admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-19T14:00:23.924866+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-19 14:00:27 +00:00
parent a6ee7223fe
commit cb7fc52b29
47 changed files with 2204 additions and 173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2022/CVE-2022-475xx/CVE-2022-47553.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47553",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:18.183",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47554.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47554",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:19.653",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47555.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47555",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.057",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47556.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47556",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.480",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47557.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47557",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:20.843",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2022/CVE-2022-475xx/CVE-2022-47558.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-47558",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:21.193",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
"source": "cve-coordination@incibe.es"
}
]
}

91
CVE-2022/CVE-2022-476xx/CVE-2022-47631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-47631",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T22:15:07.733",
"lastModified": "2023-09-18T16:15:44.813",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:45:24.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,98 @@
"value": "Razer Synapse hasta 3.7.1209.121307 permite la escalada de privilegios debido a una ruta de instalaci\u00f3n insegura y una gesti\u00f3n de privilegios inadecuada. Los atacantes pueden colocar archivos DLL en %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin si lo hacen antes de que se instale el servicio y si niegan el acceso de escritura al usuario SISTEMA. Aunque el servicio no se iniciar\u00e1 si detecta archivos DLL maliciosos en este directorio, los atacantes pueden aprovechar una condici\u00f3n de ejecuci\u00f3n y reemplazar un DLL v\u00e1lido (es decir, una copia de una DLL leg\u00edtimo de Razer) con una DLL malicioso despu\u00e9s de que el servicio ya haya verificado el archivo. Como resultado, los usuarios locales de Windows pueden abusar del instalador del controlador Razer para obtener privilegios administrativos en Windows."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:razer:synapse:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.0428.042117",
"matchCriteriaId": "543A3C36-9FE8-4D27-BD5C-9F98E62AF976"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174696/Razer-Synapse-Race-Condition-DLL-Hijacking.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-002.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-07xx/CVE-2023-0773.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0773",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-09-19T10:15:07.743",
"lastModified": "2023-09-19T10:15:07.743",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-239xx/CVE-2023-23957.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-23957",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-09-19T13:16:21.653",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user can see and modify the value for \u2018next\u2019 query parameter in Symantec Identity Portal 14.4"
}
],
"metrics": {},
"references": [
{
"url": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22544",
"source": "secure@symantec.com"
}
]
}

8
CVE-2023/CVE-2023-25xx/CVE-2023-2567.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-2567",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:19.333",
"lastModified": "2023-09-19T11:16:19.333",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Nozomi Networks Guardian y CMC, debido a una validaci\u00f3n de entrada incorrecta en ciertos par\u00e1metros utilizados en la funcionalidad de consulta, permite a un atacante autenticado ejecutar consultas SQL arbitrarias en el DBMS utilizado por la aplicaci\u00f3n web. Los usuarios autenticados pueden extraer informaci\u00f3n arbitraria del DBMS de forma incontrolada. "
}
],
"metrics": {

8
CVE-2023/CVE-2023-261xx/CVE-2023-26143.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-26143",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-19T05:17:10.443",
"lastModified": "2023-09-19T05:17:10.443",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options."
},
{
"lang": "es",
"value": "Las versiones del paquete blamer anteriores a 1.0.4 son vulnerables a la inyecci\u00f3n Arbitraria de Argumentos a trav\u00e9s de la API blameByFile(). La librer\u00eda no sanitiza la entrada del usuario ni valida que la ruta de archivo dada se ajuste a un esquema espec\u00edfico, ni pasa correctamente los indicadores de l\u00ednea de comandos al binario git utilizando los caracteres POSIX de doble gui\u00f3n (--) para comunicar el final de las opciones. "
}
],
"metrics": {

