admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-12T19:00:21.077491+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-12 19:00:24 +00:00
parent 9b5f383542
commit cd0c0a8d35
149 changed files with 48330 additions and 416 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2009/CVE-2009-41xx/CVE-2009-4123.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2009-4123",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T16:15:07.407",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation."
}
],
"metrics": {},
"references": [
{
"url": "http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-xgv7-pqqh-h2w9",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml",
"source": "cve@mitre.org"
},
{
"url": "https://web.archive.org/web/20101213091125/http://jruby.org/2009/12/07/vulnerability-in-jruby-openssl",
"source": "cve@mitre.org"
}
]
}

24
CVE-2013/CVE-2013-25xx/CVE-2013-2513.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2013-2513",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T16:15:07.490",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-6325-6g32-7p35",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/flash_tool/CVE-2013-2513.yml",
"source": "cve@mitre.org"
}
]
}

20
CVE-2015/CVE-2015-21xx/CVE-2015-2179.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2015-2179",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.383",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments."
}
],
"metrics": {},
"references": [
{
"url": "http://www.vapid.dhs.org/advisory.php?v=115",
"source": "cve@mitre.org"
}
]
}

28
CVE-2015/CVE-2015-83xx/CVE-2015-8314.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2015-8314",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.450",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-746g-3gfp-hfhw",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/heartcombo/devise/commit/c92996646aba2d25b2c3e235fe0c4f1a84b70d24",
"source": "cve@mitre.org"
},
{
"url": "https://rubysec.com/advisories/CVE-2015-8314/",
"source": "cve@mitre.org"
}
]
}

32
CVE-2018/CVE-2018-161xx/CVE-2018-16153.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2018-16153",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.517",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.opencast.org/r/10.x/admin/#changelog",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-hcxx-mp6g-6gr9",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/opencast/opencast/commit/776d5588f39c61eb04c03bb955416c4f77629d51",
"source": "cve@mitre.org"
},
{
"url": "https://www.apereo.org/projects/opencast/news",
"source": "cve@mitre.org"
}
]
}

32
CVE-2020/CVE-2020-106xx/CVE-2020-10676.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2020-10676",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.580",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project."
}
],
"metrics": {},
"references": [
{
"url": "https://forums.rancher.com/c/announcements",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-8vhc-hwhc-cpj4",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rancher/rancher/releases/tag/v2.6.13",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/rancher/rancher/releases/tag/v2.7.4",
"source": "cve@mitre.org"
}
]
}

4
CVE-2020/CVE-2020-126xx/CVE-2020-12612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-12612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T14:15:07.327",
"lastModified": "2023-12-12T14:15:07.327",
"vulnStatus": "Received",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

24
CVE-2020/CVE-2020-126xx/CVE-2020-12614.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-12614",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.363",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator."
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1",
"source": "cve@mitre.org"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10",
"source": "cve@mitre.org"
}
]
}

24
CVE-2020/CVE-2020-283xx/CVE-2020-28369.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2020-28369",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.450",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp."
}
],
"metrics": {},
"references": [
{
"url": "https://www.beyondtrust.com/privilege-management/windows-mac",
"source": "cve@mitre.org"
},
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-08",
"source": "cve@mitre.org"
}
]
}

60
CVE-2022/CVE-2022-244xx/CVE-2022-24403.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-24403",
"sourceIdentifier": "cert@ncsc.nl",
"published": "2023-12-05T14:15:07.510",
"lastModified": "2023-12-05T15:27:54.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:04:43.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs."
},
{
"lang": "es",
"value": "La funci\u00f3n de cifrado de identidad TETRA TA61 utiliza internamente un valor de 64 bits derivado exclusivamente de SCK (redes Clase 2) o CCK (redes Clase 3). La estructura de TA61 permite una recuperaci\u00f3n eficiente de este valor de 64 bits, lo que permite a un adversario cifrar o descifrar identidades arbitrarias con solo tres pares de identidades cifradas/no cifradas conocidas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
},
{
"source": "cert@ncsc.nl",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA"
}
]
}
]
}
],
"references": [
{
"url": "https://tetraburst.com/",
"source": "cert@ncsc.nl"
"source": "cert@ncsc.nl",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2022/CVE-2022-445xx/CVE-2022-44543.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2022-44543",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.663",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled."
}
],
"metrics": {},
"references": [
{
"url": "https://typo3.org/help/security-advisories",
"source": "cve@mitre.org"
},
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2022-015",
"source": "cve@mitre.org"
}
]
}

59
CVE-2022/CVE-2022-453xx/CVE-2022-45362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45362",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:07.260",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:01:04.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-918"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paytm:payment_gateway:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.0",
"matchCriteriaId": "314EA12B-7C66-491F-93AE-0D5682605636"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paytm-payments/wordpress-paytm-payment-gateway-plugin-2-7-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-202xx/CVE-2023-20275.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20275",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-12-12T18:15:16.520",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-vpn-Y88QOm77",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-217xx/CVE-2023-21740.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-21740",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:16.720",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Media Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21740",
"source": "secure@microsoft.com"
}
]
}

