admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-11T18:00:25.476971+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-11 18:00:29 +00:00
parent ce063f05d9
commit d914df013c
81 changed files with 12066 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
CVE-2020/CVE-2020-353xx/CVE-2020-35357.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2020-35357",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:20.167",
"lastModified": "2023-09-21T20:15:09.787",
"vulnStatus": "Modified",
"lastModified": "2023-10-11T16:12:35.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution."
},
{
"lang": "es",
"value": "Puede producirse un Desbordamiento del B\u00fafer al calcular el valor del cuantil utilizando Statistics Library of GSL (Biblioteca Cient\u00edfica GNU), versiones 2.5 y 2.6. El procesamiento de datos de entrada creados con fines maliciosos para gsl_stats_quantile_from_sorted_data de la librer\u00eda puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {
@ -17,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -66,6 +70,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -79,7 +98,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://savannah.gnu.org/bugs/?59624",

62
CVE-2023/CVE-2023-233xx/CVE-2023-23370.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-23370",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.920",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:28:51.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de credenciales insuficientemente protegidas afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados obtener acceso a cuentas de usuario y acceder a datos confidenciales utilizados por la cuenta de usuario a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QVPN Windows 2.1.0.0518 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -46,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.0.0518",
"matchCriteriaId": "ECFD664D-C113-4227-8359-0D9433A03B18"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-36",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-233xx/CVE-2023-23371.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-23371",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.997",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:32:56.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.2.0.0823 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de transmisi\u00f3n de texto plano de informaci\u00f3n confidencial afecta a QVPN Device Client. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados leer datos confidenciales a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QVPN Windows 2.2.0.0823 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qnap:qvpn:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.0.0823",
"matchCriteriaId": "4B77347C-39D0-4009-AE9D-4AAE8FD1524B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-39",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-244xx/CVE-2023-24479.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-24479",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.640",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1762",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-273xx/CVE-2023-27380.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-27380",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.747",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1780",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-283xx/CVE-2023-28381.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-28381",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.827",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
"source": "talos-cna@cisco.com"
}
]
}

425
CVE-2023/CVE-2023-306xx/CVE-2023-30690.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30690",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-10-04T04:15:12.297",
"lastModified": "2023-10-04T12:56:06.920",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-11T17:37:55.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Duo antes de SMR Oct-2023 Release 1 permite a atacantes locales iniciar actividades privilegiadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -46,10 +80,395 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "693D72EF-1531-4C15-B105-2DEBE02D30F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*",
"matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "62105EDB-0A60-4153-9F3F-7635CC8756FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "60281652-A1DF-4EA4-8CD3-6DCA43F6162F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4F46F8F7-0EBA-4D2F-AC53-4BB5956D7B87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BF31CC5-E850-4B7E-BA43-6B1ED560DD45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=10",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-312xx/CVE-2023-31272.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31272",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.913",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1765",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-326xx/CVE-2023-32632.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32632",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.997",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1767",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-326xx/CVE-2023-32645.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32645",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.073",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752",
"source": "talos-cna@cisco.com"
}
]
}

104
CVE-2023/CVE-2023-329xx/CVE-2023-32971.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32971",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.083",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:38:24.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: \nQTS 5.0.1.2425 compilaci\u00f3n 20230609 y posteriores \nQTS 5.1.0.2444 compilaci\u00f3n 20230629 y posteriores \nQTS 4.5.4.2467 compilaci\u00f3n 20230718 y posteriores \nQuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores \nQuTS hero h5. 1.0.2424 compilaci\u00f3n 20230609 y posteriores \nQuTS hero h4.5.4.2476 compilaci\u00f3n 20230728 y posteriores \nQuTScloud c5.1.0.2498 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +84,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndExcluding": "4.5.4.2467",
"matchCriteriaId": "956A4907-29B5-4CB4-BA77-9472E25C2246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.1.2425",
"matchCriteriaId": "C6143075-6287-4B3D-A59D-7EA7415C7F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.0.2444",
"matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h4.5.0",
"versionEndExcluding": "h4.5.4.2476",
"matchCriteriaId": "039CB063-5347-4F85-B6DE-430A94C0B3DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.0.0",
"versionEndExcluding": "h5.0.1.2515",
"matchCriteriaId": "703732BD-834B-4529-A2E8-AF956F5AD674"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.1.0",
"versionEndExcluding": "h5.1.0.2424",
"matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "c5.0.1",
"versionEndExcluding": "c5.1.0.2498",
"matchCriteriaId": "7D3BB6CC-B9D6-4519-92F5-72F74D1A9C28"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-37",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34346.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34346",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.157",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1764",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34354.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34354",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.233",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34356.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34356",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.320",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34365.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34365",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.400",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1763",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-344xx/CVE-2023-34426.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34426",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.487",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1766",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-350xx/CVE-2023-35055.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35055",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.567",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-350xx/CVE-2023-35056.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35056",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.643",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1761",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35193.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35193",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.723",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-351xx/CVE-2023-35194.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35194",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.797",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"source": "talos-cna@cisco.com"
}
]
}

