admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-19T22:00:24.982772+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-19 22:00:28 +00:00
parent 3f537c4525
commit c6aaf4d0b3
28 changed files with 1790 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2020/CVE-2020-367xx/CVE-2020-36766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T09:15:07.693",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:23:38.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 un problema en el kernel de Linux anterior a 5.8.6. drivers/media/cec/core/cec-api.c pierde un byte de memoria del kernel en hardware espec\u00edfico a usuarios sin privilegios, debido a la asignaci\u00f3n directa de log_addrs con un agujero en la estructura."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.8.6",
"matchCriteriaId": "1242AC2C-0562-494C-87D2-C588833C8287"
}
]
}
]
}
],
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8.6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/torvalds/linux/commit/6c42227c3467549ddc65efe99c869021d2f4a570",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

74
CVE-2022/CVE-2022-283xx/CVE-2022-28357.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2022-28357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T02:15:54.497",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:26:22.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account."
},
{
"lang": "es",
"value": "NATS nats-server 2.2.0 a 2.7.4 permite el Directory Traversal debido a una ruta de acceso no deseada a una acci\u00f3n de administraci\u00f3n desde una cuenta de administraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:nats-server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndIncluding": "2.7.4",
"matchCriteriaId": "CDD1823D-FE1A-4931-9E4A-D1D21C35E9DF"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://advisories.nats.io/CVE/CVE-2022-28357.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/nats-io/nats-server/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

103
CVE-2023/CVE-2023-202xx/CVE-2023-20243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20243",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-06T18:15:08.133",
"lastModified": "2023-09-07T01:10:21.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:02:44.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +54,87 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A1E81F86-7ED6-4D6C-8DAF-09EB2A7BC496"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
"matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
"matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch6:*:*:*:*:*:*",
"matchCriteriaId": "FEA5210C-E674-4C4B-9EB3-C681C70005B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "7EEEA06A-AD58-48D3-8975-B21A961985B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "ED937BCD-60F7-4555-99D8-B6229214FA73"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radius-dos-W7cNn7gt",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-261xx/CVE-2023-26142.json
View File

@ -1,19 +1,43 @@
{
"id": "CVE-2023-26142",
"sourceIdentifier": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-12T05:15:41.467",
"lastModified": "2023-09-12T11:52:00.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:36:09.690",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content."
},
{
"lang": "es",
"value": "Todas las versiones del paquete Crow son vulnerables a la Divisi\u00f3n de Respuestas HTTP cuando se utiliza la entrada de usuario que no es de confianza para crear valores de encabezado. Los valores de encabezado no sanitizados correctamente contra la inyecci\u00f3n de CRLF en las funciones set_header y add_header. Un atacante puede agregar los caracteres \\r\\n (saltos de l\u00ednea de retorno de carro) para finalizar los encabezados de respuesta HTTP e inyectar contenido malintencionado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crowcpp:crow:1.0\\+5:*:*:*:*:*:*:*",
"matchCriteriaId": "461EADED-C1F0-4C32-9E68-C9A96AA67F03"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/dellalibera/9247769cc90ed96c0d72ddbcba88c65c",
"source": "bae035ff-b466-4ff4-94d0-fc9efd9e1730"
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-CROW-5665556",
"source": "bae035ff-b466-4ff4-94d0-fc9efd9e1730"
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-29xx/CVE-2023-2995.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-2995",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-19T20:15:09.120",
"lastModified": "2023-09-19T21:20:45.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/762ff2ca-5c1f-49ae-b83c-1c22bacbc82f",
"source": "contact@wpscan.com"
}
]
}

74
CVE-2023/CVE-2023-326xx/CVE-2023-32665.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32665",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.883",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:06:11.567",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant es vulnerable a un problema de explosi\u00f3n exponencial en el que un GVariant manipulado puede provocar un procesamiento excesivo y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.74.4",
"matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-32665",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211827",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2121",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-338xx/CVE-2023-33831.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-33831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T20:15:09.377",
"lastModified": "2023-09-19T03:37:34.150",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:24:14.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) en el punto de enlace /api/runscript de FUXA 1.1.13 permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de una solicitud POST manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frangoteam:fuxa:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDD9039-4BAC-4A1A-B9C5-AAB831CA19D8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rodolfomarianocy/Unauthenticated-RCE-FUXA-CVE-2023-33831",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/Xxa6yRB2Fpw",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