8
CVE-2023/CVE-2023-292xx/CVE-2023-29245.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-29245",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:18.100",
"lastModified": "2023-09-19T11:16:18.100",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.\n\nMalicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.\n\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nozomi Networks Guardian y CMC, debido a una validaci\u00f3n de entrada incorrecta en ciertos campos utilizados en la funcionalidad Asset Intelligence de nuestro IDS, puede permitir que un atacante no autenticado ejecute sentencias SQL arbitrarias en el DBMS utilizado por la aplicaci\u00f3n web mediante el env\u00edo especial paquetes de red maliciosos manipulados. Los usuarios maliciosos con amplios conocimientos sobre el sistema subyacente pueden extraer informaci\u00f3n arbitraria del DBMS de forma incontrolada o alterar su estructura y datos."
}
],
"metrics": {

4
CVE-2023/CVE-2023-321xx/CVE-2023-32184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32184",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-19T10:15:12.497",
"lastModified": "2023-09-19T10:15:12.497",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-321xx/CVE-2023-32186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32186",
"sourceIdentifier": "meissner@suse.de",
"published": "2023-09-19T10:15:13.357",
"lastModified": "2023-09-19T10:15:13.357",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-326xx/CVE-2023-32649.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-32649",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2023-09-19T11:16:20.297",
"lastModified": "2023-09-19T11:16:20.297",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.\n\n\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Denegaci\u00f3n de Servicio (Dos) en Nozomi Networks Guardian y CMC, debido a una validaci\u00f3n de entrada incorrecta en ciertos campos utilizados en la funcionalidad de inteligencia de activos de nuestro IDS, permite a un atacante no autenticado bloquear el m\u00f3dulo IDS enviando paquetes de red con formato incorrecto especialmente manipulado. Durante el per\u00edodo de tiempo (limitado) antes de que el m\u00f3dulo IDS se reinicie autom\u00e1ticamente, es posible que no se analice el tr\u00e1fico de red. "
}
],
"metrics": {

68
CVE-2023/CVE-2023-362xx/CVE-2023-36250.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-36250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T17:15:11.643",
"lastModified": "2023-09-14T18:32:35.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:48:27.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record."
},
{
"lang": "es",
"value": "Vulnerabilidad de Inyecci\u00f3n CSV en el rastreador de tiempo de GNOME versi\u00f3n 3.0.2, permite a atacantes locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo .tsv manipulado al crear un nuevo registro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:gnome-time_tracker:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A91BFD-8E83-417F-AF97-C296677C2B55"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-366xx/CVE-2023-36657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T06:15:07.810",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:09:27.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Se puede abusar de las funciones integradas de Windows (atajos de escritorio, narrador) para escalar privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opswat:metadefender_kiosk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndIncluding": "4.6.1.9996",
"matchCriteriaId": "2F6F9662-1B39-4809-9816-76848FA1C2E5"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.opswat.com/mdkiosk",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36657",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-366xx/CVE-2023-36658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T05:15:24.997",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:08:21.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,83 @@
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Tiene una ruta de servicio no citada de la que se puede abusar localmente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opswat:media_validation_agent:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "33DFDE4D-99F5-44E7-B1C9-FDD5192E547A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opswat:metadefender_kiosk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndIncluding": "4.6.1.9996",
"matchCriteriaId": "2F6F9662-1B39-4809-9816-76848FA1C2E5"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.opswat.com/mdkiosk",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36658",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-366xx/CVE-2023-36659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T06:15:08.013",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:09:53.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,77 @@
"value": "Se descubri\u00f3 un problema en OPSWAT MetaDefender KIOSK 4.6.1.9996. Las entradas largas no se procesaron adecuadamente, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de comunicaci\u00f3n)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opswat:metadefender_kiosk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndIncluding": "4.6.1.9996",
"matchCriteriaId": "2F6F9662-1B39-4809-9816-76848FA1C2E5"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.opswat.com/mdkiosk",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "https://docs.opswat.com/mdkiosk/release-notes/cve-2023-36659",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-377xx/CVE-2023-37739.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-37739",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T20:15:10.400",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:40:30.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "i-doit Pro v25 and below was discovered to be vulnerable to path traversal."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que i-doit Pro v25 e inferiores eran vulnerables al path traversal."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-doit:i-doit:*:*:*:*:pro:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "29ACB05B-F001-4365-B125-526E4D4554A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/leekenghwa/CVE-2023-37739---Path-Traversal-in-i-doit-Pro-25-and-below/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/@ray.999/i-doit-pro-v25-path-traversal-cve-2023-37739-4ebb695664bb",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-377xx/CVE-2023-37755.json
View File