83
CVE-2023/CVE-2023-358xx/CVE-2023-35897.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-35897",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-06T14:15:11.913",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:21:04.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246."
},
{
"lang": "es",
"value": "IBM Spectrum Protect Client e IBM Storage Protect for Virtual Environments 8.1.0.0 a 8.1.19.0 podr\u00edan permitir a un usuario local ejecutar c\u00f3digo arbitrario en el sistema utilizando un archivo especialmente manipulado, causado por una falla de secuestro de DLL. ID de IBM X-Force: 259246."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_protect:*:*:*:*:virtual_environments\\:_data_protection_for_hyper-v:*:*:*",
"versionStartIncluding": "8.1.0.0",
"versionEndIncluding": "8.1.19.0",
"matchCriteriaId": "67B96354-0D66-477B-B7EA-15FCACF83B3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_protect:*:*:*:*:virtual_environments\\:_data_protection_for_vmware:*:*:*",
"versionStartIncluding": "8.1.0.0",
"versionEndIncluding": "8.1.19.0",
"matchCriteriaId": "8D7B9A95-822F-4766-B098-3183AF0381E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_protect_client:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0.0",
"versionEndIncluding": "8.1.19.0",
"matchCriteriaId": "8CB5C2C0-02C8-4BF6-B52A-EA1A804F68A6"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259246",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7037299",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35965.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35965",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.883",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35966.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35966",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.970",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1787",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35967.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35967",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:14.050",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788",
"source": "talos-cna@cisco.com"
}
]
}

55
CVE-2023/CVE-2023-359xx/CVE-2023-35968.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35968",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:14.123",
"lastModified": "2023-10-11T16:37:00.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1788",
"source": "talos-cna@cisco.com"
}
]
}

149
CVE-2023/CVE-2023-406xx/CVE-2023-40631.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-40631",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:55.547",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:30:22.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed"
},
{
"lang": "es",
"value": "En Dialer, es posible que falte una verificaci\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-406xx/CVE-2023-40632.json
View File

@ -2,19 +2,100 @@
"id": "CVE-2023-40632",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.397",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:30:35.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed"
},
{
"lang": "es",
"value": "En jpg driver, existe un posible use after free debido a un error l\u00f3gico. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n, sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-406xx/CVE-2023-40633.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-40633",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.483",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:30:45.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Phasecheckserver, es posible que falte una verificaci\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-406xx/CVE-2023-40634.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-40634",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.553",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:30:56.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Phasechecksercer, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

124
CVE-2023/CVE-2023-406xx/CVE-2023-40635.json
View File

@ -2,19 +2,135 @@
"id": "CVE-2023-40635",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.630",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:31:07.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En linkturbo, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-406xx/CVE-2023-40636.json
View File

@ -2,19 +2,105 @@
"id": "CVE-2023-40636",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.700",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:31:37.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed"
},
{
"lang": "es",
"value": "En Telecom service, existe una forma posible de escribir registros de uso de permisos de una aplicaci\u00f3n debido a que falta una verificaci\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-406xx/CVE-2023-40637.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-40637",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.773",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:31:43.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges"
},
{
"lang": "es",
"value": "En Telecom service, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-406xx/CVE-2023-40638.json
View File

@ -2,19 +2,105 @@
"id": "CVE-2023-40638",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.833",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:31:48.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En Telecom service, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

139
CVE-2023/CVE-2023-406xx/CVE-2023-40639.json
View File

@ -2,19 +2,150 @@
"id": "CVE-2023-40639",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.897",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:31:54.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges"
},
{
"lang": "es",
"value": "En el servicio SoundRecorder, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

139
CVE-2023/CVE-2023-406xx/CVE-2023-40640.json
View File

@ -2,19 +2,150 @@
"id": "CVE-2023-40640",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:56.957",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:32:15.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges"
},
{
"lang": "es",
"value": "En el servicio SoundRecorder, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40641.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40641",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.027",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:32:34.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40642.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40642",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.087",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:05.063",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40643.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40643",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.147",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:14.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40644.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40644",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.207",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:21.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40645.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40645",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.270",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:33.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40646.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40646",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.347",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:47.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40647.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40647",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.423",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:36:55.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40648.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40648",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.493",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:35:02.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

84
CVE-2023/CVE-2023-406xx/CVE-2023-40649.json
View File

@ -2,19 +2,95 @@
"id": "CVE-2023-40649",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.563",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:35:11.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Messaging, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

144
CVE-2023/CVE-2023-406xx/CVE-2023-40650.json
View File

@ -2,19 +2,155 @@
"id": "CVE-2023-40650",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.627",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:35:18.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed"
},
{
"lang": "es",
"value": "En Telecom service, es posible que falte una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

149
CVE-2023/CVE-2023-406xx/CVE-2023-40651.json
View File

@ -2,19 +2,160 @@
"id": "CVE-2023-40651",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.693",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:35:31.657",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En urild service, existe una posible escritura fuera de l\u00edmites debido a una comprobaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2023/CVE-2023-406xx/CVE-2023-40652.json
View File

@ -2,19 +2,100 @@
"id": "CVE-2023-40652",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-10-08T04:15:57.770",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:35:49.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed"
},
{
"lang": "es",
"value": "En jpg driver, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n de System necesarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Broken Link"
]
}
]
}