66
CVE-2023/CVE-2023-349xx/CVE-2023-34999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34999",
"sourceIdentifier": "psirt@bosch.com",
"published": "2023-09-18T11:15:41.867",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:23:55.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "psirt@bosch.com",
"type": "Secondary",
@ -50,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:rts_vlink_virtual_matrix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.7.6",
"matchCriteriaId": "CB340A4E-132C-46A5-8A80-B1A4C45A2CE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bosch:rts_vlink_virtual_matrix:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.5.0",
"matchCriteriaId": "E6A940F1-AF61-43F8-BABA-2E14EAD2E0D4"
}
]
}
]
}
],
"references": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-893251-BT.html",
"source": "psirt@bosch.com"
"source": "psirt@bosch.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-376xx/CVE-2023-37611.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-37611",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T22:15:45.803",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:24:44.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Neos CMS 8.3.3 permite a un atacante autenticado remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo SVG manipulado en el componente neos/management/media."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:neos:neos_cms:8.3.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EA17E5E-AA2C-4F96-994F-089C18578888"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://rodelllemit.medium.com/stored-xss-in-neo-cms-8-3-3-9bd1cb973c5b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

83
CVE-2023/CVE-2023-37xx/CVE-2023-3710.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3710",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-09-12T20:15:09.387",
"lastModified": "2023-09-12T20:41:39.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:42:18.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Validaci\u00f3n de Entrada Incorrecta en Honeywell PM43 en 32 bits, ARM (m\u00f3dulos de p\u00e1gina web de impresora) permite la Inyecci\u00f3n de Comandos. Este problema afecta a las versiones de PM43 anteriores a P10.19.050004. Actualice a la \u00faltima versi\u00f3n de firmware disponible de las respectivas impresoras a la versi\u00f3n MR19.5 (por ejemplo, P10.19.050006)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,18 +80,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "p10.19.050004",
"matchCriteriaId": "A8838609-3252-452F-A122-F454379006BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "C5F24450-6D4D-4F32-A2E3-E06EA0466CD7"
}
]
}
]
}
],
"references": [
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

83
CVE-2023/CVE-2023-37xx/CVE-2023-3711.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3711",
"sourceIdentifier": "psirt@honeywell.com",
"published": "2023-09-12T20:15:09.593",
"lastModified": "2023-09-12T20:41:39.640",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:35:35.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Fijaci\u00f3n de Sesi\u00f3n en Honeywell PM43 en 32 bits, ARM (M\u00f3dulos de p\u00e1gina web de impresora) permite la falsificaci\u00f3n de credenciales de sesi\u00f3n mediante predicci\u00f3n. Este problema afecta a las versiones de PM43 anteriores a P10.19.050004. Actualice a la \u00faltima versi\u00f3n de firmware disponible de las respectivas impresoras a la versi\u00f3n MR19.5 (por ejemplo, P10.19.050006)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
},
{
"source": "psirt@honeywell.com",
"type": "Secondary",
@ -46,18 +80,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "p10.19.050004",
"matchCriteriaId": "A8838609-3252-452F-A122-F454379006BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "C5F24450-6D4D-4F32-A2E3-E06EA0466CD7"
}
]
}
]
}
],
"references": [
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.honeywell.com/us/en/product-security",
"source": "psirt@honeywell.com"
"source": "psirt@honeywell.com",
"tags": [
"Product"
]
}
]
}

72
CVE-2023/CVE-2023-390xx/CVE-2023-39039.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-39039",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T21:15:54.923",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:24:37.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
},
{
"lang": "es",
"value": "Una fuga de informaci\u00f3n en Camp Style Project Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:camp_style_project_line_project:camp_style_project_line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB868138-6A02-4A55-983E-83351F96C699"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://camp.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39039.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

