admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-10T22:00:25.045996+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-10 22:00:28 +00:00
parent 421f71b37e
commit e88bf0f591
20 changed files with 1102 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
CVE-2022/CVE-2022-343xx/CVE-2022-34355.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-34355",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-06T21:15:10.743",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:41:30.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498."
},
{
"lang": "es",
"value": "IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1 y 7.0.2) podr\u00eda revelar informaci\u00f3n confidencial de la versi\u00f3n a un usuario que podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 230498."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC9B60C-F4C7-40EB-AF44-28ABE46157D8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:collaborative_lifecycle_management:6.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06699AD1-2DB4-4A97-B02B-79BA3DE0AEC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1E70C2-4189-4DA2-8A14-6FE04D4093CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76A44AB0-E777-48F4-AEE9-AD32397B7F9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_management:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE002557-60D2-46E8-9E40-A8C3DF516C42"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/230498",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7046995",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-309xx/CVE-2023-30995.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30995",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-09-08T21:15:45.027",
"lastModified": "2023-09-12T20:31:35.640",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-10T20:15:09.650",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268."
"value": "IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268."
},
{
"lang": "es",
"value": "IBM Aspera Faspex 5.0.5 podr\u00eda permitir a un actor malicioso eludir las restricciones de la lista blanca de IPs utilizando una solicitud HTTP especialmente manipulada. ID de IBM X-Force: 254268."
}
],
"metrics": {
@ -112,6 +116,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7048851",
"source": "psirt@us.ibm.com"
}
]
}

104
CVE-2023/CVE-2023-329xx/CVE-2023-32972.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32972",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.170",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:54:43.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: \nQTS 5.0.1.2425 compilaci\u00f3n 20230609 y posteriores \nQTS 5.1.0.2444 compilaci\u00f3n 20230629 y posteriores \nQTS 4.5.4.2467 compilaci\u00f3n 20230718 y posteriores \nQuTS hero h5.0.1.2515 compilaci\u00f3n 20230907 y posteriores \nQuTS hero h5. 1.0.2424 compilaci\u00f3n 20230609 y posteriores \nQuTS hero h4.5.4.2476 compilaci\u00f3n 20230728 y posteriores \nQuTScloud c5.1.0.2498 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@ -50,10 +84,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5.0",
"versionEndExcluding": "4.5.4.2467",
"matchCriteriaId": "956A4907-29B5-4CB4-BA77-9472E25C2246"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.0.1.2425",
"matchCriteriaId": "C6143075-6287-4B3D-A59D-7EA7415C7F07"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.1.0",
"versionEndExcluding": "5.1.0.2444",
"matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h4.5.0",
"versionEndExcluding": "h4.5.4.2476",
"matchCriteriaId": "039CB063-5347-4F85-B6DE-430A94C0B3DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.0.0",
"versionEndExcluding": "h5.0.1.2515",
"matchCriteriaId": "703732BD-834B-4529-A2E8-AF956F5AD674"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
"versionStartIncluding": "h5.1.0",
"versionEndExcluding": "h5.1.0.2424",
"matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
"versionStartIncluding": "c5.0.1",
"versionEndExcluding": "c5.1.0.2498",
"matchCriteriaId": "7D3BB6CC-B9D6-4519-92F5-72F74D1A9C28"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-37",
"source": "security@qnapsecurity.com.tw"
"source": "security@qnapsecurity.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