71
CVE-2023/CVE-2023-409xx/CVE-2023-40920.json
View File

@ -2,19 +2,82 @@
"id": "CVE-2023-40920",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T20:15:13.013",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:26:13.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Prixan prixanconnect hasta v1.62 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente CartsGuruCatalogModuleFrontController::importProducts()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prixan:prixanconnect:*:*:*:*:*:prestashop:*:*",
"versionEndIncluding": "1.61",
"matchCriteriaId": "7274DE71-49A8-4C9E-AE1F-9F661EDF3759"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/05/prixanconnect.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-424xx/CVE-2023-42445.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42445",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-06T14:15:12.103",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:26:44.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.\n"
},
{
"lang": "es",
"value": "Gradle es una herramienta de compilaci\u00f3n centrada en la automatizaci\u00f3n de la build y soporte para el desarrollo en varios idiomas. En algunos casos, cuando Gradle analiza archivos XML, la resoluci\u00f3n de entidades externas XML no est\u00e1 deshabilitada. Combinado con un ataque XXE fuera de banda (OOB-XXE), el simple hecho de analizar XML puede provocar la filtraci\u00f3n de archivos de texto locales a un servidor remoto. Gradle analiza archivos XML para varios prop\u00f3sitos. La mayor\u00eda de las veces, Gradle analiza los archivos XML que gener\u00f3 o que ya estaban presentes localmente. Gradle solo puede recuperar los descriptores XML de Ivy y los archivos POM de Maven de repositorios remotos y analizarlos. En Gradle 7.6.3 y 8.4, la resoluci\u00f3n de entidades externas XML se ha deshabilitado para todos los casos de uso para proteger contra esta vulnerabilidad. Gradle ahora se negar\u00e1 a analizar archivos XML que tengan entidades externas XML."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.3",
"matchCriteriaId": "77803A01-94E7-4C76-BAF3-ED44AE596010"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0",
"versionEndExcluding": "8.4",
"matchCriteriaId": "E80A7414-4449-4036-B0F9-99FE64928912"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

145
CVE-2023/CVE-2023-427xx/CVE-2023-42754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42754",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T19:15:11.413",
"lastModified": "2023-10-10T03:15:09.583",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-11T17:42:42.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -38,30 +58,139 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42754",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239845",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GISYSL3F6WIEVGHJGLC2MFNTUXHPTKQH/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPMICQ2HVZO5UAM5KPXHAZKA2U3ZDOO6/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5PDNWPKAP3WL5RQZ4RIDS6MG32OHH5R/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://seclists.org/oss-sec/2023/q4/14",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
]
}
]
}

93
CVE-2023/CVE-2023-427xx/CVE-2023-42755.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42755",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-05T19:15:11.497",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:42:18.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en el clasificador del IPv4 Resource Reservation Protocol (RSVP) en el kernel de Linux. El puntero xprt puede ir m\u00e1s all\u00e1 de la parte lineal del skb, lo que lleva a una lectura fuera de l\u00edmites en la funci\u00f3n `rsvp_classify`. Este problema puede permitir que un usuario local bloquee el sistema y provoque una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,18 +58,77 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42755",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239847",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/oss-sec/2023/q3/229",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Patch",
"Third Party Advisory"
]
}
]
}

249
CVE-2023/CVE-2023-432xx/CVE-2023-43260.json
View File

@ -2,19 +2,260 @@
"id": "CVE-2023-43260",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T19:15:11.573",
"lastModified": "2023-10-05T23:14:04.503",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:37:27.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Milesight UR5X, UR32L, UR32, UR35, UR41 anteriores a v35.3.0.7 conten\u00edan una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s del panel de administraci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur51_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "A9C278F2-899D-4ACC-AB9F-10806F45E965"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5538BB-43CB-461F-9DA3-11F2F147F233"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur52_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "29387539-7C5B-45D8-9888-596DF628A7F4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22242E4A-9719-4EB1-BB92-2AB606F323A1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur55_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "F4924688-6152-4B2F-9784-CA9CE740FF33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD82DC3-E1E6-4073-8160-03FCADD9151E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "E538CE7E-1300-40FD-B99F-BDBFF104FB55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "38B4812C-F6AE-4E05-BF80-41DEE6DB3171"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080EADC9-FFA7-4789-8A88-FD3F484EDC42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "8FE72087-C99B-4108-ADA7-1B7FA476E7C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "616ACA1E-D93D-4A07-AEE0-37C2AE35A326"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "E00FF8AD-4E24-4154-BA7B-99867515AB80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BC494-6640-47F0-8F58-AB8118C07329"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/win3zz/c7eda501edcf5383df32fabe00938d13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

224
CVE-2023/CVE-2023-432xx/CVE-2023-43261.json
View File

@ -2,35 +2,243 @@
"id": "CVE-2023-43261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T12:15:10.627",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:39:00.060",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components."
},
{
"lang": "es",
"value": "Una divulgaci\u00f3n de informaci\u00f3n en Milesight UR5X, UR32L, UR32, UR35, UR41 anterior a v35.3.0.7 permite a los atacantes acceder a componentes confidenciales del router."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur5x_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "F0915F1C-87D1-4375-9FBC-45C38EBAB645"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur51:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5538BB-43CB-461F-9DA3-11F2F147F233"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22242E4A-9719-4EB1-BB92-2AB606F323A1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD82DC3-E1E6-4073-8160-03FCADD9151E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32l_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "E538CE7E-1300-40FD-B99F-BDBFF104FB55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "224B5936-7A7A-48E7-B0F3-754B74E4BF2D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur32_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "38B4812C-F6AE-4E05-BF80-41DEE6DB3171"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "080EADC9-FFA7-4789-8A88-FD3F484EDC42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur35_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "8FE72087-C99B-4108-ADA7-1B7FA476E7C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "616ACA1E-D93D-4A07-AEE0-37C2AE35A326"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:milesight:ur41_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "35.3.0.7",
"matchCriteriaId": "E00FF8AD-4E24-4154-BA7B-99867515AB80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:milesight:ur41:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8BC494-6640-47F0-8F58-AB8118C07329"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://milesight.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://ur5x.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
]
},
{
"url": "https://github.com/win3zz/CVE-2023-43261",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://medium.com/@win3zz/inside-the-router-how-i-accessed-industrial-routers-and-reported-the-flaws-29c34213dfdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://support.milesight-iot.com/support/home",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-436xx/CVE-2023-43641.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-43641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T22:15:12.707",
"lastModified": "2023-10-11T04:15:11.163",
"lastModified": "2023-10-11T17:15:10.970",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution."
"value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0."
},
{
"lang": "es",
@ -55,17 +55,17 @@
"url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lipnitsk/libcue/commit/cfb98a060fd79dbc3463d85f0f29c3c335dfa0ea",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IYRNAHR55MLFOHVOOIO46GBTGZD4G4W/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7FPN4SA2GU3D2YOFXF2KDBWTFJX7MOW/",
"source": "security-advisories@github.com"
}
]
}