73
CVE-2023/CVE-2023-390xx/CVE-2023-39040.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-39040",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T21:15:54.987",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:24:29.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
},
{
"lang": "es",
"value": "Una fuga de informaci\u00f3n en Cheese Cafe Line v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cheese_cafe_line_project:cheese_cafe_line:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BB12C18-B464-493B-B8F0-D5AAC3BDE692"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://cheese.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39040.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-390xx/CVE-2023-39049.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-39049",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T22:15:46.850",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:24:54.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
},
{
"lang": "es",
"value": "Una fuga de informaci\u00f3n en youmart-tokunaga v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:youmart-tokunaga_project:youmart-tokunaga:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E64A187-7A2E-411E-B049-74C183EB2C92"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://youmart-tokunaga.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39049.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-390xx/CVE-2023-39056.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-39056",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T22:15:46.983",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:25:03.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages."
},
{
"lang": "es",
"value": "Una fuga de informaci\u00f3n en Coffee-jumbo v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes manipulados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:coffee-jumbo_project:coffee-jumbo:13.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61C06F96-46E7-4512-9832-FD52BCFBCE0C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://coffee-jumbo.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39056.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

78
CVE-2023/CVE-2023-407xx/CVE-2023-40788.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-40788",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T00:15:34.993",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:25:17.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs"
},
{
"lang": "es",
"value": "SpringBlade &lt;=V3.6.0 es vulnerable al Control de Acceso Incorrecto debido a una configuraci\u00f3n incorrecta en la puerta de enlace predeterminada, lo que provoca un acceso no autorizado a los registros de errores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bladex:springblade:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.6.0",
"matchCriteriaId": "9DF00232-4413-4BF2-9629-CFF393069820"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/kaliwin/89276ec7e97f9529c989bd77706c29c7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/chillzhuang/SpringBlade",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/chillzhuang/SpringBlade/blob/master/blade-gateway/src/main/java/org/springblade/gateway/provider/AuthProvider.java",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2023/CVE-2023-408xx/CVE-2023-40868.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40868",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T22:15:08.487",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:44:25.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en mooSocial mooSocial Software 3.1.6 y 3.1.7 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para las funciones edit_menu, copuon y group_categorias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:moosocial:moosocial:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63B6C8E2-FC6C-4C91-8943-5B3046FFB57D"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MinoTauro2020/CVE-2023-40868",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-413xx/CVE-2023-41349.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41349",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2023-09-18T03:15:08.113",
"lastModified": "2023-09-18T13:27:02.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:23:04.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:asus:rt-ax88u_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0.4.388.23748",
"matchCriteriaId": "478237D3-96B5-45FA-8953-006AA06B5AE8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:asus:rt-ax88u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB91E047-5AE1-4CA0-9E67-84170D79770C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7371-aecf1-1.html",
"source": "twcert@cert.org.tw"
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-415xx/CVE-2023-41599.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-41599",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T02:15:58.607",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:26:38.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal."
},
{
"lang": "es",
"value": "Un problema en el componente common/DownController.java de JFinalCMS v5.0.0 permite a los atacantes ejecutar un Directory Traversal. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

10
CVE-2023/CVE-2023-418xx/CVE-2023-41834.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41834",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-19T13:16:22.333",
"lastModified": "2023-09-19T13:23:09.283",
"lastModified": "2023-09-19T21:15:25.203",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests.\u00a0Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. \n\nUsers should upgrade to Apache Flink Stateful Functions version 3.3.0."
},
{
"lang": "es",
"value": "La Neutralizaci\u00f3n Inadecuada de Secuencias CRLF en encabezados HTTP en Apache Flink Stateful Functions 3.1.0, 3.1.1 y 3.2.0 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y realizar ataques de divisi\u00f3n de respuestas HTTP a trav\u00e9s de solicitudes HTTP manipuladas. Los atacantes podr\u00edan potencialmente inyectar contenido malicioso en la respuesta HTTP que se env\u00eda al navegador del usuario. Los usuarios deben actualizar a Apache Flink Stateful Functions versi\u00f3n 3.3.0."
}
],
"metrics": {},
@ -28,6 +32,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/19/3",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm",
"source": "security@apache.org"

63
CVE-2023/CVE-2023-423xx/CVE-2023-42359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42359",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T12:15:07.633",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:24:04.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,66 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el Exam Form Submission en PHP con C\u00f3digo Fuente v.1.0 permite a un atacante remoto escalar privilegios a trav\u00e9s del par\u00e1metro val-username en /index.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:exam_form_submission_in_php_with_source_code_project:exam_form_submission_in_php_with_source_code:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5886ACEB-7D3E-4F92-AC69-FB0197134382"
}
]
}
]
}
],
"references": [
{
"url": "https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

