE-2023/CVE-2023-346xx/CVE-2023-34666.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34666", "id": "CVE-2023-34666",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-06-15T17:15:09.943", "published": "2023-06-15T17:15:09.943",
"lastModified": "2023-06-22T16:30:07.737", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -55,8 +55,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:cyber_cafe_management_system_project:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:cyber_cafe_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85FC08DB-0DA4-4D77-8BCE-D956250E4B77" "matchCriteriaId": "076A2810-A876-4B7D-B728-BCCE977A7225"
} }
] ]
} }

61
CVE-2023/CVE-2023-35xx/CVE-2023-3592.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3592", "id": "CVE-2023-3592",
"sourceIdentifier": "emo@eclipse.org", "sourceIdentifier": "emo@eclipse.org",
"published": "2023-10-02T20:15:10.123", "published": "2023-10-02T20:15:10.123",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T17:00:37.197",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n" "value": "In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n"
},
{
"lang": "es",
"value": "En Mosquitto anterior a 2.0.16, se produce una p\u00e9rdida de memoria cuando los clientes env\u00edan paquetes CONNECT v5 con un mensaje de voluntad que contiene tipos de propiedades no v\u00e1lidos."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "emo@eclipse.org", "source": "emo@eclipse.org",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{ {
"source": "emo@eclipse.org", "source": "emo@eclipse.org",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.16",
"matchCriteriaId": "C744F41F-1469-4455-8C1C-B06373070721"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/", "url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/",
"source": "emo@eclipse.org" "source": "emo@eclipse.org",
"tags": [
"Release Notes"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-36xx/CVE-2023-3654.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3654", "id": "CVE-2023-3654",
"sourceIdentifier": "office@cyberdanube.com", "sourceIdentifier": "office@cyberdanube.com",
"published": "2023-10-03T09:15:10.247", "published": "2023-10-03T09:15:10.247",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:42:06.797",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.a06rks_2023.02.37",
"matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.cashit.at/", "url": "https://www.cashit.at/",
"source": "office@cyberdanube.com" "source": "office@cyberdanube.com",
"tags": [
"Product"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-36xx/CVE-2023-3655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3655", "id": "CVE-2023-3655",
"sourceIdentifier": "office@cyberdanube.com", "sourceIdentifier": "office@cyberdanube.com",
"published": "2023-10-03T08:15:35.680", "published": "2023-10-03T08:15:35.680",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:49:53.693",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.a06rks_2023.02.37",
"matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.cashit.at/", "url": "https://www.cashit.at/",
"source": "office@cyberdanube.com" "source": "office@cyberdanube.com",
"tags": [
"Product"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-36xx/CVE-2023-3656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3656", "id": "CVE-2023-3656",
"sourceIdentifier": "office@cyberdanube.com", "sourceIdentifier": "office@cyberdanube.com",
"published": "2023-10-03T08:15:35.930", "published": "2023-10-03T08:15:35.930",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:49:45.197",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{ {
"source": "office@cyberdanube.com", "source": "office@cyberdanube.com",
"type": "Secondary", "type": "Secondary",
@ -54,10 +84,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cashit:cashit\\!:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.a06rks_2023.02.37",
"matchCriteriaId": "038B664A-EFF6-480B-B33D-82D66205C2B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.cashit.at/", "url": "https://www.cashit.at/",
"source": "office@cyberdanube.com" "source": "office@cyberdanube.com",
"tags": [
"Product"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-376xx/CVE-2023-37605.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-37605", "id": "CVE-2023-37605",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T19:15:10.327", "published": "2023-10-02T19:15:10.327",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T17:00:54.180",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter." "value": "Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en baramundi software GmbH EMM Agent 23.1.50 y anteriores permite a un atacante provocar una denegaci\u00f3n de servicio mediante una solicitud manipulada al par\u00e1metro de contrase\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:baramundi:enterprise_mobility_management:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.1.50",
"matchCriteriaId": "A584EA30-8629-4483-B2CC-3FB346638CAF"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://medium.com/@david_42/complex-password-vs-buffer-overflow-and-the-winner-is-decbc56db5e3", "url": "https://medium.com/@david_42/complex-password-vs-buffer-overflow-and-the-winner-is-decbc56db5e3",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-378xx/CVE-2023-37891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37891", "id": "CVE-2023-37891",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.057", "published": "2023-10-03T10:15:10.057",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:14:31.403",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:optimonk:optimonk\\:popups\\,_personalization_\\&_a\\/b_testing:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.5",
"matchCriteriaId": "A3DBA702-74B2-4624-A11B-A571CC76823E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/exit-intent-popups-by-optimonk/wordpress-exit-popups-onsite-retargeting-by-optimonk-plugin-2-0-4-cross-site-request-forgery-csrf?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/exit-intent-popups-by-optimonk/wordpress-exit-popups-onsite-retargeting-by-optimonk-plugin-2-0-4-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-379xx/CVE-2023-37991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37991", "id": "CVE-2023-37991",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.270", "published": "2023-10-03T10:15:10.270",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:14:14.797",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:monchito:wp_emoji_one:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.6.0",
"matchCriteriaId": "EDDF3B4C-35E8-46E1-B123-01915FCCAB9B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/wp-emoji-one/wordpress-wp-emoji-one-plugin-0-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/wp-emoji-one/wordpress-wp-emoji-one-plugin-0-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-379xx/CVE-2023-37992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37992", "id": "CVE-2023-37992",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.343", "published": "2023-10-03T10:15:10.343",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:13:37.527",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presspage:smarty_for_wordpress:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.35",
"matchCriteriaId": "A04A4E10-6146-45CC-87CC-5E1E4364A7E6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/smarty-for-wordpress/wordpress-smarty-for-wordpress-plugin-3-1-35-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-379xx/CVE-2023-37996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37996", "id": "CVE-2023-37996",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T10:15:10.417", "published": "2023-10-03T10:15:10.417",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:13:22.887",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "audit@patchstack.com", "source": "audit@patchstack.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtmetrix:gtmetrix:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.4.8",
"matchCriteriaId": "FF24891C-FCCD-484F-9722-2DB915B40DE8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/gtmetrix-for-wordpress/wordpress-gtmetrix-for-wordpress-plugin-0-4-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