12
CVE-2023/CVE-2023-437xx/CVE-2023-43793.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43793",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.040",
"lastModified": "2023-10-10T18:44:48.727",
"lastModified": "2023-10-11T17:47:46.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{

61
CVE-2023/CVE-2023-438xx/CVE-2023-43805.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.203",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T16:28:56.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF."
},
{
"lang": "es",
"value": "Nexkey es un fork de Misskey, una plataforma de redes sociales descentralizada y de c\u00f3digo abierto. Antes de la versi\u00f3n 12.121.9, la validaci\u00f3n de URL incompleta pod\u00eda permitir a los usuarios omitir la autenticaci\u00f3n para acceder al panel de la cola de trabajos. La versi\u00f3n 12.121.9 contiene una soluci\u00f3n para este problema. Como workaround, es posible evitar esto bloqueando el acceso utilizando herramientas como WAF de Cloudflare."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nexryai:nexkey:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "12.121.9",
"matchCriteriaId": "68C7C1F9-AD69-45F7-B999-005F4AB9F76D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-438xx/CVE-2023-43810.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-06T14:15:12.267",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:29:53.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0."
},
{
"lang": "es",
"value": "OpenTelemetry, tambi\u00e9n conocido como OTel para abreviar, es un framework de observabilidad de c\u00f3digo abierto, independiente del proveedor, para instrumentar, generar, recopilar y exportar datos de telemetr\u00eda, como seguimientos, m\u00e9tricas y registros. La instrumentaci\u00f3n autom\u00e1tica lista para usar agrega la etiqueta `http_method` que tiene cardinalidad ilimitada. Conduce al posible agotamiento de la memoria del servidor cuando se env\u00edan muchas peticiones maliciosas. Un atacante puede configurar f\u00e1cilmente el m\u00e9todo HTTP para solicitudes para que sea aleatorio y largo. Para verse afectado, el programa debe estar instrumentado para controladores HTTP y no filtrar ning\u00fan m\u00e9todo HTTP desconocido en el nivel de CDN, LB, middleware anterior, etc. Este problema se solucion\u00f3 en la versi\u00f3n 0.41b0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opentelemetry:opentelemetry:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.41b0",
"matchCriteriaId": "A42C146C-19B1-44AE-94AB-9947D465623B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/open-telemetry/opentelemetry-python-contrib/commit/6007e0c013071e7f8b9612d3bc68aeb9d600d74e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/open-telemetry/opentelemetry-python-contrib/releases/tag/v0.41b0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44231",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T09:15:10.617",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:37:04.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nickduncan:contact_form:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.10",
"matchCriteriaId": "0AC50FA1-8E39-4028-AA9F-5AA97769A119"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-ready/wordpress-contact-form-plugin-2-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44232",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T09:15:10.713",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:34:46.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nxsn:wp_hide_pages:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "F5137A2B-307C-4E84-A247-29E84453A7A0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-hide-pages/wordpress-wp-hide-pages-plugin-1-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44236",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T10:15:22.763",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-11T17:34:32.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devnath_verma:wp_captcha:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "56F36FC0-EB6D-450A-91D0-300508318BE0"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-captcha/wordpress-wp-captcha-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-442xx/CVE-2023-44260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44260",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-09T09:15:10.787",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:34:38.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rebing:woocommerce_esto:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.23.1",
"matchCriteriaId": "F2FFA0E3-F837-4C53-9974-C0DE0E8819E4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-esto/wordpress-woocommerce-esto-plugin-2-23-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-443xx/CVE-2023-44384.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44384",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-06T18:15:12.247",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:49:49.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. "
},
{
"lang": "es",
"value": "Discourse-jira es un complemento de Discourse que permite que los proyectos, tipos de problemas, campos y opciones de campos de Jira se sincronicen autom\u00e1ticamente. Un usuario administrador puede realizar un ataque SSRF configurando la URL de Jira en una ubicaci\u00f3n arbitraria y habilitando la configuraci\u00f3n del sitio `discourse_jira_verbose_log`. Un usuario moderador podr\u00eda manipular la ruta de solicitud a la API de Jira, permiti\u00e9ndole realizar solicitudes GET arbitrarias utilizando las credenciales de la API de Jira, potencialmente con permisos elevados, utilizadas por la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:discourse:discourse_jira:*:*:*:*:*:discourse:*:*",
"versionEndIncluding": "2023-10-01",
"matchCriteriaId": "B59C681F-DB07-4BC1-B845-B7276FC47759"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse-jira/commit/8a2d3ad228883199fd5f081cc93d173c88e2e48f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse-jira/pull/50",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/discourse/discourse-jira/security/advisories/GHSA-pmv5-h2x6-35fh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-443xx/CVE-2023-44386.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44386",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-05T18:15:12.667",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:47:30.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2."
},
{
"lang": "es",
"value": "Vapor es un framework web HTTP para Swift. Existe una vulnerabilidad de denegaci\u00f3n de servicio que afecta a todos los usuarios de las versiones afectadas de Vapor. El controlador de errores HTTP1 cerraba las conexiones cuando se produc\u00edan errores de an\u00e1lisis HTTP en lugar de transmitirlos. El problema se solucion\u00f3 a partir de la versi\u00f3n 4.84.2 de Vapor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,18 +78,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.83.2",
"versionEndExcluding": "4.84.2",
"matchCriteriaId": "E52303C2-AF9E-4F61-86C3-EDD76AD0BB43"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vapor/vapor/commit/090464a654b03148b139a81f8f5ac63b0856f6f3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vapor/vapor/releases/tag/4.84.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/vapor/vapor/security/advisories/GHSA-3mwq-h3g6-ffhm",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-443xx/CVE-2023-44387.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44387",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-05T18:15:12.787",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:46:10.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file."
},
{
"lang": "es",
"value": "Gradle es una herramienta de compilaci\u00f3n centrada en la automatizaci\u00f3n de la compilaci\u00f3n y soporte para el desarrollo en varios idiomas. Al copiar o archivar archivos vinculados simb\u00f3licamente, Gradle los resuelve pero aplica los permisos del enlace simb\u00f3lico en lugar de los permisos del archivo vinculado al archivo resultante. Esto lleva a que los archivos tengan demasiados permisos, dado que los enlaces simb\u00f3licos suelen ser legibles y escribibles por todo el mundo. Si bien es poco probable que esto resulte en una vulnerabilidad directa para la compilaci\u00f3n afectada, puede abrir vectores de ataque dependiendo de d\u00f3nde terminen copi\u00e1ndose o desarchiv\u00e1ndose los artefactos de la compilaci\u00f3n. En las versiones 7.6.3, 8.4 y superiores, Gradle ahora usar\u00e1 correctamente los permisos del archivo al que apunta el enlace simb\u00f3lico para establecer los permisos del archivo copiado o archivado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.6.3",
"matchCriteriaId": "77803A01-94E7-4C76-BAF3-ED44AE596010"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradle:gradle:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.4.0",
"matchCriteriaId": "E104EF19-8B72-4A31-B2AC-8312F7C6452F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/gradle/gradle/releases/tag/v7.6.3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/gradle/gradle/releases/tag/v8.4.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-447xx/CVE-2023-44758.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-44758",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T11:15:11.260",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:19:53.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title."
},
{
"lang": "es",
"value": "GDidees CMS 3.0 se ve afectado por una vulnerabilidad de Cross-Site Scripting (XSS) que permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el t\u00edtulo de la p\u00e1gina."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gdidees:gdidees_cms:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA055D4-014E-400B-B6CF-F686ED1E2BC9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/sromanhu/GDidees-CMS-Stored-XSS---Title/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-448xx/CVE-2023-44860.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-44860",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T23:15:11.120",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:54:51.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request."
},
{
"lang": "es",
"value": "Un problema en NETIS SYSTEMS N3Mv2 v.1.0.1.865 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s del componente de autorizaci\u00f3n en la solicitud HTTP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3A2D7D-91F7-474B-94E3-4D1E4702ADA5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/Improper%20Authentication%20Mechanism%20Leading%20to%20Denial-of-Service%20(DoS).md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