32
CVE-2023/CVE-2023-43xx/CVE-2023-4376.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-4376",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-19T20:15:09.380",
"lastModified": "2023-09-19T21:20:45.337",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"weaknesses": [
{
"source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/13910e52-5302-4252-8bee-49dd1f0e180a",
"source": "contact@wpscan.com"
}
]
}

180
CVE-2023/CVE-2023-45xx/CVE-2023-4501.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4501",
"sourceIdentifier": "security@opentext.com",
"published": "2023-09-12T19:15:36.333",
"lastModified": "2023-09-12T19:38:09.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:53:36.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n"
},
{
"lang": "es",
"value": "La autenticaci\u00f3n de usuario con credenciales de nombre de usuario y contrase\u00f1a no es efectiva en OpenText (Micro Focus), Visual COBOL, COBOL Server, Enterprise Developer y Enterprise Server (incluidas variantes de productos como Enterprise Test Server), versiones 7.0, actualizaciones de parches 19 y 20, actualizaciones de parches 8.0 8. y 9, y 9.0 update 1 del parche, cuando se utiliza la autenticaci\u00f3n basada en LDAP con ciertas configuraciones. Cuando la vulnerabilidad est\u00e1 activa, la autenticaci\u00f3n se realiza correctamente con cualquier nombre de usuario v\u00e1lido, independientemente de si la contrase\u00f1a es correcta; tambi\u00e9n puede tener \u00e9xito con un nombre de usuario no v\u00e1lido (y cualquier contrase\u00f1a). Esto permite que un atacante con acceso al producto se haga pasar por cualquier usuario. Mitigaciones: el problema se corrige en la pr\u00f3xima actualizaci\u00f3n del parche para cada producto afectado. Las superposiciones de productos y las instrucciones para solucionar el problema est\u00e1n disponibles a trav\u00e9s del soporte de OpenText. Se cree que las configuraciones vulnerables son poco comunes. Los administradores pueden probar la vulnerabilidad en sus instalaciones intentando iniciar sesi\u00f3n en un componente de Visual COBOL o Enterprise Server como ESCWA utilizando un nombre de usuario v\u00e1lido y una contrase\u00f1a incorrecta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@opentext.com",
"type": "Secondary",
@ -58,10 +92,150 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:cobol_server:7.0:patch_update_19:*:*:*:*:*:*",
"matchCriteriaId": "051D2BF3-E6AF-432D-A280-ECEE8550868F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:cobol_server:7.0:patch_update_20:*:*:*:*:*:*",
"matchCriteriaId": "14458049-2D88-4185-B005-750078A50B94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:cobol_server:8.0:patch_update_8:*:*:*:*:*:*",
"matchCriteriaId": "41FC671B-3CE4-4D60-9EE6-77392961F101"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:cobol_server:8.0:patch_update_9:*:*:*:*:*:*",
"matchCriteriaId": "74A7D0F5-5FAD-45BC-BF96-0CAD4B45B672"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:cobol_server:9.0:patch_update_1:*:*:*:*:*:*",
"matchCriteriaId": "2D74FA59-98F4-4BC4-A2A9-E0BBEC527563"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:7.0:patch_update_19:*:*:*:*:*:*",