@ -2,27 +2,102 @@
"id": "CVE-2023-37755",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T20:15:10.477",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:41:43.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS)."
},
{
"lang": "es",
"value": "i-doit pro 25 e inferiores e I-doit open 25 e inferiores est\u00e1n configurados con credenciales de administrador predeterminadas inseguras, y no hay ninguna advertencia ni mensaje para pedir a los usuarios que cambien la contrase\u00f1a y el nombre de cuenta predeterminados. Los atacantes no autenticados pueden aprovechar esta vulnerabilidad para obtener privilegios de administrador, lo que les permite realizar operaciones arbitrarias del sistema o provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-doit:i-doit:*:*:*:*:open:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "373CFC60-0098-4FD1-AFA0-1D8FDCEF486D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:i-doit:i-doit:*:*:*:*:pro:*:*:*",
"versionEndIncluding": "25",
"matchCriteriaId": "29ACB05B-F001-4365-B125-526E4D4554A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/@ray.999/d7a54030e055",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/@ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-396xx/CVE-2023-39639.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-39639",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.510",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:42:18.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que LeoTheme leoblog hasta v3.1.2 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente LeoBlogBlog::getListBlogs"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leotheme:leoblog:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "3.1.2",
"matchCriteriaId": "1B80C6DF-E628-4BF3-856D-606A5C6B0AA6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/2_community-developer?contributor=190902&id_category=3",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/08/31/leoblog.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-396xx/CVE-2023-39642.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-39642",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.687",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:05:21.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Carts Guru cartsguru hasta v2.4.2 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente CartsGuruCatalogModuleFrontController::display()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carts.guru:cartsguru:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "2.4.3",
"matchCriteriaId": "3959F7EA-69DB-4B64-8299-68D4E8916427"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/remarketing-paniers-abandonnes/22077-carts-guru-marketing-automation-multicanal.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/08/29/cartsguru.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-409xx/CVE-2023-40924.json
View File

@ -2,23 +2,95 @@
"id": "CVE-2023-40924",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-08T13:15:08.127",
"lastModified": "2023-09-08T17:36:26.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:47:13.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SolarView Compact < 6.00 is vulnerable to Directory Traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:contec:solarview_compact_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0",
"matchCriteriaId": "065F2764-DD49-42AC-8862-BE80DD379DCB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:contec:solarview_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B677303-DBF0-44EF-B33C-1C0EAEF82135"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Yobing1/CVE-2023-40924/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33620",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}
]
}

69
CVE-2023/CVE-2023-409xx/CVE-2023-40983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40983",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T04:15:10.243",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:07:11.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar secuencias de comandos maliciosas mediante la inyecci\u00f3n de un payload preparado en el archivo Buscar en Resultados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED"
}
]
}
]
}
],
"references": [
{
"url": "http://webmin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-40xx/CVE-2023-4092.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-4092",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-19T13:16:23.133",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Arconte \u00c1urea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea",
"source": "cve-coordination@incibe.es"
}
]
}

72
CVE-2023/CVE-2023-411xx/CVE-2023-41158.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-41158",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-13T22:15:08.887",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:49:06.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la pesta\u00f1a de programas de tipo MIME en Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo de descripci\u00f3n mientras crean un nuevo programa de tipo MIME."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41158",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

72
CVE-2023/CVE-2023-411xx/CVE-2023-41162.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-41162",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-13T22:15:09.017",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:57:56.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en la pesta\u00f1a del administrador de archivos en Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo de m\u00e1scara de archivos mientras buscan en el men\u00fa desplegable de herramientas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41162",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://webmin.com/tags/webmin-changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