36
CVE-2023/CVE-2023-44xx/CVE-2023-4469.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4469",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-06T10:15:18.527",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:19:06.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields."
},
{
"lang": "es",
"value": "El complemento Profile Extra Fields de BestWebSoft para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n prflxtrflds_export_file en versiones hasta la 1.2.7 incluida. Esto hace posible que atacantes no autenticados expongan datos de usuario potencialmente confidenciales, incluidos los datos ingresados en campos personalizados."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bestwebsoft:profile_extra_fields:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.7",
"matchCriteriaId": "F67B9BFC-509E-4CB4-AAB0-9343B1EDA232"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/2975179/profile-extra-fields",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-451xx/CVE-2023-45159.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45159",
"sourceIdentifier": "security@1e.com",
"published": "2023-10-05T11:15:14.063",
"lastModified": "2023-10-05T12:53:40.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:18:28.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "1E Client installer can perform arbitrary file deletion on protected files.\u00a0\u00a0\n\nA non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces\u00a0the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.\n\n"
},
{
"lang": "es",
"value": "El instalador de 1E Client puede realizar la eliminaci\u00f3n arbitraria de archivos protegidos. Un usuario sin privilegios podr\u00eda proporcionar un enlace simb\u00f3lico o una uni\u00f3n de Windows para apuntar a un directorio protegido en el instalador que el Cliente 1E borrar\u00eda al iniciar el servicio. Hay una revisi\u00f3n disponible Q23092 que obliga al cliente 1E a buscar un enlace o cruce simb\u00f3lico y, si encuentra uno, se niega a usar esa ruta y en su lugar crea una ruta que involucra un GUID aleatorio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "security@1e.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "security@1e.com",
"type": "Secondary",
@ -46,10 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1e:client:8.1.2.62:*:*:*:*:windows:*:*",
"matchCriteriaId": "EF79F84B-2408-44F9-A7AD-D9CAB9C34A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1e:client:8.4.1.159:*:*:*:*:windows:*:*",
"matchCriteriaId": "4A156058-6634-4C59-831B-9A6E7C95BE84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1e:client:9.0.1.88:*:*:*:*:windows:*:*",
"matchCriteriaId": "66EA1F19-4432-4D9F-82DD-91062B54284B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:1e:client:23.7.1.151:*:*:*:*:windows:*:*",
"matchCriteriaId": "73A8F998-B3AF-46C6-B4E5-3FEF6EA25A99"
}
]
}
]
}
],
"references": [
{
"url": "https://www.1e.com/trust-security-compliance/cve-info/",
"source": "security@1e.com"
"source": "security@1e.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-451xx/CVE-2023-45198.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-45198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-05T05:15:42.257",
"lastModified": "2023-10-05T12:53:40.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:15:31.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ftpd before \"NetBSD-ftpd 20230930\" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable."
},
{
"lang": "es",
"value": "ftpd antes de \"NetBSD-ftpd 20230930\" puede filtrar informaci\u00f3n sobre el sistema de archivos del host antes de la autenticaci\u00f3n mediante un comando MLSD o MLST. tnftpd (la versi\u00f3n port\u00e1til de NetBSD ftpd) anterior a 20231001 tambi\u00e9n es vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netbsd:ftpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-09-30",
"matchCriteriaId": "D23DFEC0-011A-4066-8D10-CF671F9A01D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netbsd:tnftpd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023-10-01",
"matchCriteriaId": "C2404151-669D-403F-951D-7F4795BA2033"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpcmd.y.diff?r1=1.94&r2=1.95",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://mail-index.netbsd.org/source-changes/2023/09/22/msg147669.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