"matchCriteriaId": "6B6400C4-4DBA-4289-89D9-58147774D63B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:7.0:patch_update_20:*:*:*:*:*:*",
"matchCriteriaId": "A64B3C61-3D58-4E50-AD4A-118F7E490504"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:8.0:patch_update_8:*:*:*:*:*:*",
"matchCriteriaId": "3AFC7ED5-CF0A-4764-ABF5-6643C346B19F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:8.0:patch_update_9:*:*:*:*:*:*",
"matchCriteriaId": "7201C9F4-16BB-484E-9178-6355348C3B95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:9.0:patch_update_1:*:*:*:*:*:*",
"matchCriteriaId": "029A2BF3-3692-4B35-A0EF-ED1740BF6986"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_server:7.0:patch_update_19:*:*:*:*:*:*",
"matchCriteriaId": "832BDC0E-2BA9-403C-BBFE-991698CF2A96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_server:7.0:patch_update_20:*:*:*:*:*:*",
"matchCriteriaId": "81B56797-AF56-4F6A-9C3E-9444E4F2886E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_server:8.0:patch_update_8:*:*:*:*:*:*",
"matchCriteriaId": "1BCE1129-4573-4720-9F25-9F0D41808B71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_server:8.0:patch_update_9:*:*:*:*:*:*",
"matchCriteriaId": "BD5D4016-28FD-4818-884F-0D24D13C99EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_server:9.0:patch_update_1:*:*:*:*:*:*",
"matchCriteriaId": "E5631EB2-3A88-4DC4-B636-65EC1F021924"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_test_server:7.0:patch_update_19:*:*:*:*:*:*",
"matchCriteriaId": "D2293874-EC8A-4BAC-B0F7-F5B3E50B39FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_test_server:7.0:patch_update_20:*:*:*:*:*:*",
"matchCriteriaId": "50CD685C-7DB2-49FA-9787-8222AFA7EC44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_test_server:8.0:patch_update_8:*:*:*:*:*:*",
"matchCriteriaId": "D2E0598D-B7B2-4419-805E-6F116230D74C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_test_server:8.0:patch_update_9:*:*:*:*:*:*",
"matchCriteriaId": "2C8C6917-6B5C-449F-AD59-2ADBCCAA2136"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:enterprise_test_server:9.0:patch_update_1:*:*:*:*:*:*",
"matchCriteriaId": "B7EDD7A0-0C20-4560-8D3A-0C6FC14C15CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:visual_cobol:7.0:patch_update_19:*:*:*:*:*:*",
"matchCriteriaId": "7FB32C35-E606-49B2-A5AE-01C5E4840956"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:visual_cobol:7.0:patch_update_20:*:*:*:*:*:*",
"matchCriteriaId": "9D0E7EF8-2FF4-4310-85CA-B7943E37650C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:visual_cobol:8.0:patch_update_8:*:*:*:*:*:*",
"matchCriteriaId": "ECFE25B2-E3D1-410B-A596-EB973DE458A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:visual_cobol:8.0:patch_update_9:*:*:*:*:*:*",
"matchCriteriaId": "5D593286-E24C-4903-842A-EE5EFA1FF1C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microfocus:visual_cobol:9.0:patch_update_1:*:*:*:*:*:*",
"matchCriteriaId": "7ED74B78-831A-4799-8507-8B1AD3C02DFB"
}
]
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000021287",
"source": "security@opentext.com"
"source": "security@opentext.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-48xx/CVE-2023-4893.json
View File