8
CVE-2023/CVE-2023-413xx/CVE-2023-41387.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-41387",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T09:15:07.860",
"lastModified": "2023-09-19T09:15:07.860",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n SQL en el componente flutter_downloader versi\u00f3n 1.11.1 para iOS permite a los atacantes remotos robar tokens de sesi\u00f3n y sobrescribir archivos arbitrarios dentro del contenedor de la aplicaci\u00f3n. La base de datos interna del framework se expone al usuario local si una aplicaci\u00f3n usa las propiedades UIFileSharingEnabled y LSSupportsOpeningDocumentsInPlace. Como resultado, los usuarios locales pueden obtener las mismas primitivas de ataque que los atacantes remotos manipulando la base de datos interna del framework en el dispositivo. "
}
],
"metrics": {},

73
CVE-2023/CVE-2023-415xx/CVE-2023-41588.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-41588",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T20:15:10.840",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:42:29.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el complemento Time to SLA v10.13.5 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro durationFormat."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appfire:time_to_sla:10.13.5:*:*:*:*:jira:*:*",
"matchCriteriaId": "E664172E-A3EA-45B1-AE35-1036B5876FF6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/xsn1210/poc2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/xsn1210/poc2/blob/main/xss%5BTime%20to%20SLA%5D.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-418xx/CVE-2023-41834.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-41834",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-19T13:16:22.333",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests.\u00a0Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. \n\nUsers should upgrade to Apache Flink Stateful Functions version 3.3.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-113"
},
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/cvxcsdyjqc3lysj1tz7s06zwm36zvwrm",
"source": "security@apache.org"
}
]
}

69
CVE-2023/CVE-2023-422xx/CVE-2023-42253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42253",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T12:15:07.580",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:19:47.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Code-Projects Vehicle Management 1.0 es vulnerable a Cross Site Scripting (XSS) al Agregar Cuentas a trav\u00e9s de Invoice No, To, y Mammul. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vehicle_management_project:vehicle_management:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2AD25F-FE85-4D6F-9FDD-2439840FE0CB"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/vehicle-management-in-php-with-source-code/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/Arajawat007/e37a131fd7b5f90148fa091a42de8f9d#file-cve-2023-42253",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-423xx/CVE-2023-42399.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42399",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T04:15:55.347",
"lastModified": "2023-09-19T04:15:55.347",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross Site Scripting en xdsoft.net Jodit Editor v.4.0.0-beta.86 permite a un atacante remoto obtener informaci\u00f3n sensible a trav\u00e9s del componente editor de texto enriquecido."
}
],
"metrics": {},