85
CVE-2023/CVE-2023-452xx/CVE-2023-45246.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-45246",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-06T11:15:11.447",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:20:21.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343."
},
{
"lang": "es",
"value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por autenticaci\u00f3n inadecuada. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 36343."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -35,6 +61,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "security@acronis.com",
"type": "Secondary",
@ -46,10 +82,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*",
"versionEndIncluding": "c23.08",
"matchCriteriaId": "C5CBB48A-D5E0-489C-BA7D-4D5DA86834AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-5903",
"source": "security@acronis.com"
"source": "security@acronis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

31
CVE-2023/CVE-2023-45xx/CVE-2023-4530.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4530",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-10-06T10:15:18.630",
"lastModified": "2023-10-06T12:48:29.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:19:19.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.\n\n"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"SQL Injection\") en el Panel de administraci\u00f3n de Turna Advertising permite la inyecci\u00f3n de SQL. Este problema afecta al Panel de administraci\u00f3n de publicidad: versiones anteriores a 1.1."
}
],
"metrics": {
@ -46,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:turnatasarim:advertising_administration_panel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1",
"matchCriteriaId": "50B678EC-1E67-434E-8272-17A26D9481D3"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0571",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-49xx/CVE-2023-4936.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-4936",
"sourceIdentifier": "PSIRT@synaptics.com",
"published": "2023-10-11T17:15:11.117",
"lastModified": "2023-10-11T17:15:11.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "It is possible to sideload a compromised DLL during the installation at elevated privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "PSIRT@synaptics.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "PSIRT@synaptics.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.synaptics.com/",
"source": "PSIRT@synaptics.com"
},
{
"url": "https://www.synaptics.com/products/displaylink-graphics/downloads/windows",
"source": "PSIRT@synaptics.com"
},
{
"url": "https://www.synaptics.com/sites/default/files/nr-154525-tc-synaptics_displaylink_windows_driver_security_brief_-_oct2023.pdf",
"source": "PSIRT@synaptics.com"
}
]
}

5735
CVE-2023/CVE-2023-51xx/CVE-2023-5113.json
View File

File diff suppressed because it is too large Load Diff

14
CVE-2023/CVE-2023-51xx/CVE-2023-5197.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5197",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-27T15:19:43.110",
"lastModified": "2023-10-02T20:21:40.120",
"lastModified": "2023-10-11T16:23:47.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 4.7
},
{
"source": "cve-coordination@google.com",

63
CVE-2023/CVE-2023-52xx/CVE-2023-5201.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5201",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-30T03:15:09.547",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T16:32:31.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site."
},
{
"lang": "es",
"value": "El complemento OpenHook para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo en versiones hasta la 4.3.0 incluida a trav\u00e9s del c\u00f3digo corto 'php'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores ejecutar c\u00f3digo en el servidor. Esto requiere que la configuraci\u00f3n del c\u00f3digo corto [php] est\u00e9 habilitada en el sitio vulnerable."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -46,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rickbeckman:openhook:*:*:*:*:wordpress:*:*:*",
"versionEndIncluding": "4.3.0",
"matchCriteriaId": "668B9B94-B097-494D-8BE0-C549ABF7F1A0"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.0/inc/shortcodes.php#L28",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/thesis-openhook/tags/4.3.1/inc/shortcodes.php?rev=2972840#L24",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-52xx/CVE-2023-5262.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5262",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T14:15:11.163",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T16:53:44.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en OpenRapid RapidCMS 1.3.1 y clasificada como cr\u00edtica. La funci\u00f3n isImg del archivo /admin/config/uploadicon.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento fileName conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240871."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openrapid:rapidcms:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CF166-4A08-45F5-9577-38D3CE25AFBA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRapid/rapidcms/issues/10",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/yhy217/rapidcms-vul/issues/5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.240871",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240871",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-52xx/CVE-2023-5264.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5264",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.593",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T16:35:24.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en huakecms 3.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/cms_content.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento cid conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-240877."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:huakecms:huakecms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D98A81C-D83A-4D86-A716-75094FFDED7A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/huakecms-vul/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.240877",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240877",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-52xx/CVE-2023-5266.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5266",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T15:15:10.750",
"lastModified": "2023-09-29T15:52:15.247",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:23:59.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en DedeBIZ 6.2 y clasificada como cr\u00edtica. Esto afecta a una parte desconocida del archivo /src/admin/tags_main.php. La manipulaci\u00f3n de los identificadores de argumentos conduce a la inyecci\u00f3n de SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-240879."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4240B26E-641D-4E8C-8001-B86FA8388C57"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/dedebiz--vul/blob/main/time_injection.zip",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/yhy217/dedebiz--vul/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://vuldb.com/?ctiid.240879",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240879",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-52xx/CVE-2023-5268.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5268",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-29T16:15:10.617",
"lastModified": "2023-09-29T17:27:25.983",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T17:24:17.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en DedeBIZ 6.2 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo /src/admin/makehtml_taglist_action.php. La manipulaci\u00f3n del argumento mktime conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-240881."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedebiz:dedebiz:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4240B26E-641D-4E8C-8001-B86FA8388C57"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yhy217/dedebiz--vul/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Issue Tracking",
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.240881",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.240881",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-52xx/CVE-2023-5295.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-5295",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-30T03:15:09.710",
"lastModified": "2023-09-30T03:16:35.133",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-11T16:33:05.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Blog Filter para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del c\u00f3digo corto 'vivafbcomment' en versiones hasta la 1.4 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:blog_filter:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4",
"matchCriteriaId": "234C9CF2-B421-4FE7-B63A-E30553F63B58"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/facebook-comment-by-vivacity/tags/1.4/user-file.php#L172",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