28
CVE-2023/CVE-2023-269xx/CVE-2023-26920.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-26920",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.720",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Sudistark/a5a45bd0804d522a1392cb5023aa7ef7",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/2b032a4f799c63d83991e4f992f1c68e4dd05804",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-793h-6f7r-6qvm",
"source": "cve@mitre.org"
}
]
}

74
CVE-2023/CVE-2023-280xx/CVE-2023-28017.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28017",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-12-07T05:15:07.970",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T15:51:51.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -38,10 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "217197F0-089E-463E-904D-BDB31F929FE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D30E64-F094-4692-A882-CAAA3AFE8C1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108264",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-284xx/CVE-2023-28465.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-28465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.770",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-9654-pr4f-gh6m",
"source": "cve@mitre.org"
},
{
"url": "https://www.smilecdr.com/our-blog",
"source": "cve@mitre.org"
},
{
"url": "https://www.smilecdr.com/our-blog/statement-on-cve-2023-24057-smile-digital-health",
"source": "cve@mitre.org"
}
]
}

1232
CVE-2023/CVE-2023-285xx/CVE-2023-28580.json
View File

File diff suppressed because it is too large Load Diff

7630
CVE-2023/CVE-2023-285xx/CVE-2023-28585.json
View File

File diff suppressed because it is too large Load Diff

8494
CVE-2023/CVE-2023-285xx/CVE-2023-28586.json
View File

File diff suppressed because it is too large Load Diff

5173
CVE-2023/CVE-2023-285xx/CVE-2023-28587.json
View File

File diff suppressed because it is too large Load Diff

5822
CVE-2023/CVE-2023-285xx/CVE-2023-28588.json
View File

File diff suppressed because it is too large Load Diff

24
CVE-2023/CVE-2023-286xx/CVE-2023-28604.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-28604",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.817",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sitegeist/fluid-components/blob/master/Documentation/XssIssue.md",
"source": "cve@mitre.org"
},
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2023-003",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-310xx/CVE-2023-31048.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-31048",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T17:15:07.867",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely."
}
],
"metrics": {},
"references": [
{
"url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-31048.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OPCFoundation/UA-.NETStandard/releases",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/OPCFoundation/UA-.NETStandard/releases/tag/1.4.371.86",
"source": "cve@mitre.org"
}
]
}

10193
CVE-2023/CVE-2023-334xx/CVE-2023-33411.json
View File

File diff suppressed because it is too large Load Diff

51
CVE-2023/CVE-2023-350xx/CVE-2023-35039.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35039",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.360",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:54:28.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de restricci\u00f3n inadecuada de intentos de autenticaci\u00f3n excesivos en Be Devious Web Development Password Reset with Code para la API REST de WordPress permite el abuso de autenticaci\u00f3n. Este problema afecta el restablecimiento de contrase\u00f1a con c\u00f3digo para la API REST de WordPress: desde n/a hasta 0.0.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bedevious:password_reset_with_code_for_wordpress_rest_api:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "0.0.16",
"matchCriteriaId": "0EC5E2E4-D488-448D-8114-3D69166960EE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bdvs-password-reset/wordpress-password-reset-with-code-for-wordpress-rest-api-plugin-0-0-15-privilege-escalation-due-to-weak-pin-generation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35619.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35619",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:16.913",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook for Mac Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35619",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35621.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35621",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.090",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35621",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35622.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35622",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.260",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35622",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35624.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35624",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.440",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure Connected Machine Agent Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35625.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35625",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.620",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35628.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35628",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.807",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows MSHTML Platform Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35628",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35629.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35629",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:17.990",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35629",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35630.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35630",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.183",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35630",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35631.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35631",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.360",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35631",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35632.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35632",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.547",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35632",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35633.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35633",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.760",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35633",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35634.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35634",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:18.937",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Bluetooth Driver Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35634",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35635.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35635",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.107",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35635",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35636.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35636",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.277",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Outlook Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35636",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35638.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35638",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.460",
"lastModified": "2023-12-12T18:58:44.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35638",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35639.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35639",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.643",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35639",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35641.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35641",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.823",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35641",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35642.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35642",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:19.993",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Internet Connection Sharing (ICS) Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35642",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35643.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35643",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.263",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35643",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-356xx/CVE-2023-35644.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-35644",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.517",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Sysmain Service Elevation of Privilege"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35644",
"source": "secure@microsoft.com"
}
]
}