238
CVE-2023/CVE-2023-358xx/CVE-2023-35803.json
View File

@ -2,19 +2,249 @@
"id": "CVE-2023-35803",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T22:15:09.777",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:04:36.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow."
},
{
"lang": "es",
"value": "IQ Engine anterior a 10.6r2 en dispositivos Extreme Network AP tiene un desbordamiento de b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6r2",
"matchCriteriaId": "3C0E5BA8-6E68-40EA-8D49-75F235483F71"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96D3DFF3-8C35-4860-B904-DDEEA6C68827"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap3000x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4303FD05-94B4-4D42-BBB9-1E5725DC89C6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap302w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B393FA2-8528-4977-B2F3-D42FF4A78E5B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap305c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9384ECB-2EAF-4049-A644-481E9BE00FA9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap305c-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2C4A69-7A54-45E9-9940-99272E41FC21"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap305cx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "001C25E7-F884-4AFD-80DB-40FB6742292B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDCBF18-E614-4F63-8C0A-BF28E47B4D6C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap4000-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA85B9D-5D40-44CA-B345-A9B33E2854D6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap410c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F69587-452F-474A-9389-F9AFE439285C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap410c-1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56CA142E-9947-4854-9F56-1D24F45F7A2D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap460c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0E816A-C583-4985-94D2-E97B8B87A818"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap460s12c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36189326-1798-4312-B61B-BB9DEFB94028"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap460s6c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4207CD0-E7DF-4DAB-BEE6-93387D5C29BB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap5010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E2A0429-3DCB-4E33-9145-D80005B85150"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap5050d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2B1AB3-EB5D-46B3-B5E0-6A7A8151403E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap5050u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8E2F84-964A-49CB-B00C-080669298FB6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap510c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8123B7E3-28A2-4786-95B5-804B8FBF0E53"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap510cx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D76938F-9812-4E8D-9C37-1A05FAE27CD7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98AFB5E8-BBBB-401C-AEEC-CF36DBB1D07E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1053DDC0-0385-4A86-80E1-D4424274F550"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap650x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E838B1A4-542F-421E-967C-7437C449E465"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:extremenetworks:iq_engine:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6r5",
"matchCriteriaId": "B79A1496-89B4-4871-90B1-D8CB936EFB7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap1130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06EE00F8-1B3C-4686-BC66-1015E4C62CAD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap122:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60779E2E-9C16-430C-AAD5-51410B5894E5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap130:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BA56D5-E3C8-402F-8852-F7F9864C3A7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap150w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B91235-8FB7-4BB2-99BC-D53074ECEEE3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2831D50B-3BCE-4166-BDD6-E38317B92E2C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27CCA45A-C187-46AE-825C-0DF85824CD3E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:extremenetworks:ap550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF23B23-0DC0-4C65-BFB1-B09F03902369"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2023-067-iq-engine-acsd-service-buffer-overflow-cve-2023/ba-p/96472",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-361xx/CVE-2023-36123.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-36123",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-07T00:15:11.457",
"lastModified": "2023-10-08T17:50:12.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:47:20.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en Hex-Dragon Plain Craft Launcher 2 versi\u00f3n Alpha 1.3.9, permite a atacantes locales ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plain_craft_launcher_2_project:plain_craft_launcher_2:1.3.9:alpha:*:*:*:*:*:*",
"matchCriteriaId": "2B1DCD3B-066A-4A10-ABD0-0E5D9B7EDF5F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/9Bakabaka/d4559b081ce0577dbf415917afc0efb5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/9Bakabaka/CVE-2023-36123",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

62
CVE-2023/CVE-2023-37xx/CVE-2023-3725.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3725",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-10-06T21:15:10.853",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:44:03.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem"
},
{
"lang": "es",
"value": "Posible vulnerabilidad de desbordamiento del b\u00fafer en el subsistema Zephyr CAN bus"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
@ -50,10 +84,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.4.0",
"matchCriteriaId": "51CECB97-3A81-4A54-AA0A-DB2A1DE18CF2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-2g3m-p6c7-8rr3",
"source": "vulnerabilities@zephyrproject.org"
"source": "vulnerabilities@zephyrproject.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-417xx/CVE-2023-41732.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41732",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T15:15:14.193",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:54:49.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <=\u00a01.0.20 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CodePeople CP Blocks en versiones &lt;= 1.0.20."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dwbooster:cp_blocks:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.21",
"matchCriteriaId": "90F3EA94-030E-47A4-9EF0-05F4AABCEDA5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cp-blocks/wordpress-cp-blocks-plugin-1-0-20-csrf-leading-to-plugin-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-418xx/CVE-2023-41801.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41801",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T15:15:14.263",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:53:59.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <=\u00a04.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento AWP Classifieds Team Ad Directory &amp; Listings by AWP Classifieds en versiones &lt;= 4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awpcp:another_wordpress_classifieds_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.3.1",
"matchCriteriaId": "B7CE82C8-C300-4471-9D8F-97D4D927784C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/another-wordpress-classifieds-plugin/wordpress-classifieds-plugin-ad-directory-listings-plugin-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-419xx/CVE-2023-41950.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41950",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T15:15:14.337",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:40:08.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <=\u00a01.4.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Laposta - en el complemento Roel Bousardt Laposta Signup Basic en versiones &lt;= 1.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:laposta:laposta_signup_basic:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.2",
"matchCriteriaId": "00F7EA11-63A7-4714-94E1-1109E427C663"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/laposta-signup-basic/wordpress-laposta-signup-basic-plugin-1-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-427xx/CVE-2023-42794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42794",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T18:15:18.863",
"lastModified": "2023-10-10T18:20:50.797",
"lastModified": "2023-10-10T21:15:09.440",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/8",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82",
"source": "security@apache.org"

6
CVE-2023/CVE-2023-427xx/CVE-2023-42795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42795",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T18:15:18.933",
"lastModified": "2023-10-10T18:20:50.797",
"lastModified": "2023-10-10T21:15:09.517",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/9",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw",
"source": "security@apache.org"