72
CVE-2023/CVE-2023-37xx/CVE-2023-3770.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3770", "id": "CVE-2023-3770",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T14:15:10.090", "published": "2023-10-02T14:15:10.090",
"lastModified": "2023-10-02T14:17:10.307", "lastModified": "2023-10-04T17:02:06.093",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\u00a0Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.\n\n" "value": "\n\u00a0Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de validaci\u00f3n incorrecta de los datos ingresados, permitiendo a un atacante con acceso a la red en la que se encuentra el dispositivo afectado utilizar el protocolo de puerto de descubrimiento (1925/UDP) para obtener informaci\u00f3n espec\u00edfica del dispositivo sin necesidad de autenticaci\u00f3n."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -46,10 +80,42 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ingeteam:ingepac_da3451_firmware:0.29.2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "29ABE5F4-6EF9-4F31-8FD4-F5AECEE05462"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ingeteam:ingepac_da3451:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD52223-F39F-4012-8CF2-55E3404CD410"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

445
CVE-2023/CVE-2023-392xx/CVE-2023-39222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39222", "id": "CVE-2023-39222",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-03T01:15:56.810", "published": "2023-10-03T01:15:56.810",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:09:09.587",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,450 @@
"value": "La vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en dispositivos de punto de acceso de LAN inal\u00e1mbrica de FURUNO SYSTEMS permite a un usuario autenticado ejecutar un comando del sistema operativo arbitrario que no est\u00e1 destinado a ejecutarse desde la interfaz web mediante el env\u00edo de una solicitud especialmente manipulada. Los productos y versiones afectados son los siguientes: ACERA 1320 firmware ver.01.26 y anteriores, ACERA 1310 firmware ver.01.26 y anteriores, ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, firmware ACERA 1110 versi\u00f3n 01.76 y anteriores, firmware ACERA 1020 versi\u00f3n 01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, ACERA 900 firmware versi\u00f3n 02.54 y anterior, firmware ACERA 850M versi\u00f3n 02.06 y anterior, firmware ACERA 810 versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (Standalone)." "value": "La vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en dispositivos de punto de acceso de LAN inal\u00e1mbrica de FURUNO SYSTEMS permite a un usuario autenticado ejecutar un comando del sistema operativo arbitrario que no est\u00e1 destinado a ejecutarse desde la interfaz web mediante el env\u00edo de una solicitud especialmente manipulada. Los productos y versiones afectados son los siguientes: ACERA 1320 firmware ver.01.26 y anteriores, ACERA 1310 firmware ver.01.26 y anteriores, ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, firmware ACERA 1110 versi\u00f3n 01.76 y anteriores, firmware ACERA 1020 versi\u00f3n 01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, ACERA 900 firmware versi\u00f3n 02.54 y anterior, firmware ACERA 850M versi\u00f3n 02.06 y anterior, firmware ACERA 810 versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (Standalone)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "5FFEB8A0-F2DE-4C34-8C93-BDC2D903BE64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D14B5-1763-44C0-8EED-A3F787A97A8C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "4F94D3C1-940A-4A09-B99B-9BB79B73EA63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09DD97A0-77E2-4BC6-A8EC-7BEF65B75E0C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.36",
"matchCriteriaId": "AB7B6E8E-ECBB-476D-AD0E-496657C9EFE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47CF892F-4565-4418-B710-B38F859DF484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "4C692733-5210-474B-810F-DC3AB6536070"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44E71853-FAC6-4474-88C5-6BB49834854D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "58F27561-61F9-4944-B120-069B0D1F1F6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3D81D1-46AC-4604-8D49-D78FFBFC3A29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.76",
"matchCriteriaId": "6F79658B-BA1F-492C-AAE9-15986FF9327B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E5140B-7BB7-4CD9-B352-BF84AF2A0415"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "EC5136A7-DB89-4C74-A81B-B2EDD465735A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A27F1-B5F2-4121-B229-4267ECB2D07D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "77A74441-2C9B-4C81-8EBF-526B49D2F5CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5914EE-A74B-4C3D-A6D6-F2F5478F0BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "92C48BA7-03BA-4DEB-9266-86E1152800CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1B2651-6864-4166-B8FE-B129615F8343"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "B72B71EE-37D1-433B-9E4A-1AA5BC016846"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F014C15-CAE2-4911-9F47-6A1425B9B71E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.54",
"matchCriteriaId": "D222EBB3-2B84-4EA1-BA06-B9AE15387250"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE7D86-5200-4F64-8035-90E98983A9B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.06",
"matchCriteriaId": "A0A8B666-16D8-4651-A92F-8E7A1B4241A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A441D193-4225-4C64-B12E-045319FAA3C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.74",
"matchCriteriaId": "92B56989-9C94-4137-B81F-40E5269755E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA21DC2-ED13-4FE2-8136-FBDF5176DD88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "07.35",
"matchCriteriaId": "838883F4-781B-474C-95F0-3D0D33247F66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D176A44E-2477-4605-9D28-ED4C768273AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/vu/JVNVU94497038/", "url": "https://jvn.jp/en/vu/JVNVU94497038/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