51
CVE-2023/CVE-2023-359xx/CVE-2023-35909.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35909",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.610",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:53:56.970",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de consumo de recursos incontrolado en Saturday Drive Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder para WordPress que conduce a DoS. Este problema afecta a Ninja Forms Contact Form \u2013 The Drag and Drop Form Builder para WordPress: desde n/a hasta 3.6.25."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjaforms:ninja_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.6.26",
"matchCriteriaId": "CD598414-0E33-4984-84D8-92A633BAD957"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-forms/wordpress-ninja-forms-plugin-3-6-25-denial-of-service-attack-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36003.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36003",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.697",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "XAML Diagnostics Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36003",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36004.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36004",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:20.890",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36004",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36005.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36005",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.070",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Server Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36005",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36006.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36006",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.250",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36006",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36009.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36009",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.430",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Word Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36009",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36010.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36010",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.610",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Defender Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36010",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36011.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36011",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.793",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36011",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36012.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36012",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:21.970",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "DHCP Server Service Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36012",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36019.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36019",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:22.157",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Power Platform Connector Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-360xx/CVE-2023-36020.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36020",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:22.333",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36020",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2023/CVE-2023-363xx/CVE-2023-36391.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36391",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:22.510",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Local Security Authority Subsystem Service Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36391",
"source": "secure@microsoft.com"
}
]
}

73
CVE-2023/CVE-2023-366xx/CVE-2023-36655.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-36655",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-06T16:15:07.047",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:39:02.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination."
},
{
"lang": "es",
"value": "La API REST de inicio de sesi\u00f3n en ProLion CryptoSpike 3.0.15P2 (cuando se utiliza LDAP o Active Directory como tienda de usuarios) permite a un usuario bloqueado remoto iniciar sesi\u00f3n y obtener un token de autenticaci\u00f3n especificando un nombre de usuario con una combinaci\u00f3n diferente de caracteres en may\u00fasculas y min\u00fasculas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "51A592E8-274C-4A8A-B925-075FCA82DD22"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://prolion.com/cryptospike/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-366xx/CVE-2023-36696.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-36696",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-12-12T18:15:22.690",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36696",
"source": "secure@microsoft.com"
}
]
}

55
CVE-2023/CVE-2023-386xx/CVE-2023-38694.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38694",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-12T17:15:07.917",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-xxc6-35r7-796w",
"source": "security-advisories@github.com"
}
]
}

113
CVE-2023/CVE-2023-391xx/CVE-2023-39167.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39167",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-07T14:15:07.467",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:43:09.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In\u00a0SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data."
},
{
"lang": "es",
"value": "En SENEC Storage Box V1, V2 y V3, un atacante remoto no autenticado puede obtener los archivos de registro de los dispositivos que contienen datos confidenciales."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,101 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A73E447-D78F-420B-B256-1F157A6DA364"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "300B219B-45CA-44C0-AC39-D94057FA8860"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C542C-CAE3-42A9-BF45-EE6E828A4EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/5",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

110
CVE-2023/CVE-2023-391xx/CVE-2023-39169.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39169",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-07T15:15:07.777",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:57:54.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The affected devices use publicly available default credentials with administrative privileges."
},
{
"lang": "es",
"value": "Los dispositivos afectados utilizan credenciales predeterminadas disponibles p\u00fablicamente con privilegios administrativos."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,98 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A73E447-D78F-420B-B256-1F157A6DA364"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "300B219B-45CA-44C0-AC39-D94057FA8860"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C542C-CAE3-42A9-BF45-EE6E828A4EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/3",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mailing List",
"Not Applicable",
"Third Party Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-391xx/CVE-2023-39171.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39171",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-07T15:15:09.990",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:59:53.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials."
},
{
"lang": "es",
"value": "SENEC Storage Box V1, V2 y V3 exponen accidentalmente una interfaz de usuario de administraci\u00f3n a la que se puede acceder con credenciales de administrador conocidas p\u00fablicamente."
}
],
"metrics": {
@ -46,10 +50,101 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A73E447-D78F-420B-B256-1F157A6DA364"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "300B219B-45CA-44C0-AC39-D94057FA8860"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-06-19",
"matchCriteriaId": "8C6796ED-84F3-47E8-BD21-5CEBC1DD62E0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C542C-CAE3-42A9-BF45-EE6E828A4EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/2",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

127
CVE-2023/CVE-2023-391xx/CVE-2023-39172.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39172",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-12-07T14:15:07.883",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:49:44.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic."
},
{
"lang": "es",
"value": "Los dispositivos afectados transmiten informaci\u00f3n confidencial sin cifrar, lo que permite a un atacante remoto no autenticado capturar y modificar el tr\u00e1fico de la red."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
@ -46,10 +80,97 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A73E447-D78F-420B-B256-1F157A6DA364"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "300B219B-45CA-44C0-AC39-D94057FA8860"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enbw:senec_storage_box_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2C3F5B-266D-455B-944D-9EDBB0268439"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enbw:senec_storage_box:v3:*:*:*:*:*:*:*",
"matchCriteriaId": "449C542C-CAE3-42A9-BF45-EE6E828A4EBE"
}
]
}
]
}
],
"references": [
{
"url": "https://seclists.org/fulldisclosure/2023/Nov/4",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-393xx/CVE-2023-39326.json
View File