85
CVE-2023/CVE-2023-433xx/CVE-2023-43321.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-43321",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T22:15:09.887",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:00:32.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en Digital China Networks DCFW-1800-SDC v.3.0 permite a un atacante autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n wget en el componente /sbin/cloudadmin.sh."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dcnetworks:dcfw-1800-sdc_firmware:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5CF6ED-CA19-4CA0-B568-C2162FCC43C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dcnetworks:dcfw-1800-sdc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D86A7642-F577-455A-8E7C-EBEAB27155BD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Push3AX/vul/blob/main/DCN/DCFW_1800_SDC_CommandInjection.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dcnetworks.com.cn/goods/61.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

67
CVE-2023/CVE-2023-438xx/CVE-2023-43809.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.280",
"lastModified": "2023-10-05T00:48:59.587",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:12:47.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting."
},
{
"lang": "es",
"value": "Soft Serve es un servidor Git autohospedable para la l\u00ednea de comandos. Antes de la versi\u00f3n 0.6.2, una vulnerabilidad de seguridad en Soft Serve podr\u00eda permitir a un atacante remoto no autenticado eludir la autenticaci\u00f3n de clave p\u00fablica cuando la autenticaci\u00f3n SSH interactiva con teclado est\u00e1 activa, a trav\u00e9s de la configuraci\u00f3n \"allow-keyless\", y la clave p\u00fablica requiere verificaci\u00f3n adicional del lado del cliente, por ejemplo, utilizando FIDO2 o GPG. Esto se debe a procedimientos de validaci\u00f3n insuficientes del paso de la clave p\u00fablica durante el protocolo de enlace de solicitud SSH, lo que otorga acceso no autorizado si se utiliza el modo de interacci\u00f3n con el teclado. Un atacante podr\u00eda aprovechar esta vulnerabilidad presentando solicitudes SSH manipuladas utilizando el modo de autenticaci\u00f3n interactivo con teclado. Potencialmente, esto podr\u00eda resultar en un acceso no autorizado al Soft Serve. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Soft Serve `v0.6.2` para recibir el parche para este problema. Como workaround esta vulnerabilidad sin realizar una actualizaci\u00f3n, los usuarios pueden desactivar temporalmente la autenticaci\u00f3n SSH interactiva con teclado utilizando la configuraci\u00f3n \"allow-keyless\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:charm:soft_serve:*:*:*:*:*:go:*:*",
"versionEndExcluding": "0.6.2",
"matchCriteriaId": "962411DB-9A36-4D48-B5E5-BAC38703E87D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/charmbracelet/soft-serve/issues/389",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-441xx/CVE-2023-44146.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44146",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T15:15:14.413",
"lastModified": "2023-10-06T15:25:02.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:49:38.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <=\u00a03.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Checkfront Inc. Checkfront Online Booking System en versiones &lt;= 3.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:checkfront:checkfront_online_booking_system:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.7",
"matchCriteriaId": "1ABCE7D9-8420-4DDA-A2C8-09F0A7CFC93D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/checkfront-wp-booking/wordpress-checkfront-online-booking-system-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

22
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-10T19:15:09.597",
"lastModified": "2023-10-10T21:15:09.593",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -112,10 +112,6 @@
"url": "https://github.com/haproxy/haproxy/issues/2312",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/hyperium/hyper/issues/3337",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
"source": "cve@mitre.org"
@ -148,6 +144,10 @@
"url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
"source": "cve@mitre.org"
},
{
"url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q",
"source": "cve@mitre.org"
},
{
"url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html",
"source": "cve@mitre.org"
@ -180,6 +180,14 @@
"url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
"source": "cve@mitre.org"
},
{
"url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected",
"source": "cve@mitre.org"
},
{
"url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14",
"source": "cve@mitre.org"
},
{
"url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
"source": "cve@mitre.org"
@ -188,6 +196,10 @@
"url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/10/10/6",
"source": "cve@mitre.org"
},
{
"url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
"source": "cve@mitre.org"

85
CVE-2023/CVE-2023-448xx/CVE-2023-44807.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2023-44807",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T17:15:12.837",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:16:41.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function."
},
{
"lang": "es",
"value": "D-Link DIR-820L 1.05B03 tiene una vulnerabilidad de desbordamiento de pila en la funci\u00f3n de cancelPing."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-820l_firmware:1.05b03:*:*:*:*:*:*:*",
"matchCriteriaId": "5195E86A-22A4-412B-B22C-614A68942FB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-820l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88CE60CD-DCDA-43E0-80A9-257557EDBC29"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-453xx/CVE-2023-45312.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T21:15:09.680",
"lastModified": "2023-10-10T21:15:09.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability."
}
],
"metrics": {},
"references": [
{
"url": "https://medium.com/@_sadshade/almost-2000-telegram-proxy-servers-are-potentially-vulnerable-to-rce-since-2018-742a455be16b",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-456xx/CVE-2023-45648.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45648",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-10T19:15:09.690",
"lastModified": "2023-10-10T19:37:40.180",
"lastModified": "2023-10-10T21:15:09.733",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/10/10",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp",
"source": "security@apache.org"