389
CVE-2023/CVE-2023-394xx/CVE-2023-39429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39429", "id": "CVE-2023-39429",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-03T01:15:56.867", "published": "2023-10-03T01:15:56.867",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:08:58.890",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,394 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en dispositivos de punto de acceso LAN inal\u00e1mbrico de FURUNO SYSTEMS permite a un usuario autenticado inyectar un script arbitrario a trav\u00e9s de una configuraci\u00f3n manipulada. Los productos y versiones afectados son los siguientes: ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, ACERA 1110 firmware ver.01.76 y anteriores, ACERA 1020 firmware ver.01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, firmware ACERA 900 versi\u00f3n 02.54 y anteriores, firmware ACERA 850M versi\u00f3n 02.06 y anteriores, ACERA 810 firmware versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (independiente)." "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en dispositivos de punto de acceso LAN inal\u00e1mbrico de FURUNO SYSTEMS permite a un usuario autenticado inyectar un script arbitrario a trav\u00e9s de una configuraci\u00f3n manipulada. Los productos y versiones afectados son los siguientes: ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, ACERA 1110 firmware ver.01.76 y anteriores, ACERA 1020 firmware ver.01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, firmware ACERA 900 versi\u00f3n 02.54 y anteriores, firmware ACERA 850M versi\u00f3n 02.06 y anteriores, ACERA 810 firmware versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (independiente)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.36",
"matchCriteriaId": "AB7B6E8E-ECBB-476D-AD0E-496657C9EFE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47CF892F-4565-4418-B710-B38F859DF484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "4C692733-5210-474B-810F-DC3AB6536070"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44E71853-FAC6-4474-88C5-6BB49834854D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "58F27561-61F9-4944-B120-069B0D1F1F6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3D81D1-46AC-4604-8D49-D78FFBFC3A29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.76",
"matchCriteriaId": "6F79658B-BA1F-492C-AAE9-15986FF9327B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E5140B-7BB7-4CD9-B352-BF84AF2A0415"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "EC5136A7-DB89-4C74-A81B-B2EDD465735A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A27F1-B5F2-4121-B229-4267ECB2D07D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "77A74441-2C9B-4C81-8EBF-526B49D2F5CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5914EE-A74B-4C3D-A6D6-F2F5478F0BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "92C48BA7-03BA-4DEB-9266-86E1152800CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1B2651-6864-4166-B8FE-B129615F8343"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "B72B71EE-37D1-433B-9E4A-1AA5BC016846"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F014C15-CAE2-4911-9F47-6A1425B9B71E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.54",
"matchCriteriaId": "D222EBB3-2B84-4EA1-BA06-B9AE15387250"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE7D86-5200-4F64-8035-90E98983A9B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.06",
"matchCriteriaId": "A0A8B666-16D8-4651-A92F-8E7A1B4241A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A441D193-4225-4C64-B12E-045319FAA3C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.74",
"matchCriteriaId": "92B56989-9C94-4137-B81F-40E5269755E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA21DC2-ED13-4FE2-8136-FBDF5176DD88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "07.35",
"matchCriteriaId": "838883F4-781B-474C-95F0-3D0D33247F66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D176A44E-2477-4605-9D28-ED4C768273AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/vu/JVNVU94497038/", "url": "https://jvn.jp/en/vu/JVNVU94497038/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-400xx/CVE-2023-40044.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40044", "id": "CVE-2023-40044",
"sourceIdentifier": "security@progress.com", "sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:57.307", "published": "2023-09-27T15:18:57.307",
"lastModified": "2023-10-02T16:15:10.077", "lastModified": "2023-10-04T17:15:10.073",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -106,6 +106,10 @@
} }
], ],
"references": [ "references": [
{
"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html",
"source": "security@progress.com"
},
{ {
"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044", "url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044",
"source": "security@progress.com" "source": "security@progress.com"

389
CVE-2023/CVE-2023-410xx/CVE-2023-41086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41086", "id": "CVE-2023-41086",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-03T01:15:56.917", "published": "2023-10-03T01:15:56.917",
"lastModified": "2023-10-03T12:51:52.930", "lastModified": "2023-10-04T17:08:37.357",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,394 @@
"value": "Existe una vulnerabilidad de Cross-site request forgery (CSRF) en los dispositivos de punto de acceso de LAN inal\u00e1mbrica de FURUNO SYSTEMS. Si un usuario ve una p\u00e1gina maliciosa mientras est\u00e1 conectado, se pueden realizar operaciones no deseadas. Los productos y versiones afectados son los siguientes: ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, ACERA 1110 firmware ver.01.76 y anteriores, ACERA 1020 firmware ver.01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, firmware ACERA 900 versi\u00f3n 02.54 y anteriores, firmware ACERA 850M versi\u00f3n 02.06 y anteriores, ACERA 810 firmware versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (independiente)." "value": "Existe una vulnerabilidad de Cross-site request forgery (CSRF) en los dispositivos de punto de acceso de LAN inal\u00e1mbrica de FURUNO SYSTEMS. Si un usuario ve una p\u00e1gina maliciosa mientras est\u00e1 conectado, se pueden realizar operaciones no deseadas. Los productos y versiones afectados son los siguientes: ACERA 1210 firmware ver.02.36 y anteriores, ACERA 1150i firmware ver.01.35 y anteriores, ACERA 1150w firmware ver.01.35 y anteriores, ACERA 1110 firmware ver.01.76 y anteriores, ACERA 1020 firmware ver.01.86 y anteriores, firmware ACERA 1010 versi\u00f3n 01.86 y anteriores, firmware ACERA 950 versi\u00f3n 01.60 y anteriores, firmware ACERA 850F versi\u00f3n 01.60 y anteriores, firmware ACERA 900 versi\u00f3n 02.54 y anteriores, firmware ACERA 850M versi\u00f3n 02.06 y anteriores, ACERA 810 firmware versi\u00f3n 03.74 y anterior, y firmware ACERA 800ST versi\u00f3n 07.35 y anterior. Se ven afectados cuando se ejecutan en modo ST (independiente)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.36",
"matchCriteriaId": "AB7B6E8E-ECBB-476D-AD0E-496657C9EFE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47CF892F-4565-4418-B710-B38F859DF484"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150i_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "4C692733-5210-474B-810F-DC3AB6536070"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150i:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44E71853-FAC6-4474-88C5-6BB49834854D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1150w_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.35",
"matchCriteriaId": "58F27561-61F9-4944-B120-069B0D1F1F6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1150w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3D81D1-46AC-4604-8D49-D78FFBFC3A29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1110_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.76",
"matchCriteriaId": "6F79658B-BA1F-492C-AAE9-15986FF9327B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1110:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7E5140B-7BB7-4CD9-B352-BF84AF2A0415"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1020_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "EC5136A7-DB89-4C74-A81B-B2EDD465735A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C23A27F1-B5F2-4121-B229-4267ECB2D07D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1010_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.86",
"matchCriteriaId": "77A74441-2C9B-4C81-8EBF-526B49D2F5CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5914EE-A74B-4C3D-A6D6-F2F5478F0BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_950_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "92C48BA7-03BA-4DEB-9266-86E1152800CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B1B2651-6864-4166-B8FE-B129615F8343"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850f_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.60",
"matchCriteriaId": "B72B71EE-37D1-433B-9E4A-1AA5BC016846"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F014C15-CAE2-4911-9F47-6A1425B9B71E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_900_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.54",
"matchCriteriaId": "D222EBB3-2B84-4EA1-BA06-B9AE15387250"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE7D86-5200-4F64-8035-90E98983A9B0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_850m_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "02.06",
"matchCriteriaId": "A0A8B666-16D8-4651-A92F-8E7A1B4241A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_850m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A441D193-4225-4C64-B12E-045319FAA3C1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_810_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "03.74",
"matchCriteriaId": "92B56989-9C94-4137-B81F-40E5269755E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA21DC2-ED13-4FE2-8136-FBDF5176DD88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_800st_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "07.35",
"matchCriteriaId": "838883F4-781B-474C-95F0-3D0D33247F66"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_800st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D176A44E-2477-4605-9D28-ED4C768273AE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/vu/JVNVU94497038/", "url": "https://jvn.jp/en/vu/JVNVU94497038/",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html",
"source": "vultures@jpcert.or.jp" "source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-415xx/CVE-2023-41594.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41594", "id": "CVE-2023-41594",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T03:15:08.997", "published": "2023-09-08T03:15:08.997",
"lastModified": "2023-09-12T13:00:01.017", "lastModified": "2023-10-04T17:36:00.863",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -59,8 +59,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:dairy_farm_shop_management_system_project:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:phpgurukul:dairy_farm_shop_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "989C338B-959D-4A74-8158-0F4D88539140" "matchCriteriaId": "A1EC8290-03A2-4AC6-922B-B469FBB0E453"
} }
] ]
} }