@ -2,31 +2,111 @@
"id": "CVE-2023-39326",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-06T17:15:07.147",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:27:55.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small."
},
{
"lang": "es",
"value": "Un remitente HTTP malicioso puede usar extensiones de fragmentos para hacer que un receptor que lea el cuerpo de una solicitud o respuesta lea muchos m\u00e1s bytes de la red que los que hay en el cuerpo. Un cliente HTTP malicioso puede aprovechar esto a\u00fan m\u00e1s para hacer que un servidor lea autom\u00e1ticamente una gran cantidad de datos (hasta aproximadamente 1 GiB) cuando un controlador no puede leer el cuerpo completo de una solicitud. Las extensiones fragmentadas son una caracter\u00edstica HTTP poco utilizada que permite incluir metadatos adicionales en el cuerpo de una solicitud o respuesta enviada utilizando la codificaci\u00f3n fragmentada. El lector de codificaci\u00f3n fragmentada net/http descarta estos metadatos. Un remitente puede aprovechar esto insertando un segmento de metadatos grande con cada byte transferido. El lector de fragmentos ahora produce un error si la proporci\u00f3n entre el cuerpo real y los bytes codificados es demasiado peque\u00f1a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.12",
"matchCriteriaId": "17AC9A37-6678-490D-88C2-08DE6D37F16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0-0",
"versionEndExcluding": "1.21.5",
"matchCriteriaId": "F9B8295D-576D-410E-B65C-96DB303CBA5C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/547335",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/64433",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2382",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-395xx/CVE-2023-39538.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39538",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-12-06T16:15:07.277",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:29:07.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "AMI AptioV contiene una vulnerabilidad en BIOS donde un usuario puede provocar una carga sin restricciones de un archivo de logotipo BMP con un tipo peligroso mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -50,10 +84,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-395xx/CVE-2023-39539.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39539",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2023-12-06T16:15:07.510",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:28:52.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.\u00a0\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "AMI AptioV contiene una vulnerabilidad en BIOS donde un usuario puede provocar una carga sin restricciones de un archivo de logotipo PNG con un tipo peligroso mediante acceso local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede provocar una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -50,10 +84,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:aptio_v:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C73298F-5F7B-43DF-8772-567ACCE6D7FD"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023009.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-399xx/CVE-2023-39909.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-39909",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.547",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T18:20:27.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application."
},
{
"lang": "es",
"value": "Ericsson Network Manager anterior a 23.2 maneja mal el control de acceso y, por lo tanto, los usuarios no autenticados con pocos privilegios pueden acceder a la aplicaci\u00f3n NCM."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.2",
"matchCriteriaId": "ED57F506-963F-4192-B5A9-FECE633F4236"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.gruppotim.it/it/footer/red-team.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2023/CVE-2023-402xx/CVE-2023-40238.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40238",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T04:15:06.790",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T15:13:33.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,110 @@
"value": "Se descubri\u00f3 un problema de LogoFAIL en BmpDecoderDxe en Insyde InsydeH2O con kernel 5.2 anterior a 05.28.47, 5.3 anterior a 05.37.47, 5.4 anterior a 05.45.47, 5.5 anterior a 05.53.47 y 5.6 anterior a 05.60.47 para ciertos dispositivos Lenovo. El an\u00e1lisis de im\u00e1genes de archivos de logotipos BMP manipulados puede copiar datos a una direcci\u00f3n espec\u00edfica durante la fase DXE de la ejecuci\u00f3n UEFI. Esto ocurre debido a un error de firma de enteros que involucra PixelHeight y PixelWidth durante la compresi\u00f3n RLE4/RLE8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.2.05.28.47",
"matchCriteriaId": "789083DE-7DBF-4943-A1BE-B82472E6FA3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.3.05.37.47",
"matchCriteriaId": "08AB501F-EF6C-42C2-996C-DDEF497A79BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4",
"versionEndExcluding": "5.4.05.45.47",
"matchCriteriaId": "D8015F0C-512D-46B6-9FCA-3FC015D33F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.5.05.53.47",
"matchCriteriaId": "16CCE808-25A8-4EBE-82D8-4CA1792FE198"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.6.05.60.47",
"matchCriteriaId": "814A299E-F6E9-4A1A-A1AD-CC5E7E063FB8"
}
]
}
]
}
],
"references": [
{
"url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.insyde.com/security-pledge",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023053",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-403xx/CVE-2023-40300.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-40300",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.597",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T18:55:01.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key."
},
{
"lang": "es",
"value": "NETSCOUT nGeniusPULSE 3.8 tiene una clave criptogr\u00e1fica codificada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniuspulse:3.8.0-0.2349.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6D702D-3E57-4E5A-9DEA-299566922543"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