68
CVE-2023/CVE-2023-424xx/CVE-2023-42405.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-42405",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T23:15:08.277",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:41:53.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list()."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en FIT2CLOUD RackShift v1.7.1 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro `sort` en taskService.list(), bareMetalService.list() y switchService.list()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:rackshift:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08D3D59-714E-4B00-992B-59158730E58B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/fit2cloud/rackshift/issues/79",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-425xx/CVE-2023-42503.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2023-42503",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-14T08:15:08.057",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:43:59.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress:\u00a0from 1.22 before 1.24.0.\n\nUsers are recommended to upgrade to version 1.24.0, which fixes the issue.\n\nA third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.\n\nIn version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example \u201c1647221103.5998539\u201d). The impacted fields are \u201catime\u201d, \u201cctime\u201d, \u201cmtime\u201d and \u201cLIBARCHIVE.creationtime\u201d. No input validation is performed prior to the parsing of header values.\n\nParsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as \u201c9e9999999\u201d) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].\n\n[1]: https://issues.apache.org/jira/browse/COMPRESS-612 \n[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 \n[3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html \n[4]: https://bugs.openjdk.org/browse/JDK-6560193 \n[5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 \n\nOnly applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.\n\n"
},
{
"lang": "es",
"value": "\"Vulnerabilidad de Validaci\u00f3n de Entrada Incorrecta, Consumo de Recursos Incontrolado en Apache Commons Compress en el an\u00e1lisis TAR. Este problema afecta a Apache Commons Compress: desde 1.22 antes de 1.24.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.24.0, que soluciona el problema. Un tercero puede crear un archivo TAR malformado manipulando los encabezados de los tiempos de modificaci\u00f3n del archivo, que cuando se analizan con Apache Commons Compress, causar\u00e1n un problema de denegaci\u00f3n de servicio debido al consumo de CPU. En la versi\u00f3n 1.22 de Apache Commons Compress, se soportan tiempos de modificaci\u00f3n de archivos con mayor precisi\u00f3n (problema # COMPRESS-612 [1]). El formato de los encabezados extendidos de PAX que contienen estos datos consta de dos n\u00fameros separados por un punto [2], que indica segundos y precisi\u00f3n de subsegundos (por ejemplo, \u201c1647221103.5998539\u201d). Los campos afectados son \"\"atime\"\", \"\"ctime\"\", \"\"mtime\"\" y \"\"LIBARCHIVE.creationtime\"\". No se realiza ninguna validaci\u00f3n de entrada antes del an\u00e1lisis de los valores del encabezado. El an\u00e1lisis de estos n\u00fameros utiliza la clase BigDecimal [3] del JDK, que tiene un problema de complejidad algor\u00edtmica conocido p\u00fablicamente al realizar operaciones con n\u00fameros grandes, lo que provoca denegaci\u00f3n de servicio (consulte el problema # JDK-6560193 [4]). Un tercero puede manipular los encabezados de tiempo de un archivo TAR colocando un n\u00famero con una fracci\u00f3n muy larga (300.000 d\u00edgitos) o un n\u00famero con notaci\u00f3n de exponente (como \"\"9e9999999\"\") dentro de un encabezado de tiempo de modificaci\u00f3n del archivo y el an\u00e1lisis de los archivos. con estos encabezados llevar\u00e1 horas en lugar de segundos, lo que provocar\u00e1 una denegaci\u00f3n de servicio por agotamiento de los recursos de la CPU. Este problema es similar a CVE-2012-2098 [5]. \n[1]: https://issues.apache.org/jira/browse/COMPRESS-612 \n[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 \n[3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html \n[4]: ??https://bugs.openjdk.org/browse/JDK-6560193 \n[5]: https: //cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098\nSolo se ven afectadas las aplicaciones que utilizan la clase CompressorStreamFactory (con detecci\u00f3n autom\u00e1tica de tipos de archivos), TarArchiveInputStream y TarFile para analizar archivos TAR. Dado que este c\u00f3digo se introdujo en la versi\u00f3n 1.22, solo esa versi\u00f3n y las versiones posteriores se ven afectadas.\""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -27,10 +54,34 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.22",
"versionEndExcluding": "1.24.0",
"matchCriteriaId": "F05475BE-7994-4CCC-A70C-FCBE832D886A"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"URL Repurposed"
]
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4849",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T11:15:14.890",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:29:40.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/TinkAnet/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239258",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239258",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4850.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4850",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T12:15:07.470",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:33:27.320",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RCEraser/cve/blob/main/sql_inject_2.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239259",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239259",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4851",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T12:15:08.300",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:35:45.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/liuqiba12345678/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239260",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239260",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-48xx/CVE-2023-4852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4852",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T13:15:21.123",
"lastModified": "2023-09-10T19:45:57.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:34:27.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/r1pte/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239261",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239261",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-49xx/CVE-2023-4951.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4951",
"sourceIdentifier": "info@greenrocketsecurity.com",
"published": "2023-09-14T17:15:11.927",
"lastModified": "2023-09-14T18:32:35.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:25:40.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting issue was discovered with the pagination function on the \"Client-based Authentication Policy Configuration\" screen of the GreenRADIUS web admin interface.\u00a0This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.\n\n\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de Cross Site Scripting (XSS) con la funci\u00f3n de paginaci\u00f3n en la pantalla \"Client-based Authentication Policy Configuration\" de la interfaz de administraci\u00f3n web de GreenRADIUS. Este problema se encuentra en GreenRADIUS v5.1.1.1 y anteriores. Se incluy\u00f3 una soluci\u00f3n en v5.1.2.2"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "info@greenrocketsecurity.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "info@greenrocketsecurity.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:greenrocketsecurity:greenradius:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.1.1",
"matchCriteriaId": "16CB4C98-635C-4771-B279-78078FB62DA2"
}
]
}
]
}
],
"references": [
{
"url": "https://greenrocketsecurity.com/cve-2023-4951/",
"source": "info@greenrocketsecurity.com"
"source": "info@greenrocketsecurity.com",
"tags": [
"Vendor Advisory"
]
}
]
}