26
CVE-2023/CVE-2023-42xx/CVE-2023-4211.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-4211", "id": "CVE-2023-4211",
"sourceIdentifier": "arm-security@arm.com", "sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-01T18:15:09.927", "published": "2023-10-01T18:15:09.927",
"lastModified": "2023-10-03T05:15:51.343", "lastModified": "2023-10-04T17:15:10.337",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-10-03",
"cisaActionDue": "2023-10-24",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -28,29 +32,9 @@
} }
], ],
"references": [ "references": [
{
"url": "https://arstechnica.com/security/2023/10/vulnerable-arm-gpu-drivers-under-active-exploitation-patches-may-not-be-available/",
"source": "arm-security@arm.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/long-term-support-channel-update-for_23.html",
"source": "arm-security@arm.com"
},
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html",
"source": "arm-security@arm.com"
},
{ {
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com" "source": "arm-security@arm.com"
},
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2023-09-01",
"source": "arm-security@arm.com"
},
{
"url": "https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/",
"source": "arm-security@arm.com"
} }
] ]
} }

68
CVE-2023/CVE-2023-432xx/CVE-2023-43267.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43267", "id": "CVE-2023-43267",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.377", "published": "2023-10-02T21:15:34.377",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:06:47.097",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,73 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n de publicaci\u00f3n de art\u00edculos de emlog pro v2.1.14 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectado en el campo del t\u00edtulo." "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la funci\u00f3n de publicaci\u00f3n de art\u00edculos de emlog pro v2.1.14 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectado en el campo del t\u00edtulo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emlog:emlog:2.1.14:*:*:*:pro:*:*:*",
"matchCriteriaId": "3812D57C-8E1A-4499-9DEE-2A18A955667B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/Fliggyaaa/b61c24e828cbcfac42406be408665280", "url": "https://gist.github.com/Fliggyaaa/b61c24e828cbcfac42406be408665280",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Fliggyaaa/xss/", "url": "https://github.com/Fliggyaaa/xss/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

73
CVE-2023/CVE-2023-432xx/CVE-2023-43268.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43268", "id": "CVE-2023-43268",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.430", "published": "2023-10-02T21:15:34.430",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:06:28.700",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,19 +14,80 @@
"value": "Se descubri\u00f3 que Deyue Remote Vehicle Management System v1.1 contiene una vulnerabilidad de deserializaci\u00f3n." "value": "Se descubri\u00f3 que Deyue Remote Vehicle Management System v1.1 contiene una vulnerabilidad de deserializaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deyue_remote_vehicle_management_system_project:deyue_remote_vehicle_management_system:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17602A34-F0A4-4555-8D32-9432247C3E1D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/Fliggyaaa/5517fdd59853cd81724b19d2f29c6760", "url": "https://gist.github.com/Fliggyaaa/5517fdd59853cd81724b19d2f29c6760",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Fliggyaaa/DeYue-remote-vehicle-management-system", "url": "https://github.com/Fliggyaaa/DeYue-remote-vehicle-management-system",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
}, },
{ {
"url": "https://hzya.anlu169.com/ms/login", "url": "https://hzya.anlu169.com/ms/login",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-432xx/CVE-2023-43297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43297", "id": "CVE-2023-43297",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.480", "published": "2023-10-02T21:15:34.480",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:05:58.947",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,66 @@
"value": "Un problema en animal-art-lab v13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal." "value": "Un problema en animal-art-lab v13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-924"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43297.md", "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-43297.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-433xx/CVE-2023-43361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43361", "id": "CVE-2023-43361",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.520", "published": "2023-10-02T21:15:34.520",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:05:22.400",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,23 +14,88 @@
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en Vorbis-tools v.1.4.2 permite a un atacante local ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio durante la conversi\u00f3n de archivos wav a archivos ogg." "value": "La vulnerabilidad de desbordamiento de b\u00fafer en Vorbis-tools v.1.4.2 permite a un atacante local ejecutar c\u00f3digo arbitrario y provocar una denegaci\u00f3n de servicio durante la conversi\u00f3n de archivos wav a archivos ogg."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xiph:vorbis-tools:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA9C03F-AF50-4E6F-B972-F1B3BF87CEB1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/xiph/vorbis", "url": "https://github.com/xiph/vorbis",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}, },
{ {
"url": "https://github.com/xiph/vorbis-tools", "url": "https://github.com/xiph/vorbis-tools",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/xiph/vorbis-tools/issues/41", "url": "https://github.com/xiph/vorbis-tools/issues/41",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}, },
{ {
"url": "https://xiph.org/vorbis/", "url": "https://xiph.org/vorbis/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-438xx/CVE-2023-43804.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43804",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T17:15:10.163",
"lastModified": "2023-10-04T17:15:10.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2023/CVE-2023-438xx/CVE-2023-43835.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-43835", "id": "CVE-2023-43835",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.187", "published": "2023-10-02T20:15:10.187",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T17:00:04.247",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content." "value": "Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content."
},
{
"lang": "es",
"value": "Super Store Finder 3.7 y versiones anteriores son vulnerables a la inyecci\u00f3n de c\u00f3digo PHP arbitrario autenticado que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo cuando la configuraci\u00f3n sobrescribe el contenido de config.inc.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:-:*:*",
"versionEndIncluding": "3.7",
"matchCriteriaId": "5173E387-23B3-4776-B558-C16A41C4C08D"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html", "url": "https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