427
CVE-2023/CVE-2023-411xx/CVE-2023-41106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T05:15:09.110",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:08:33.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,434 @@
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) antes de 10.0.3. Un atacante puede obtener acceso a una cuenta de Zimbra. Esto tambi\u00e9n se solucion\u00f3 en el parche 35 9.0.0 y el parche 42 8.8.15."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.8.15",
"matchCriteriaId": "1A604F85-992D-4CCF-8630-0456B92429BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.3",
"matchCriteriaId": "C38B73CC-A184-446D-A585-B9C55F07EAC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*",
"matchCriteriaId": "4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*",
"matchCriteriaId": "A0F8BB82-32E4-463D-B719-8E5186CAAECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-411xx/CVE-2023-41172.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.937",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T18:11:23.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4)."
},
{
"lang": "es",
"value": "NetScout nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada (problema 4 de 4)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-418xx/CVE-2023-41804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41804",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:07.807",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:59:18.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:starter_templates:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.5",
"matchCriteriaId": "65132DDD-016E-4101-A907-2D99ED33338F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-419xx/CVE-2023-41905.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2023-41905",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:07.980",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T18:10:29.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user."
},
{
"lang": "es",
"value": "NETSCOUT nGeniusONE 6.3.4 build 2298 permite una vulnerabilidad de Cross-Site scripting (XSS) Reflejada por parte de un usuario autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netscout:ngeniusone:6.3.4:build2298:*:*:*:*:*:*",
"matchCriteriaId": "5E324F69-A8E5-47DF-AEEF-FCC789220B59"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.netscout.com/securityadvisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-419xx/CVE-2023-41913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41913",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T05:15:09.173",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:07:01.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "strongSwan anterior a 5.9.12 tiene un desbordamiento del b\u00fafer y una posible ejecuci\u00f3n remota de c\u00f3digo no autenticado a trav\u00e9s de un valor p\u00fablico DH que excede el b\u00fafer interno en el proxy DH de charon-tkm. La primera versi\u00f3n afectada es la 5.3.0. Un ataque puede ocurrir a trav\u00e9s de un mensaje IKE_SA_INIT manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "5.9.12",
"matchCriteriaId": "C5256E77-93AF-47BF-BD3F-0148F8E9D0B4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strongswan/strongswan/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-425xx/CVE-2023-42580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42580",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-12-05T03:15:19.120",
"lastModified": "2023-12-05T13:51:04.540",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:09:19.990",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -38,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:galaxy_store:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.5.64.4",
"matchCriteriaId": "0ACEF30C-D21F-488C-A1D5-55CEEE49C724"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=12",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-425xx/CVE-2023-42581.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42581",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-12-05T03:15:19.293",
"lastModified": "2023-12-11T20:33:24.510",
"lastModified": "2023-12-12T17:08:44.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",

431
CVE-2023/CVE-2023-431xx/CVE-2023-43102.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43102",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.490",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:11:13.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,436 @@
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) antes de 10.0.4. Se puede aprovechar un problema XSS para acceder al buz\u00f3n de correo de un usuario autenticado. Esto tambi\u00e9n se solucion\u00f3 en el parche 43 8.8.15 y el parche 36 9.0.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.8.15",
"matchCriteriaId": "1A604F85-992D-4CCF-8630-0456B92429BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.4",
"matchCriteriaId": "15BA556D-FE45-42D3-A625-DEC85C82E170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*",
"matchCriteriaId": "4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*",
"matchCriteriaId": "A0F8BB82-32E4-463D-B719-8E5186CAAECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*",
"matchCriteriaId": "9605C0CF-E5DF-497A-B298-D64ABCDAF88E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

431
CVE-2023/CVE-2023-431xx/CVE-2023-43103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43103",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.630",
"lastModified": "2023-12-07T12:12:36.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:10:33.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,436 @@
"value": "Se descubri\u00f3 un problema XSS en un endpoint web en Zimbra Collaboration (ZCS) anterior a 10.0.4 a trav\u00e9s de un par\u00e1metro no sanitizado. Esto tambi\u00e9n se solucion\u00f3 en el parche 43 8.8.15 y el parche 36 9.0.0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.8.15",
"matchCriteriaId": "1A604F85-992D-4CCF-8630-0456B92429BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.4",
"matchCriteriaId": "15BA556D-FE45-42D3-A625-DEC85C82E170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*",
"matchCriteriaId": "4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*",
"matchCriteriaId": "A0F8BB82-32E4-463D-B719-8E5186CAAECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*",
"matchCriteriaId": "9605C0CF-E5DF-497A-B298-D64ABCDAF88E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-433xx/CVE-2023-43364.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-43364",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T18:15:22.887",
"lastModified": "2023-12-12T18:58:37.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ArjunSharda/Searchor/commit/16016506f7bf92b0f21f51841d599126d6fcd15b",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ArjunSharda/Searchor/pull/130",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/advisories/GHSA-66m2-493m-crh2",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/nexis-nexis/Searchor-2.4.0-POC-Exploit-",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/nikn0laty/Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-44xx/CVE-2023-4421.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-4421",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-12T17:15:08.347",
"lastModified": "2023-12-12T17:22:30.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1651411",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-53/",
"source": "security@mozilla.org"
}
]
}