@ -1,20 +1,44 @@
{
"id": "CVE-2023-4893",
"sourceIdentifier": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-12T02:15:13.920",
"lastModified": "2023-09-12T11:52:00.047",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:27:47.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
},
{
"lang": "es",
"value": "El complemento Crayon Syntax Highlighter para WordPress es vulnerable a la falsificaci\u00f3n de solicitudes del lado del servidor a trav\u00e9s del c\u00f3digo corto 'crayon' en versiones hasta, e incluyendo, 2.8.4. Esto puede permitir a los atacantes autenticados con permisos de nivel de colaborador o superiores realizar solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se puede usar para consultar y modificar informaci\u00f3n de servicios internos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aramk:crayon-syntax-highlighter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8.4",
"matchCriteriaId": "B841EEC3-12B4-466C-A1C1-88C48081967B"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/crayon-syntax-highlighter/trunk/crayon_highlighter.class.php#L83",
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/527f75f1-6361-4e16-8ae4-d38ca4589811?source=cve",
"source": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-49xx/CVE-2023-4972.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-4972",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-14T20:15:13.403",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T20:00:25.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de gesti\u00f3n de privilegios inadecuada en Yepas Digital Yepas permite recopilar datos proporcionados por los usuarios. Este problema afecta ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yepas:digital_yepas:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.1",
"matchCriteriaId": "5BE3506D-F955-4B85-B23E-F1D9B9669955"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0526",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5031",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-18T02:15:51.220",
"lastModified": "2023-09-18T13:27:02.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T21:22:47.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrapid:rapidcms:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CF166-4A08-45F5-9577-38D3CE25AFBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/rapidcms-vul/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.239875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239875",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-50xx/CVE-2023-5060.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5060",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-19T03:15:08.597",
"lastModified": "2023-09-19T03:37:18.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-19T21:26:49.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.9.1",
"matchCriteriaId": "04770B08-4512-4631-ACCF-B2A7E2367947"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-19T20:00:24.755970+00:00
2023-09-19T22:00:24.982772+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-19T19:58:56.997000+00:00
2023-09-19T21:26:49+00:00
```
### Last Data Feed Release
@ -29,43 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225837
225839
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `2`
* [CVE-2023-2995](CVE-2023/CVE-2023-29xx/CVE-2023-2995.json) (`2023-09-19T20:15:09.120`)
* [CVE-2023-4376](CVE-2023/CVE-2023-43xx/CVE-2023-4376.json) (`2023-09-19T20:15:09.380`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `25`
* [CVE-2020-11978](CVE-2020/CVE-2020-119xx/CVE-2020-11978.json) (`2023-09-19T18:15:16.607`)
* [CVE-2020-13927](CVE-2020/CVE-2020-139xx/CVE-2020-13927.json) (`2023-09-19T18:15:16.797`)
* [CVE-2023-39285](CVE-2023/CVE-2023-392xx/CVE-2023-39285.json) (`2023-09-19T18:00:45.343`)
* [CVE-2023-39286](CVE-2023/CVE-2023-392xx/CVE-2023-39286.json) (`2023-09-19T18:04:08.670`)
* [CVE-2023-26067](CVE-2023/CVE-2023-260xx/CVE-2023-26067.json) (`2023-09-19T18:15:16.977`)