68
CVE-2023/CVE-2023-438xx/CVE-2023-43836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43836", "id": "CVE-2023-43836",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.567", "published": "2023-10-02T21:15:34.567",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:04:16.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,73 @@
"value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el backend de Jizhicms 2.4.9, que los usuarios pueden utilizar para obtener informaci\u00f3n de la base de datos." "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el backend de Jizhicms 2.4.9, que los usuarios pueden utilizar para obtener informaci\u00f3n de la base de datos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jizhicms:jizhicms:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAF6549-E61F-4873-BE97-D51C9A9F13C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gist.github.com/Fliggyaaa/417f8335ce0f0546e95dda91d4b54604", "url": "https://gist.github.com/Fliggyaaa/417f8335ce0f0546e95dda91d4b54604",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/Fliggyaaa/jizhicmssql/", "url": "https://github.com/Fliggyaaa/jizhicmssql/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit"
]
} }
] ]
} }

40
CVE-2023/CVE-2023-438xx/CVE-2023-43838.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-43838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T16:15:10.277",
"lastModified": "2023-10-04T16:15:10.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar."
}
],
"metrics": {},
"references": [
{
"url": "http://www.w3.org/2000/svg",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Volmarg",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Volmarg/personal-management-system",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rootd4ddy/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rootd4ddy/CVE-2023-43838",
"source": "cve@mitre.org"
}
]
}

80
CVE-2023/CVE-2023-438xx/CVE-2023-43890.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-43890", "id": "CVE-2023-43890",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.233", "published": "2023-10-02T20:15:10.233",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T16:59:48.810",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request." "value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la p\u00e1gina de herramientas de diagn\u00f3stico. Esta vulnerabilidad se explota mediante una solicitud HTTP manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3A2D7D-91F7-474B-94E3-4D1E4702ADA5"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20bypass%20filter.md", "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20bypass%20filter.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-438xx/CVE-2023-43891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43891", "id": "CVE-2023-43891",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T22:15:09.933", "published": "2023-10-02T22:15:09.933",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:10:22.127",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,79 @@
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n de cambio de nombre de usuario y contrase\u00f1a. Esta vulnerabilidad se explota mediante un payload manipulado." "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n de cambio de nombre de usuario y contrase\u00f1a. Esta vulnerabilidad se explota mediante un payload manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20in%20changing%20password%20feature.md", "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20in%20changing%20password%20feature.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-438xx/CVE-2023-43892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43892", "id": "CVE-2023-43892",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T22:15:10.137", "published": "2023-10-02T22:15:10.137",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:03:02.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,79 @@
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro Hostname dentro de la configuraci\u00f3n de WAN. Esta vulnerabilidad se explota mediante un payload manipulado." "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro Hostname dentro de la configuraci\u00f3n de WAN. Esta vulnerabilidad se explota mediante un payload manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20hostname%20parameter%20in%20wan%20settings.md", "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20hostname%20parameter%20in%20wan%20settings.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-438xx/CVE-2023-43893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43893", "id": "CVE-2023-43893",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T22:15:10.187", "published": "2023-10-02T22:15:10.187",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:10:08.893",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,79 @@
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro wakeup_mac en la funci\u00f3n Wake-On-LAN (WoL). Esta vulnerabilidad se explota mediante un payload manipulado." "value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro wakeup_mac en la funci\u00f3n Wake-On-LAN (WoL). Esta vulnerabilidad se explota mediante un payload manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20wake%20on%20lan%20functionality%20in%20wakeup_mac%20parameter.md", "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20wake%20on%20lan%20functionality%20in%20wakeup_mac%20parameter.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-440xx/CVE-2023-44008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44008", "id": "CVE-2023-44008",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.617", "published": "2023-10-02T21:15:34.617",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:03:54.897",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de carga de archivos en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Administrador de Archivos." "value": "Vulnerabilidad de carga de archivos en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Administrador de Archivos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C27465AD-B505-48F8-9473-2B07A7634FC8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44008", "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44008",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-440xx/CVE-2023-44009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44009", "id": "CVE-2023-44009",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.663", "published": "2023-10-02T21:15:34.663",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:03:26.320",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,74 @@
"value": "La vulnerabilidad de carga de archivos en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Skin Management." "value": "La vulnerabilidad de carga de archivos en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n Skin Management."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C27465AD-B505-48F8-9473-2B07A7634FC8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44009", "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44009",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.mojoportal.com/", "url": "https://www.mojoportal.com/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-440xx/CVE-2023-44011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44011", "id": "CVE-2023-44011",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T22:15:10.233", "published": "2023-10-02T22:15:10.233",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:02:27.237",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,67 @@
"value": "Un problema en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el archivo de skin layout.master en el componente de administraci\u00f3n de skin." "value": "Un problema en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el archivo de skin layout.master en el componente de administraci\u00f3n de skin."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C27465AD-B505-48F8-9473-2B07A7634FC8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44011", "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44011",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2023/CVE-2023-440xx/CVE-2023-44012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44012", "id": "CVE-2023-44012",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T22:15:10.280", "published": "2023-10-02T22:15:10.280",
"lastModified": "2023-10-03T12:52:01.580", "lastModified": "2023-10-04T17:02:14.373",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro helpkey en el componente Help.aspx." "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en mojoPortal v.2.7.0.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro helpkey en el componente Help.aspx."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mojoportal:mojoportal:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C27465AD-B505-48F8-9473-2B07A7634FC8"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44012", "url": "https://github.com/Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures/tree/main/2023/CVE-2023-44012",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