54
CVE-2023/CVE-2023-49xx/CVE-2023-4963.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4963",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-15T03:15:09.187",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:06:35.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webshouters:ws_facebook_like_box_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.0",
"matchCriteriaId": "914B1D89-627F-433D-A47A-5CF387121CEF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ws-facebook-likebox/trunk/includes/shortcodes.php#L22",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-50xx/CVE-2023-5009.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5009",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-09-19T08:16:07.203",
"lastModified": "2023-09-19T08:16:07.203",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones a partir de 13.12 antes de 16.2.7, todas las versiones a partir de 16.3 antes de 16.3.4. Era posible que un atacante ejecutara trabajos de canalizaci\u00f3n como un usuario arbitrario a trav\u00e9s de directivas de an\u00e1lisis de seguridad programadas. Esta fue una omisi\u00f3n de [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) que muestra un impacto adicional. "
}
],
"metrics": {

62
CVE-2023/CVE-2023-50xx/CVE-2023-5033.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5033",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-18T05:15:07.417",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:15:21.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrapid:rapidcms:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CF166-4A08-45F5-9577-38D3CE25AFBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/rapidcms-vul/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239877",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239877",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5034",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-18T05:15:07.500",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:16:59.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:my_food_recipe_project:my_food_recipe:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D25A5E1B-1E03-44B6-BFCA-F4EE570141A9"
}
]
}
]
}
],
"references": [
{
"url": "https://uploaddeimagens.com.br/imagens/bLNdiUE",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239878",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239878",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-50xx/CVE-2023-5036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5036",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-18T06:15:08.267",
"lastModified": "2023-09-18T13:26:56.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-19T13:18:54.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -40,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,16 +70,52 @@
"value": "CWE-352"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:usememos:memos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.15.1",
"matchCriteriaId": "66064CC2-0DF2-4C80-A508-B0E961C260AF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/usememos/memos/commit/97b434722cf0abe3cfcad5ac9e3d520233bf1536",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/46881df7-eb41-4ce2-a78f-82de9bc4fc2d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-50xx/CVE-2023-5054.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5054",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-19T07:15:51.917",
"lastModified": "2023-09-19T07:15:51.917",
"vulnStatus": "Received",
"lastModified": "2023-09-19T13:23:09.283",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer."
},
{
"lang": "es",
"value": "El complemento Super Store Finder para WordPress es vulnerable a la creaci\u00f3n y retransmisi\u00f3n de correo electr\u00f3nico arbitrario no autenticado en versiones hasta la 6.9.2 incluida. Esto se debe a restricciones insuficientes en el archivo sendMail.php que permite el acceso directo. Esto hace posible que atacantes no autenticados env\u00eden correos electr\u00f3nicos utilizando el servidor del sitio vulnerable, con contenido arbitrario. Tenga en cuenta que esta vulnerabilidad ya se ha divulgado p\u00fablicamente con un exploit, por lo que publicamos los detalles sin un parche disponible; estamos intentando iniciar contacto con el desarrollador."
}
],
"metrics": {