62
CVE-2023/CVE-2023-450xx/CVE-2023-45083.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45083",
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"published": "2023-12-05T17:15:07.950",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:40:40.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane.\n\nAn authenticated admin-level user may be able to delete the \"admin\" or \"serveradmin\" users, which prevents authentication from subsequently succeeding.\n\nThis issue affects HyperCloud versions 1.0 to any release before 2.1.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de gesti\u00f3n de privilegios inadecuada en HyperCloud que afectar\u00e1 la capacidad de un usuario para autenticarse en el plano de gesti\u00f3n. Un usuario de nivel de administrador autenticado puede eliminar los usuarios \"admin\" o \"serveadmin\", lo que impide que la autenticaci\u00f3n se realice correctamente posteriormente. Este problema afecta a las versiones 1.0 de HyperCloud hasta cualquier versi\u00f3n anterior a la 2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "2.1.0",
"matchCriteriaId": "554F36F7-6344-4F7A-A1BE-196927DD04E5"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.softiron.cloud",
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6"
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
]
}
]
}

62
CVE-2023/CVE-2023-450xx/CVE-2023-45084.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45084",
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"published": "2023-12-05T17:15:08.183",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:41:49.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue exists in SoftIron HyperCloud where drive caddy removal and reinsertion without a reboot may erroneously cause the system to recognize the caddy as new media and wipe all data on the drives due to a missing synchronization flaw, which impacts data availability and integrity.\n\nThis issue only impacts SoftIron HyperCloud \"density\" storage nodes running HyperCloud software versions 1.0 to before 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Existe un problema en SoftIron HyperCloud donde la extracci\u00f3n y reinserci\u00f3n del drive caddy sin reiniciar puede hacer que el sistema reconozca err\u00f3neamente el caddy como un medio nuevo y borre todos los datos de las unidades debido a una falla de sincronizaci\u00f3n faltante, lo que afecta la disponibilidad e integridad de los datos. Este problema solo afecta a los nodos de almacenamiento de \"density\" de SoftIron HyperCloud que ejecutan el software HyperCloud desde la versi\u00f3n 1.0 hasta la 2.0.3 anterior."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-662"
}
]
},
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "1E1D94F5-3EE0-4D00-BF00-C08BB922F813"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.softiron.cloud",
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6"
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
]
}
]
}

64
CVE-2023/CVE-2023-450xx/CVE-2023-45085.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45085",
"sourceIdentifier": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"published": "2023-12-05T17:15:08.400",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:14:09.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.\u00a0 In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.\n\nThis issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.\n\n"
},
{
"lang": "es",
"value": "Existe un problema en SoftIron HyperCloud donde los nodos de c\u00e1lculo pueden conectarse inmediatamente sin seguir el proceso de inicializaci\u00f3n correcto. En este caso, las cargas de trabajo pueden programarse en estos nodos y desplegarse en un estado fallido o err\u00f3neo, lo que afecta la disponibilidad de estas cargas de trabajo que pueden implementarse durante este per\u00edodo de tiempo. Este problema afecta a las versiones de HyperCloud desde la 2.0.0 hasta la 2.0.3 anterior."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softiron:hypercloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "FCFF9E8A-301B-4195-B0C7-0A97B7C64DAF"
}
]
}
]
}
],
"references": [
{
"url": "https://advisories.softiron.cloud",
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6"
"source": "0a72a055-908d-47f5-a16a-1f09049c16c6",
"tags": [
"Release Notes"
]
}
]
}