71
CVE-2023/CVE-2023-442xx/CVE-2023-44217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44217", "id": "CVE-2023-44217",
"sourceIdentifier": "PSIRT@sonicwall.com", "sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-10-03T08:15:36.000", "published": "2023-10-03T08:15:36.000",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:49:37.297",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,11 +11,44 @@
}, },
{ {
"lang": "es", "lang": "es",
"value": "Una vulnerabilidad de escalada de privilegios local en el cliente MSI SonicWall Net Extender para Windows 10.2.336 y versiones anteriores permite a un usuario local con pocos privilegios obtener privilegios del sistema mediante la ejecuci\u00f3n de la funcionalidad de reparaci\u00f3n." "value": "Una vulnerabilidad de escalada de privilegios local en el cliente MSI SonicWall Net Extender para Windows 10.2.336 y versiones anteriores permite a un usuario local con pocos privilegios obtener privilegios de System mediante la ejecuci\u00f3n de la funcionalidad de reparaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "PSIRT@sonicwall.com", "source": "PSIRT@sonicwall.com",
"type": "Secondary", "type": "Secondary",
@ -27,10 +60,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "10.2.336",
"matchCriteriaId": "F79C094F-9986-4B09-800D-2F1DBE23B8FD"
}
]
}
]
}
],
"references": [ "references": [
{
"url": "https://github.com/advisories/GHSA-jw5c-8746-98g5",
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
]
},
{ {
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013",
"source": "PSIRT@sonicwall.com" "source": "PSIRT@sonicwall.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

57
CVE-2023/CVE-2023-442xx/CVE-2023-44218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44218", "id": "CVE-2023-44218",
"sourceIdentifier": "PSIRT@sonicwall.com", "sourceIdentifier": "PSIRT@sonicwall.com",
"published": "2023-10-03T08:15:36.067", "published": "2023-10-03T08:15:36.067",
"lastModified": "2023-10-03T12:51:44.187", "lastModified": "2023-10-04T17:49:26.270",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "PSIRT@sonicwall.com", "source": "PSIRT@sonicwall.com",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "PSIRT@sonicwall.com", "source": "PSIRT@sonicwall.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonicwall:netextender:*:*:*:*:*:windows:*:*",
"versionEndIncluding": "10.2.336",
"matchCriteriaId": "F79C094F-9986-4B09-800D-2F1DBE23B8FD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014",
"source": "PSIRT@sonicwall.com" "source": "PSIRT@sonicwall.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-444xx/CVE-2023-44463.json
View File

@ -2,35 +2,107 @@
"id": "CVE-2023-44463", "id": "CVE-2023-44463",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T20:15:10.277", "published": "2023-10-02T20:15:10.277",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T16:39:30.577",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application." "value": "An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en el pretix antes de 2023.7.1. El an\u00e1lisis incorrecto de los archivos de configuraci\u00f3n hace que la aplicaci\u00f3n conf\u00ede en encabezados X-Fordered-For no verificados aunque no haya sido configurada para hacerlo. Esto puede provocar que los usuarios de la aplicaci\u00f3n suplanten la direcci\u00f3n IP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rami:pretix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.7.1",
"matchCriteriaId": "D721E2BB-22BE-4C00-903C-C1706BBF87AB"
}
]
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469", "url": "https://github.com/pretix/pretix/commit/ccdce2ccb8207b82501af3c03f50abc0f819b469",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1", "url": "https://github.com/pretix/pretix/compare/v2023.7.0...v2023.7.1",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/pretix/pretix/tags", "url": "https://github.com/pretix/pretix/tags",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://pretix.eu/about/en/blog/20230911-release-2023-7-1/", "url": "https://pretix.eu/about/en/blog/20230911-release-2023-7-1/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://pretix.eu/about/en/ticketing", "url": "https://pretix.eu/about/en/ticketing",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

6
CVE-2023/CVE-2023-45xx/CVE-2023-4571.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-4571", "id": "CVE-2023-4571",
"sourceIdentifier": "prodsec@splunk.com", "sourceIdentifier": "prodsec@splunk.com",
"published": "2023-08-30T17:15:11.080", "published": "2023-08-30T17:15:11.080",
"lastModified": "2023-09-05T15:35:34.477", "lastModified": "2023-10-04T16:15:10.330",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine." "value": "In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. \n\nThe vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine."
} }
], ],
"metrics": { "metrics": {

56
CVE-2023/CVE-2023-46xx/CVE-2023-4659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4659", "id": "CVE-2023-4659",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-02T15:15:15.017", "published": "2023-10-02T15:15:15.017",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T17:01:28.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -50,10 +80,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:free5gc:free5gc:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46749F6B-90B4-4865-91E1-48F737CC388F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-request-forgery-free5gc",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