63
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-19T12:00:25.767130+00:00
2023-09-19T14:00:23.924866+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-19T11:16:20.297000+00:00
2023-09-19T13:57:56.327000+00:00
```
### Last Data Feed Release
@ -29,38 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225804
225813
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `9`
* [CVE-2023-0773](CVE-2023/CVE-2023-07xx/CVE-2023-0773.json) (`2023-09-19T10:15:07.743`)
* [CVE-2023-32184](CVE-2023/CVE-2023-321xx/CVE-2023-32184.json) (`2023-09-19T10:15:12.497`)
* [CVE-2023-32186](CVE-2023/CVE-2023-321xx/CVE-2023-32186.json) (`2023-09-19T10:15:13.357`)
* [CVE-2023-29245](CVE-2023/CVE-2023-292xx/CVE-2023-29245.json) (`2023-09-19T11:16:18.100`)
* [CVE-2023-2567](CVE-2023/CVE-2023-25xx/CVE-2023-2567.json) (`2023-09-19T11:16:19.333`)
* [CVE-2023-32649](CVE-2023/CVE-2023-326xx/CVE-2023-32649.json) (`2023-09-19T11:16:20.297`)
* [CVE-2022-47553](CVE-2022/CVE-2022-475xx/CVE-2022-47553.json) (`2023-09-19T13:16:18.183`)
* [CVE-2022-47554](CVE-2022/CVE-2022-475xx/CVE-2022-47554.json) (`2023-09-19T13:16:19.653`)
* [CVE-2022-47555](CVE-2022/CVE-2022-475xx/CVE-2022-47555.json) (`2023-09-19T13:16:20.057`)
* [CVE-2022-47556](CVE-2022/CVE-2022-475xx/CVE-2022-47556.json) (`2023-09-19T13:16:20.480`)
* [CVE-2022-47557](CVE-2022/CVE-2022-475xx/CVE-2022-47557.json) (`2023-09-19T13:16:20.843`)
* [CVE-2022-47558](CVE-2022/CVE-2022-475xx/CVE-2022-47558.json) (`2023-09-19T13:16:21.193`)
* [CVE-2023-23957](CVE-2023/CVE-2023-239xx/CVE-2023-23957.json) (`2023-09-19T13:16:21.653`)
* [CVE-2023-41834](CVE-2023/CVE-2023-418xx/CVE-2023-41834.json) (`2023-09-19T13:16:22.333`)
* [CVE-2023-4092](CVE-2023/CVE-2023-40xx/CVE-2023-4092.json) (`2023-09-19T13:16:23.133`)
### CVEs modified in the last Commit
Recently modified CVEs: `13`
Recently modified CVEs: `37`
* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-09-19T10:15:14.610`)
* [CVE-2023-21930](CVE-2023/CVE-2023-219xx/CVE-2023-21930.json) (`2023-09-19T11:15:48.183`)
* [CVE-2023-21937](CVE-2023/CVE-2023-219xx/CVE-2023-21937.json) (`2023-09-19T11:15:52.827`)
* [CVE-2023-21938](CVE-2023/CVE-2023-219xx/CVE-2023-21938.json) (`2023-09-19T11:15:54.207`)
* [CVE-2023-21939](CVE-2023/CVE-2023-219xx/CVE-2023-21939.json) (`2023-09-19T11:15:58.340`)
* [CVE-2023-21954](CVE-2023/CVE-2023-219xx/CVE-2023-21954.json) (`2023-09-19T11:16:00.160`)
* [CVE-2023-21967](CVE-2023/CVE-2023-219xx/CVE-2023-21967.json) (`2023-09-19T11:16:02.327`)
* [CVE-2023-21968](CVE-2023/CVE-2023-219xx/CVE-2023-21968.json) (`2023-09-19T11:16:04.230`)
* [CVE-2023-22006](CVE-2023/CVE-2023-220xx/CVE-2023-22006.json) (`2023-09-19T11:16:08.343`)