82
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-11T16:00:24.797103+00:00
2023-10-11T18:00:25.476971+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-11T15:28:21.907000+00:00
2023-10-11T17:54:51.067000+00:00
```
### Last Data Feed Release
@ -29,46 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227564
227584
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `20`
* [CVE-2023-45396](CVE-2023/CVE-2023-453xx/CVE-2023-45396.json) (`2023-10-11T14:15:09.993`)
* [CVE-2023-4957](CVE-2023/CVE-2023-49xx/CVE-2023-4957.json) (`2023-10-11T14:15:10.047`)
* [CVE-2023-24479](CVE-2023/CVE-2023-244xx/CVE-2023-24479.json) (`2023-10-11T16:15:12.640`)
* [CVE-2023-27380](CVE-2023/CVE-2023-273xx/CVE-2023-27380.json) (`2023-10-11T16:15:12.747`)
* [CVE-2023-28381](CVE-2023/CVE-2023-283xx/CVE-2023-28381.json) (`2023-10-11T16:15:12.827`)
* [CVE-2023-31272](CVE-2023/CVE-2023-312xx/CVE-2023-31272.json) (`2023-10-11T16:15:12.913`)
* [CVE-2023-32632](CVE-2023/CVE-2023-326xx/CVE-2023-32632.json) (`2023-10-11T16:15:12.997`)
* [CVE-2023-32645](CVE-2023/CVE-2023-326xx/CVE-2023-32645.json) (`2023-10-11T16:15:13.073`)
* [CVE-2023-34346](CVE-2023/CVE-2023-343xx/CVE-2023-34346.json) (`2023-10-11T16:15:13.157`)
* [CVE-2023-34354](CVE-2023/CVE-2023-343xx/CVE-2023-34354.json) (`2023-10-11T16:15:13.233`)
* [CVE-2023-34356](CVE-2023/CVE-2023-343xx/CVE-2023-34356.json) (`2023-10-11T16:15:13.320`)
* [CVE-2023-34365](CVE-2023/CVE-2023-343xx/CVE-2023-34365.json) (`2023-10-11T16:15:13.400`)
* [CVE-2023-34426](CVE-2023/CVE-2023-344xx/CVE-2023-34426.json) (`2023-10-11T16:15:13.487`)
* [CVE-2023-35055](CVE-2023/CVE-2023-350xx/CVE-2023-35055.json) (`2023-10-11T16:15:13.567`)
* [CVE-2023-35056](CVE-2023/CVE-2023-350xx/CVE-2023-35056.json) (`2023-10-11T16:15:13.643`)
* [CVE-2023-35193](CVE-2023/CVE-2023-351xx/CVE-2023-35193.json) (`2023-10-11T16:15:13.723`)
* [CVE-2023-35194](CVE-2023/CVE-2023-351xx/CVE-2023-35194.json) (`2023-10-11T16:15:13.797`)
* [CVE-2023-35965](CVE-2023/CVE-2023-359xx/CVE-2023-35965.json) (`2023-10-11T16:15:13.883`)
* [CVE-2023-35966](CVE-2023/CVE-2023-359xx/CVE-2023-35966.json) (`2023-10-11T16:15:13.970`)
* [CVE-2023-35967](CVE-2023/CVE-2023-359xx/CVE-2023-35967.json) (`2023-10-11T16:15:14.050`)
* [CVE-2023-35968](CVE-2023/CVE-2023-359xx/CVE-2023-35968.json) (`2023-10-11T16:15:14.123`)
* [CVE-2023-4936](CVE-2023/CVE-2023-49xx/CVE-2023-4936.json) (`2023-10-11T17:15:11.117`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `60`
* [CVE-2022-27665](CVE-2022/CVE-2022-276xx/CVE-2022-27665.json) (`2023-10-11T14:45:44.747`)
* [CVE-2022-4864](CVE-2022/CVE-2022-48xx/CVE-2022-4864.json) (`2023-10-11T15:24:48.003`)
* [CVE-2022-25852](CVE-2022/CVE-2022-258xx/CVE-2022-25852.json) (`2023-10-11T15:27:34.157`)
* [CVE-2023-34986](CVE-2023/CVE-2023-349xx/CVE-2023-34986.json) (`2023-10-11T14:01:04.407`)
* [CVE-2023-5233](CVE-2023/CVE-2023-52xx/CVE-2023-5233.json) (`2023-10-11T14:10:16.687`)
* [CVE-2023-37538](CVE-2023/CVE-2023-375xx/CVE-2023-37538.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44105](CVE-2023/CVE-2023-441xx/CVE-2023-44105.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44107](CVE-2023/CVE-2023-441xx/CVE-2023-44107.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44108](CVE-2023/CVE-2023-441xx/CVE-2023-44108.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44114](CVE-2023/CVE-2023-441xx/CVE-2023-44114.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44116](CVE-2023/CVE-2023-441xx/CVE-2023-44116.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44118](CVE-2023/CVE-2023-441xx/CVE-2023-44118.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-44119](CVE-2023/CVE-2023-441xx/CVE-2023-44119.json) (`2023-10-11T14:23:06.207`)