* [CVE-2023-26068](CVE-2023/CVE-2023-260xx/CVE-2023-26068.json) (`2023-09-19T18:15:17.397`)
* [CVE-2023-4987](CVE-2023/CVE-2023-49xx/CVE-2023-4987.json) (`2023-09-19T18:15:17.673`)
* [CVE-2023-41011](CVE-2023/CVE-2023-410xx/CVE-2023-41011.json) (`2023-09-19T18:17:34.377`)
* [CVE-2023-41160](CVE-2023/CVE-2023-411xx/CVE-2023-41160.json) (`2023-09-19T18:23:34.110`)
* [CVE-2023-40957](CVE-2023/CVE-2023-409xx/CVE-2023-40957.json) (`2023-09-19T18:28:38.510`)
* [CVE-2023-40958](CVE-2023/CVE-2023-409xx/CVE-2023-40958.json) (`2023-09-19T18:28:54.250`)
* [CVE-2023-4669](CVE-2023/CVE-2023-46xx/CVE-2023-4669.json) (`2023-09-19T18:32:49.497`)
* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-09-19T18:38:11.833`)
* [CVE-2023-4965](CVE-2023/CVE-2023-49xx/CVE-2023-4965.json) (`2023-09-19T18:40:16.173`)
* [CVE-2023-4676](CVE-2023/CVE-2023-46xx/CVE-2023-4676.json) (`2023-09-19T18:45:20.783`)
* [CVE-2023-29499](CVE-2023/CVE-2023-294xx/CVE-2023-29499.json) (`2023-09-19T18:53:27.373`)
* [CVE-2023-32636](CVE-2023/CVE-2023-326xx/CVE-2023-32636.json) (`2023-09-19T18:59:27.957`)
* [CVE-2023-22513](CVE-2023/CVE-2023-225xx/CVE-2023-22513.json) (`2023-09-19T19:15:51.607`)
* [CVE-2023-40955](CVE-2023/CVE-2023-409xx/CVE-2023-40955.json) (`2023-09-19T19:19:05.487`)
* [CVE-2023-40956](CVE-2023/CVE-2023-409xx/CVE-2023-40956.json) (`2023-09-19T19:19:23.003`)
* [CVE-2023-41592](CVE-2023/CVE-2023-415xx/CVE-2023-41592.json) (`2023-09-19T19:20:55.553`)
* [CVE-2023-42362](CVE-2023/CVE-2023-423xx/CVE-2023-42362.json) (`2023-09-19T19:34:03.287`)
* [CVE-2023-38912](CVE-2023/CVE-2023-389xx/CVE-2023-38912.json) (`2023-09-19T19:38:08.673`)
* [CVE-2023-3712](CVE-2023/CVE-2023-37xx/CVE-2023-3712.json) (`2023-09-19T19:58:56.997`)
* [CVE-2020-36766](CVE-2020/CVE-2020-367xx/CVE-2020-36766.json) (`2023-09-19T21:23:38.407`)
* [CVE-2022-28357](CVE-2022/CVE-2022-283xx/CVE-2022-28357.json) (`2023-09-19T21:26:22.240`)
* [CVE-2023-4972](CVE-2023/CVE-2023-49xx/CVE-2023-4972.json) (`2023-09-19T20:00:25.687`)
* [CVE-2023-32665](CVE-2023/CVE-2023-326xx/CVE-2023-32665.json) (`2023-09-19T20:06:11.567`)
* [CVE-2023-4893](CVE-2023/CVE-2023-48xx/CVE-2023-4893.json) (`2023-09-19T20:27:47.997`)
* [CVE-2023-3711](CVE-2023/CVE-2023-37xx/CVE-2023-3711.json) (`2023-09-19T20:35:35.727`)
* [CVE-2023-26142](CVE-2023/CVE-2023-261xx/CVE-2023-26142.json) (`2023-09-19T20:36:09.690`)
* [CVE-2023-3710](CVE-2023/CVE-2023-37xx/CVE-2023-3710.json) (`2023-09-19T20:42:18.100`)
* [CVE-2023-40868](CVE-2023/CVE-2023-408xx/CVE-2023-40868.json) (`2023-09-19T20:44:25.837`)
* [CVE-2023-4501](CVE-2023/CVE-2023-45xx/CVE-2023-4501.json) (`2023-09-19T20:53:36.317`)
* [CVE-2023-20243](CVE-2023/CVE-2023-202xx/CVE-2023-20243.json) (`2023-09-19T21:02:44.640`)
* [CVE-2023-41834](CVE-2023/CVE-2023-418xx/CVE-2023-41834.json) (`2023-09-19T21:15:25.203`)
* [CVE-2023-5031](CVE-2023/CVE-2023-50xx/CVE-2023-5031.json) (`2023-09-19T21:22:47.907`)
* [CVE-2023-41349](CVE-2023/CVE-2023-413xx/CVE-2023-41349.json) (`2023-09-19T21:23:04.903`)
* [CVE-2023-34999](CVE-2023/CVE-2023-349xx/CVE-2023-34999.json) (`2023-09-19T21:23:55.247`)
* [CVE-2023-42359](CVE-2023/CVE-2023-423xx/CVE-2023-42359.json) (`2023-09-19T21:24:04.917`)
* [CVE-2023-33831](CVE-2023/CVE-2023-338xx/CVE-2023-33831.json) (`2023-09-19T21:24:14.833`)
* [CVE-2023-39040](CVE-2023/CVE-2023-390xx/CVE-2023-39040.json) (`2023-09-19T21:24:29.890`)
* [CVE-2023-39039](CVE-2023/CVE-2023-390xx/CVE-2023-39039.json) (`2023-09-19T21:24:37.420`)
* [CVE-2023-37611](CVE-2023/CVE-2023-376xx/CVE-2023-37611.json) (`2023-09-19T21:24:44.943`)
* [CVE-2023-39049](CVE-2023/CVE-2023-390xx/CVE-2023-39049.json) (`2023-09-19T21:24:54.373`)
* [CVE-2023-39056](CVE-2023/CVE-2023-390xx/CVE-2023-39056.json) (`2023-09-19T21:25:03.967`)
* [CVE-2023-40788](CVE-2023/CVE-2023-407xx/CVE-2023-40788.json) (`2023-09-19T21:25:17.007`)
* [CVE-2023-41599](CVE-2023/CVE-2023-415xx/CVE-2023-41599.json) (`2023-09-19T21:26:38.307`)
* [CVE-2023-5060](CVE-2023/CVE-2023-50xx/CVE-2023-5060.json) (`2023-09-19T21:26:49.000`)
## Download and Usage