* [CVE-2023-22036](CVE-2023/CVE-2023-220xx/CVE-2023-22036.json) (`2023-09-19T11:16:09.930`)
* [CVE-2023-22041](CVE-2023/CVE-2023-220xx/CVE-2023-22041.json) (`2023-09-19T11:16:11.037`)
* [CVE-2023-22045](CVE-2023/CVE-2023-220xx/CVE-2023-22045.json) (`2023-09-19T11:16:11.777`)
* [CVE-2023-22049](CVE-2023/CVE-2023-220xx/CVE-2023-22049.json) (`2023-09-19T11:16:14.407`)
* [CVE-2023-26143](CVE-2023/CVE-2023-261xx/CVE-2023-26143.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-5054](CVE-2023/CVE-2023-50xx/CVE-2023-5054.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-5009](CVE-2023/CVE-2023-50xx/CVE-2023-5009.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-41387](CVE-2023/CVE-2023-413xx/CVE-2023-41387.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-0773](CVE-2023/CVE-2023-07xx/CVE-2023-0773.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-32184](CVE-2023/CVE-2023-321xx/CVE-2023-32184.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-32186](CVE-2023/CVE-2023-321xx/CVE-2023-32186.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-29245](CVE-2023/CVE-2023-292xx/CVE-2023-29245.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-2567](CVE-2023/CVE-2023-25xx/CVE-2023-2567.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-32649](CVE-2023/CVE-2023-326xx/CVE-2023-32649.json) (`2023-09-19T13:23:09.283`)
* [CVE-2023-4951](CVE-2023/CVE-2023-49xx/CVE-2023-4951.json) (`2023-09-19T13:25:40.600`)
* [CVE-2023-4849](CVE-2023/CVE-2023-48xx/CVE-2023-4849.json) (`2023-09-19T13:29:40.430`)
* [CVE-2023-4850](CVE-2023/CVE-2023-48xx/CVE-2023-4850.json) (`2023-09-19T13:33:27.320`)
* [CVE-2023-4852](CVE-2023/CVE-2023-48xx/CVE-2023-4852.json) (`2023-09-19T13:34:27.140`)
* [CVE-2023-4851](CVE-2023/CVE-2023-48xx/CVE-2023-4851.json) (`2023-09-19T13:35:45.163`)
* [CVE-2023-37739](CVE-2023/CVE-2023-377xx/CVE-2023-37739.json) (`2023-09-19T13:40:30.487`)
* [CVE-2023-37755](CVE-2023/CVE-2023-377xx/CVE-2023-37755.json) (`2023-09-19T13:41:43.653`)
* [CVE-2023-42405](CVE-2023/CVE-2023-424xx/CVE-2023-42405.json) (`2023-09-19T13:41:53.263`)
* [CVE-2023-39639](CVE-2023/CVE-2023-396xx/CVE-2023-39639.json) (`2023-09-19T13:42:18.780`)
* [CVE-2023-41588](CVE-2023/CVE-2023-415xx/CVE-2023-41588.json) (`2023-09-19T13:42:29.510`)
* [CVE-2023-42503](CVE-2023/CVE-2023-425xx/CVE-2023-42503.json) (`2023-09-19T13:43:59.493`)
* [CVE-2023-40924](CVE-2023/CVE-2023-409xx/CVE-2023-40924.json) (`2023-09-19T13:47:13.017`)
* [CVE-2023-36250](CVE-2023/CVE-2023-362xx/CVE-2023-36250.json) (`2023-09-19T13:48:27.490`)
* [CVE-2023-41158](CVE-2023/CVE-2023-411xx/CVE-2023-41158.json) (`2023-09-19T13:49:06.557`)
* [CVE-2023-41162](CVE-2023/CVE-2023-411xx/CVE-2023-41162.json) (`2023-09-19T13:57:56.327`)
## Download and Usage