* [CVE-2023-34985](CVE-2023/CVE-2023-349xx/CVE-2023-34985.json) (`2023-10-11T14:28:07.943`)
* [CVE-2023-34987](CVE-2023/CVE-2023-349xx/CVE-2023-34987.json) (`2023-10-11T14:28:16.647`)
* [CVE-2023-34988](CVE-2023/CVE-2023-349xx/CVE-2023-34988.json) (`2023-10-11T14:28:24.797`)
* [CVE-2023-34989](CVE-2023/CVE-2023-349xx/CVE-2023-34989.json) (`2023-10-11T14:28:40.233`)
* [CVE-2023-34993](CVE-2023/CVE-2023-349xx/CVE-2023-34993.json) (`2023-10-11T14:29:10.010`)
* [CVE-2023-36547](CVE-2023/CVE-2023-365xx/CVE-2023-36547.json) (`2023-10-11T14:29:22.937`)
* [CVE-2023-36548](CVE-2023/CVE-2023-365xx/CVE-2023-36548.json) (`2023-10-11T14:29:33.770`)
* [CVE-2023-36549](CVE-2023/CVE-2023-365xx/CVE-2023-36549.json) (`2023-10-11T14:30:18.603`)
* [CVE-2023-36550](CVE-2023/CVE-2023-365xx/CVE-2023-36550.json) (`2023-10-11T14:30:45.603`)
* [CVE-2023-1437](CVE-2023/CVE-2023-14xx/CVE-2023-1437.json) (`2023-10-11T15:15:09.400`)
* [CVE-2023-28321](CVE-2023/CVE-2023-283xx/CVE-2023-28321.json) (`2023-10-11T15:15:09.543`)
* [CVE-2023-44981](CVE-2023/CVE-2023-449xx/CVE-2023-44981.json) (`2023-10-11T15:15:09.733`)
* [CVE-2023-44232](CVE-2023/CVE-2023-442xx/CVE-2023-44232.json) (`2023-10-11T17:34:46.240`)
* [CVE-2023-40648](CVE-2023/CVE-2023-406xx/CVE-2023-40648.json) (`2023-10-11T17:35:02.967`)
* [CVE-2023-40649](CVE-2023/CVE-2023-406xx/CVE-2023-40649.json) (`2023-10-11T17:35:11.907`)
* [CVE-2023-40650](CVE-2023/CVE-2023-406xx/CVE-2023-40650.json) (`2023-10-11T17:35:18.570`)
* [CVE-2023-40651](CVE-2023/CVE-2023-406xx/CVE-2023-40651.json) (`2023-10-11T17:35:31.657`)
* [CVE-2023-40652](CVE-2023/CVE-2023-406xx/CVE-2023-40652.json) (`2023-10-11T17:35:49.427`)
* [CVE-2023-40642](CVE-2023/CVE-2023-406xx/CVE-2023-40642.json) (`2023-10-11T17:36:05.063`)
* [CVE-2023-40643](CVE-2023/CVE-2023-406xx/CVE-2023-40643.json) (`2023-10-11T17:36:14.043`)
* [CVE-2023-40644](CVE-2023/CVE-2023-406xx/CVE-2023-40644.json) (`2023-10-11T17:36:21.670`)
* [CVE-2023-40645](CVE-2023/CVE-2023-406xx/CVE-2023-40645.json) (`2023-10-11T17:36:33.700`)
* [CVE-2023-40646](CVE-2023/CVE-2023-406xx/CVE-2023-40646.json) (`2023-10-11T17:36:47.633`)
* [CVE-2023-40647](CVE-2023/CVE-2023-406xx/CVE-2023-40647.json) (`2023-10-11T17:36:55.953`)
* [CVE-2023-44231](CVE-2023/CVE-2023-442xx/CVE-2023-44231.json) (`2023-10-11T17:37:04.393`)
* [CVE-2023-43260](CVE-2023/CVE-2023-432xx/CVE-2023-43260.json) (`2023-10-11T17:37:27.503`)
* [CVE-2023-30690](CVE-2023/CVE-2023-306xx/CVE-2023-30690.json) (`2023-10-11T17:37:55.533`)
* [CVE-2023-32971](CVE-2023/CVE-2023-329xx/CVE-2023-32971.json) (`2023-10-11T17:38:24.087`)
* [CVE-2023-43261](CVE-2023/CVE-2023-432xx/CVE-2023-43261.json) (`2023-10-11T17:39:00.060`)
* [CVE-2023-5113](CVE-2023/CVE-2023-51xx/CVE-2023-5113.json) (`2023-10-11T17:41:34.833`)
* [CVE-2023-42755](CVE-2023/CVE-2023-427xx/CVE-2023-42755.json) (`2023-10-11T17:42:18.387`)
* [CVE-2023-42754](CVE-2023/CVE-2023-427xx/CVE-2023-42754.json) (`2023-10-11T17:42:42.080`)
* [CVE-2023-44387](CVE-2023/CVE-2023-443xx/CVE-2023-44387.json) (`2023-10-11T17:46:10.753`)
* [CVE-2023-44386](CVE-2023/CVE-2023-443xx/CVE-2023-44386.json) (`2023-10-11T17:47:30.137`)
* [CVE-2023-43793](CVE-2023/CVE-2023-437xx/CVE-2023-43793.json) (`2023-10-11T17:47:46.247`)
* [CVE-2023-44384](CVE-2023/CVE-2023-443xx/CVE-2023-44384.json) (`2023-10-11T17:49:49.353`)
* [CVE-2023-44860](CVE-2023/CVE-2023-448xx/CVE-2023-44860.json) (`2023-10-11T17:54:51.067`)
## Download and Usage