93
CVE-2023/CVE-2023-452xx/CVE-2023-45285.json
View File

@ -2,31 +2,110 @@
"id": "CVE-2023-45285",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-06T17:15:07.320",
"lastModified": "2023-12-06T18:49:19.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:27:36.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off)."
},
{
"lang": "es",
"value": "El uso de go get para buscar un m\u00f3dulo con el sufijo \".git\" puede recurrir inesperadamente al protocolo inseguro \"git://\" si el m\u00f3dulo no est\u00e1 disponible a trav\u00e9s de \"https://\" y \"git+ssh://\" seguros, protocolos, incluso si GOINSECURE no est\u00e1 configurado para dicho m\u00f3dulo. Esto s\u00f3lo afecta a los usuarios que no utilizan el proxy del m\u00f3dulo y est\u00e1n obteniendo m\u00f3dulos directamente (es decir, GOPROXY = desactivado)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.12",
"matchCriteriaId": "17AC9A37-6678-490D-88C2-08DE6D37F16C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0-0",
"versionEndExcluding": "1.21.5",
"matchCriteriaId": "F9B8295D-576D-410E-B65C-96DB303CBA5C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/540257",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/63845",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2383",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-452xx/CVE-2023-45287.json
View File

@ -2,35 +2,108 @@
"id": "CVE-2023-45287",
"sourceIdentifier": "security@golang.org",
"published": "2023-12-05T17:15:08.570",
"lastModified": "2023-12-05T20:13:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:26:44.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels."
},
{
"lang": "es",
"value": "Antes de Go 1.20, los intercambios de claves TLS basados en RSA utilizaban la librer\u00eda math/big, que no es un tiempo constante. Se aplic\u00f3 blinding RSA para prevenir ataques sincronizados, pero el an\u00e1lisis muestra que esto puede no haber sido completamente efectivo. En particular, parece que la eliminaci\u00f3n del relleno PKCS#1 puede filtrar informaci\u00f3n de tiempo, que a su vez podr\u00eda usarse para recuperar bits de clave de sesi\u00f3n. En Go 1.20, la librer\u00eda crypto/tls cambi\u00f3 a una implementaci\u00f3n RSA de tiempo completamente constante, que no creemos que muestre ning\u00fan canal lateral de temporizaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.0",
"matchCriteriaId": "A96BDB4B-F1DA-4948-8E56-8B4933BB8BC2"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/326012/26",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://go.dev/issue/20654",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://people.redhat.com/~hkario/marvin/",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2375",
"source": "security@golang.org"
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-457xx/CVE-2023-45762.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T13:15:07.293",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:53:04.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redireccionamiento de URL a un sitio que no es de confianza ('Open Redirect') en Michael Uno (miunosoft) Responsive Column Widgets. Este problema afecta a Responsive Column Widgets: desde n/a hasta 1.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:michaeluno:responsive_column_widgets:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.7",
"matchCriteriaId": "2B6F2C0B-59F7-4B01-91CF-B0119C7319A3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/responsive-column-widgets/wordpress-responsive-column-widgets-plugin-1-2-7-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-461xx/CVE-2023-46157.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-46157",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-08T13:15:07.193",
"lastModified": "2023-12-08T14:23:10.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:13:08.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755."
},
{
"lang": "es",
"value": "File-Manager en MGT CloudPanel 2.0.0 a 2.3.2 permite al usuario con privilegios m\u00e1s bajos lograr la inyecci\u00f3n de comandos del sistema operativo cambiando la propiedad del archivo y cambiando los permisos del archivo a 4755."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mgt-commerce:cloudpanel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "77EC376D-BB32-4F66-B8B4-E3F1273276AC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.cloudpanel.io/docs/v2/changelog/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.mgt-commerce.com/docs/mgt-cloudpanel/dashboard",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-462xx/CVE-2023-46214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46214",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-11-16T21:15:08.630",
"lastModified": "2023-11-24T23:07:00.743",
"vulnStatus": "Analyzed",
"lastModified": "2023-12-12T16:15:08.030",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",