80
CVE-2023/CVE-2023-52xx/CVE-2023-5222.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5222", "id": "CVE-2023-5222",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-27T15:19:43.387", "published": "2023-09-27T15:19:43.387",
"lastModified": "2023-09-27T15:41:51.143", "lastModified": "2023-10-04T16:10:28.087",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." "value": "A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Viessmann Vitogate 300 hasta 2.1.3.0 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta la funci\u00f3n isValidUser del archivo /cgi-bin/vitogate.cgi del componente Web Management Interface. La manipulaci\u00f3n conduce al uso de una contrase\u00f1a codificada. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-240364. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,18 +97,62 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:viessmann:vitogate_300_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.3.0",
"matchCriteriaId": "2DAD3136-6337-4E41-AD13-A371EC4EA975"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:viessmann:vitogate_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C464EBFC-DD80-49C9-97BE-232F8E8AE624"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_HardcodedPassword.md", "url": "https://github.com/Push3AX/vul/blob/main/viessmann/Vitogate300_HardcodedPassword.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.240364", "url": "https://vuldb.com/?ctiid.240364",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.240364", "url": "https://vuldb.com/?id.240364",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

71
CVE-2023/CVE-2023-52xx/CVE-2023-5257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5257", "id": "CVE-2023-5257",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T11:15:41.977", "published": "2023-09-29T11:15:41.977",
"lastModified": "2023-09-29T12:45:25.177", "lastModified": "2023-10-04T16:37:27.057",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -15,6 +15,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -75,18 +97,57 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whitehsbg:jndiexploit:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3948586B-0FCA-4C9A-A57A-6373F92D27E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/WhiteHSBG/JNDIExploit/issues/10", "url": "https://github.com/WhiteHSBG/JNDIExploit/issues/10",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.240866", "url": "https://vuldb.com/?ctiid.240866",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.240866", "url": "https://vuldb.com/?id.240866",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

60
CVE-2023/CVE-2023-53xx/CVE-2023-5344.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5344", "id": "CVE-2023-5344",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2023-10-02T20:15:10.327", "published": "2023-10-02T20:15:10.327",
"lastModified": "2023-10-02T20:26:54.460", "lastModified": "2023-10-04T16:11:01.100",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969." "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en el repositorio de GitHub vim/vim anterior a 9.0.1969."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -46,14 +72,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1969",
"matchCriteriaId": "553DABFB-28FC-415B-93DC-911110BF8DFB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04", "url": "https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf", "url": "https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-53xx/CVE-2023-5371.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5371",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-10-04T17:15:10.437",
"lastModified": "2023-10-04T17:15:10.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-789"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19322",
"source": "cve@gitlab.com"
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-27.html",
"source": "cve@gitlab.com"
}
]
}

85
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-10-04T16:00:24.907832+00:00 2023-10-04T18:00:26.115710+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-10-04T15:53:23.283000+00:00 2023-10-04T17:53:28.580000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,60 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
226986 226995
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `16` Recently added CVEs: `9`
* [CVE-2022-43906](CVE-2022/CVE-2022-439xx/CVE-2022-43906.json) (`2023-10-04T14:15:10.280`) * [CVE-2021-3784](CVE-2021/CVE-2021-37xx/CVE-2021-3784.json) (`2023-10-04T16:15:09.940`)
* [CVE-2023-4567](CVE-2023/CVE-2023-45xx/CVE-2023-4567.json) (`2023-10-04T14:15:11.073`) * [CVE-2022-36276](CVE-2022/CVE-2022-362xx/CVE-2022-36276.json) (`2023-10-04T16:15:10.033`)
* [CVE-2023-1832](CVE-2023/CVE-2023-18xx/CVE-2023-1832.json) (`2023-10-04T14:15:10.370`) * [CVE-2022-36277](CVE-2022/CVE-2022-362xx/CVE-2022-36277.json) (`2023-10-04T16:15:10.103`)
* [CVE-2023-22515](CVE-2023/CVE-2023-225xx/CVE-2023-22515.json) (`2023-10-04T14:15:10.440`) * [CVE-2023-43838](CVE-2023/CVE-2023-438xx/CVE-2023-43838.json) (`2023-10-04T16:15:10.277`)
* [CVE-2023-25025](CVE-2023/CVE-2023-250xx/CVE-2023-25025.json) (`2023-10-04T14:15:10.507`) * [CVE-2023-20101](CVE-2023/CVE-2023-201xx/CVE-2023-20101.json) (`2023-10-04T17:15:09.837`)
* [CVE-2023-27433](CVE-2023/CVE-2023-274xx/CVE-2023-27433.json) (`2023-10-04T14:15:10.587`) * [CVE-2023-20235](CVE-2023/CVE-2023-202xx/CVE-2023-20235.json) (`2023-10-04T17:15:09.917`)
* [CVE-2023-40376](CVE-2023/CVE-2023-403xx/CVE-2023-40376.json) (`2023-10-04T14:15:10.793`) * [CVE-2023-20259](CVE-2023/CVE-2023-202xx/CVE-2023-20259.json) (`2023-10-04T17:15:09.990`)
* [CVE-2023-40561](CVE-2023/CVE-2023-405xx/CVE-2023-40561.json) (`2023-10-04T14:15:10.887`) * [CVE-2023-43804](CVE-2023/CVE-2023-438xx/CVE-2023-43804.json) (`2023-10-04T17:15:10.163`)
* [CVE-2023-40684](CVE-2023/CVE-2023-406xx/CVE-2023-40684.json) (`2023-10-04T14:15:10.957`) * [CVE-2023-5371](CVE-2023/CVE-2023-53xx/CVE-2023-5371.json) (`2023-10-04T17:15:10.437`)
* [CVE-2023-5374](CVE-2023/CVE-2023-53xx/CVE-2023-5374.json) (`2023-10-04T14:15:11.123`)
* [CVE-2023-3665](CVE-2023/CVE-2023-36xx/CVE-2023-3665.json) (`2023-10-04T15:15:12.360`)
* [CVE-2023-3971](CVE-2023/CVE-2023-39xx/CVE-2023-3971.json) (`2023-10-04T15:15:12.430`)
* [CVE-2023-40559](CVE-2023/CVE-2023-405xx/CVE-2023-40559.json) (`2023-10-04T15:15:12.497`)
* [CVE-2023-4237](CVE-2023/CVE-2023-42xx/CVE-2023-4237.json) (`2023-10-04T15:15:12.643`)
* [CVE-2023-4380](CVE-2023/CVE-2023-43xx/CVE-2023-4380.json) (`2023-10-04T15:15:12.703`)
* [CVE-2023-5113](CVE-2023/CVE-2023-51xx/CVE-2023-5113.json) (`2023-10-04T15:15:12.760`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `42` Recently modified CVEs: `64`
* [CVE-2023-1952](CVE-2023/CVE-2023-19xx/CVE-2023-1952.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-43891](CVE-2023/CVE-2023-438xx/CVE-2023-43891.json) (`2023-10-04T17:10:22.127`)
* [CVE-2023-1953](CVE-2023/CVE-2023-19xx/CVE-2023-1953.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-26152](CVE-2023/CVE-2023-261xx/CVE-2023-26152.json) (`2023-10-04T17:10:53.407`)
* [CVE-2023-1954](CVE-2023/CVE-2023-19xx/CVE-2023-1954.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-26150](CVE-2023/CVE-2023-261xx/CVE-2023-26150.json) (`2023-10-04T17:12:15.133`)
* [CVE-2023-1955](CVE-2023/CVE-2023-19xx/CVE-2023-1955.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-26151](CVE-2023/CVE-2023-261xx/CVE-2023-26151.json) (`2023-10-04T17:12:33.987`)
* [CVE-2023-1956](CVE-2023/CVE-2023-19xx/CVE-2023-1956.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-37996](CVE-2023/CVE-2023-379xx/CVE-2023-37996.json) (`2023-10-04T17:13:22.887`)
* [CVE-2023-1957](CVE-2023/CVE-2023-19xx/CVE-2023-1957.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-37992](CVE-2023/CVE-2023-379xx/CVE-2023-37992.json) (`2023-10-04T17:13:37.527`)
* [CVE-2023-1958](CVE-2023/CVE-2023-19xx/CVE-2023-1958.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-37991](CVE-2023/CVE-2023-379xx/CVE-2023-37991.json) (`2023-10-04T17:14:14.797`)
* [CVE-2023-1959](CVE-2023/CVE-2023-19xx/CVE-2023-1959.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-37891](CVE-2023/CVE-2023-378xx/CVE-2023-37891.json) (`2023-10-04T17:14:31.403`)
* [CVE-2023-1960](CVE-2023/CVE-2023-19xx/CVE-2023-1960.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-40044](CVE-2023/CVE-2023-400xx/CVE-2023-40044.json) (`2023-10-04T17:15:10.073`)
* [CVE-2023-1961](CVE-2023/CVE-2023-19xx/CVE-2023-1961.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-4211](CVE-2023/CVE-2023-42xx/CVE-2023-4211.json) (`2023-10-04T17:15:10.337`)
* [CVE-2023-1985](CVE-2023/CVE-2023-19xx/CVE-2023-1985.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-34666](CVE-2023/CVE-2023-346xx/CVE-2023-34666.json) (`2023-10-04T17:36:00.863`)
* [CVE-2023-1986](CVE-2023/CVE-2023-19xx/CVE-2023-1986.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-41594](CVE-2023/CVE-2023-415xx/CVE-2023-41594.json) (`2023-10-04T17:36:00.863`)
* [CVE-2023-1987](CVE-2023/CVE-2023-19xx/CVE-2023-1987.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-10-04T17:42:06.797`)
* [CVE-2023-1988](CVE-2023/CVE-2023-19xx/CVE-2023-1988.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-44218](CVE-2023/CVE-2023-442xx/CVE-2023-44218.json) (`2023-10-04T17:49:26.270`)
* [CVE-2023-2242](CVE-2023/CVE-2023-22xx/CVE-2023-2242.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-44217](CVE-2023/CVE-2023-442xx/CVE-2023-44217.json) (`2023-10-04T17:49:37.297`)
* [CVE-2023-2657](CVE-2023/CVE-2023-26xx/CVE-2023-2657.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-10-04T17:49:45.197`)
* [CVE-2023-2658](CVE-2023/CVE-2023-26xx/CVE-2023-2658.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-10-04T17:49:53.693`)
* [CVE-2023-2659](CVE-2023/CVE-2023-26xx/CVE-2023-2659.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-28540](CVE-2023/CVE-2023-285xx/CVE-2023-28540.json) (`2023-10-04T17:50:30.540`)
* [CVE-2023-2660](CVE-2023/CVE-2023-26xx/CVE-2023-2660.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-24850](CVE-2023/CVE-2023-248xx/CVE-2023-24850.json) (`2023-10-04T17:51:03.337`)
* [CVE-2023-2661](CVE-2023/CVE-2023-26xx/CVE-2023-2661.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-24849](CVE-2023/CVE-2023-248xx/CVE-2023-24849.json) (`2023-10-04T17:51:17.830`)
* [CVE-2023-31857](CVE-2023/CVE-2023-318xx/CVE-2023-31857.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-24848](CVE-2023/CVE-2023-248xx/CVE-2023-24848.json) (`2023-10-04T17:51:31.567`)
* [CVE-2023-31704](CVE-2023/CVE-2023-317xx/CVE-2023-31704.json) (`2023-10-04T15:07:27.313`) * [CVE-2023-24847](CVE-2023/CVE-2023-248xx/CVE-2023-24847.json) (`2023-10-04T17:51:56.350`)
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-10-04T15:15:12.160`) * [CVE-2023-24844](CVE-2023/CVE-2023-248xx/CVE-2023-24844.json) (`2023-10-04T17:52:21.437`)
* [CVE-2023-5263](CVE-2023/CVE-2023-52xx/CVE-2023-5263.json) (`2023-10-04T15:45:00.667`) * [CVE-2023-24843](CVE-2023/CVE-2023-248xx/CVE-2023-24843.json) (`2023-10-04T17:52:42.307`)
* [CVE-2023-5221](CVE-2023/CVE-2023-52xx/CVE-2023-5221.json) (`2023-10-04T15:50:02.617`) * [CVE-2023-22385](CVE-2023/CVE-2023-223xx/CVE-2023-22385.json) (`2023-10-04T17:53:28.580`)
## Download and Usage ## Download and Usage