95
CVE-2023/CVE-2023-462xx/CVE-2023-46218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46218",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-12-07T01:15:07.160",
"lastModified": "2023-12-10T03:15:07.003",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T15:53:14.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,102 @@
"value": "Esta falla permite que un servidor HTTP malicioso establezca \"supercookies\" en curl que luego se devuelven a m\u00e1s or\u00edgenes de los que est\u00e1n permitidos o son posibles. Esto permite que un sitio establezca cookies que luego se enviar\u00e1n a sitios y dominios diferentes y no relacionados. Podr\u00eda hacer esto explotando una falla de may\u00fasculas y min\u00fasculas en la funci\u00f3n de curl que verifica un dominio de cookie determinado con Public Suffix List (PSL). Por ejemplo, una cookie podr\u00eda configurarse con `domain=co.UK` cuando la URL utilizaba un nombre de host en min\u00fascula `curl.co.uk`, aunque `co.uk` aparezca como un dominio PSL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.46.0",
"versionEndIncluding": "8.4.0",
"matchCriteriaId": "CDCA27BA-B527-4B8F-91D5-CEE58282FD45"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://curl.se/docs/CVE-2023-46218.html",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2212193",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-463xx/CVE-2023-46307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46307",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.683",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:06:02.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,89 @@
"value": "Se descubri\u00f3 un problema en server.js en etcd-browser 87ae63d75260. Al proporcionar una entrada /../../../ Directory Traversal a la solicitud GET de la URL mientras se conecta al puerto del servidor remoto especificado durante la configuraci\u00f3n, un atacante puede recuperar archivos del sistema operativo local desde el sistema remoto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buddho:etcd_browser:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE6FF10-564C-460D-AF37-2B4C2DF43C7D"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/11",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Nov/9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://hub.docker.com/r/buddho/etcd-browser",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://hub.docker.com/r/buddho/etcd-browser/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-464xx/CVE-2023-46454.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-46454",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.680",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality."
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-464xx/CVE-2023-46455.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46455",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.743",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality."
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/",
"source": "cve@mitre.org"
},
{
"url": "https://www.gl-inet.com/",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-464xx/CVE-2023-46456.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46456",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-12T15:15:07.810",
"lastModified": "2023-12-12T15:52:06.410",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality."
}
],
"metrics": {},
"references": [
{
"url": "https://cyberaz0r.info/2023/11/glinet-multiple-vulnerabilities/",
"source": "cve@mitre.org"
},
{
"url": "https://www.gl-inet.com/",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-466xx/CVE-2023-46641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46641",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T11:15:08.007",
"lastModified": "2023-12-07T12:12:22.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:11:31.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code4recovery:12_step_meeting_list:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.14.25",
"matchCriteriaId": "F150AB3C-2F40-4C2A-8ABF-6602DC34A83A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/12-step-meeting-list/wordpress-12-step-meeting-list-plugin-3-14-24-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-468xx/CVE-2023-46857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46857",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.740",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:05:02.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Squidex anterior a 7.9.0 permite XSS a trav\u00e9s de un documento SVG en la funci\u00f3n Cargar activos. Esto ocurre porque hay una lista negra incompleta en la inspecci\u00f3n SVG, lo que permite JavaScript en el atributo SRC de un elemento IFRAME. Se requiere un ataque autenticado con permiso assets.create para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squidex.io:squidex:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.9.0",
"matchCriteriaId": "90B9B378-EEF4-47AD-8833-B2E33F566A76"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/08/4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://census-labs.com/news/2023/11/08/weak-svg-asset-filtering-mechanism-in-squidex-cms/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://support.squidex.io/c/news/9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-469xx/CVE-2023-46916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46916",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T06:15:54.803",
"lastModified": "2023-12-07T12:12:27.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T17:03:51.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Los dispositivos Maxima Max Pro Power 1.0 486A permiten la reproducci\u00f3n del tr\u00e1fico BLE. Un atacante puede utilizar el identificador de caracter\u00edstica GATT 0x0012 para realizar acciones potencialmente disruptivas, como iniciar un monitor de frecuencia card\u00edaca."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:maximawatches:maxima_max_pro_power_firmware:1.0_486a:*:*:*:*:*:*:*",
"matchCriteriaId": "715096FF-8DF3-4877-B4AE-073FA4F0D86A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:maximawatches:maxima_max_pro_power:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93F050F9-344A-4F7D-84D7-7964DF1886EF"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175660",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.maximawatches.com/products/max-pro-power",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

78
CVE-2023/CVE-2023-474xx/CVE-2023-47440.json
View File

@ -2,27 +2,93 @@
"id": "CVE-2023-47440",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-07T18:15:08.080",
"lastModified": "2023-12-07T18:30:52.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T18:06:36.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine."
},
{
"lang": "es",
"value": "Gladys Assistant v4.27.0 y anteriores son vulnerables a Directory Traversal. Se descubri\u00f3 que el parche CVE-2023-43256 estaba incompleto, lo que permit\u00eda a atacantes autenticados extraer archivos confidenciales en la m\u00e1quina host."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gladysassistant:gladys_assistant:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.30.0",
"matchCriteriaId": "A084D786-016A-4500-B235-6E6E70C2D241"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.moku.fr/cve/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.moku.fr/cves/CVE-2023-47440/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/GladysAssistant/Gladys/pull/1918/commits/4f56ba250ff9f46578f1afa6a97e62e74bad83b7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

51
CVE-2023/CVE-2023-477xx/CVE-2023-47779.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-47779",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-07T12:15:07.820",
"lastModified": "2023-12-07T16:09:27.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-12T16:53:31.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en CRM Perks. Integraci\u00f3n para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms. Este problema afecta la integraci\u00f3n para Constant Contact y Contact Form 7, WPForms, Elementor, Ninja Forms: desde n/a hasta 1.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crmperks:integration_for_constant_contact_and_contact_form_7\\,_wpforms\\,_elementor\\,_ninja:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.5",
"matchCriteriaId": "B8D9AA4A-1BCE-4E17-A7E0-1183AC913AF7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cf7-constant-contact/wordpress-integration-for-contact-form-7-and-constant-contact-plugin-1-1-4-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More