61
CVE-2023/CVE-2023-52xx/CVE-2023-5214.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5214",
"sourceIdentifier": "security@puppet.com",
"published": "2023-10-06T18:15:12.453",
"lastModified": "2023-10-06T19:41:01.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-10T20:24:44.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.\n"
},
{
"lang": "es",
"value": "En las versiones de Puppet Bolt anteriores a la 3.27.4, se identific\u00f3 una ruta para escalar privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@puppet.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "security@puppet.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:puppet:bolt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.27.4",
"matchCriteriaId": "114EBD77-410E-4D7E-9253-1142CC5786AA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates",
"source": "security@puppet.com"
"source": "security@puppet.com",
"tags": [
"Not Applicable"
]
}
]
}

78
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-10T20:00:25.815099+00:00
2023-10-10T22:00:25.045996+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-10T19:40:06.293000+00:00
2023-10-10T21:15:09.733000+00:00
```
### Last Data Feed Release
@ -29,68 +29,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227516
227517
```
### CVEs added in the last Commit
Recently added CVEs: `110`
Recently added CVEs: `1`
* [CVE-2023-36435](CVE-2023/CVE-2023-364xx/CVE-2023-36435.json) (`2023-10-10T18:15:12.680`)
* [CVE-2023-36436](CVE-2023/CVE-2023-364xx/CVE-2023-36436.json) (`2023-10-10T18:15:12.737`)
* [CVE-2023-36438](CVE-2023/CVE-2023-364xx/CVE-2023-36438.json) (`2023-10-10T18:15:12.803`)
* [CVE-2023-36557](CVE-2023/CVE-2023-365xx/CVE-2023-36557.json) (`2023-10-10T18:15:12.867`)
* [CVE-2023-36561](CVE-2023/CVE-2023-365xx/CVE-2023-36561.json) (`2023-10-10T18:15:12.930`)
* [CVE-2023-36563](CVE-2023/CVE-2023-365xx/CVE-2023-36563.json) (`2023-10-10T18:15:13.003`)
* [CVE-2023-36564](CVE-2023/CVE-2023-365xx/CVE-2023-36564.json) (`2023-10-10T18:15:13.070`)
* [CVE-2023-36565](CVE-2023/CVE-2023-365xx/CVE-2023-36565.json) (`2023-10-10T18:15:13.137`)
* [CVE-2023-36566](CVE-2023/CVE-2023-365xx/CVE-2023-36566.json) (`2023-10-10T18:15:13.200`)
* [CVE-2023-36567](CVE-2023/CVE-2023-365xx/CVE-2023-36567.json) (`2023-10-10T18:15:13.260`)
* [CVE-2023-36568](CVE-2023/CVE-2023-365xx/CVE-2023-36568.json) (`2023-10-10T18:15:13.323`)
* [CVE-2023-36569](CVE-2023/CVE-2023-365xx/CVE-2023-36569.json) (`2023-10-10T18:15:13.387`)
* [CVE-2023-36570](CVE-2023/CVE-2023-365xx/CVE-2023-36570.json) (`2023-10-10T18:15:13.450`)
* [CVE-2023-36571](CVE-2023/CVE-2023-365xx/CVE-2023-36571.json) (`2023-10-10T18:15:13.510`)
* [CVE-2023-36572](CVE-2023/CVE-2023-365xx/CVE-2023-36572.json) (`2023-10-10T18:15:13.573`)
* [CVE-2023-29348](CVE-2023/CVE-2023-293xx/CVE-2023-29348.json) (`2023-10-10T18:15:11.830`)
* [CVE-2023-35349](CVE-2023/CVE-2023-353xx/CVE-2023-35349.json) (`2023-10-10T18:15:11.923`)
* [CVE-2023-36414](CVE-2023/CVE-2023-364xx/CVE-2023-36414.json) (`2023-10-10T18:15:12.000`)
* [CVE-2023-36415](CVE-2023/CVE-2023-364xx/CVE-2023-36415.json) (`2023-10-10T18:15:12.070`)
* [CVE-2023-36416](CVE-2023/CVE-2023-364xx/CVE-2023-36416.json) (`2023-10-10T18:15:12.127`)
* [CVE-2023-36417](CVE-2023/CVE-2023-364xx/CVE-2023-36417.json) (`2023-10-10T18:15:12.190`)
* [CVE-2023-36418](CVE-2023/CVE-2023-364xx/CVE-2023-36418.json) (`2023-10-10T18:15:12.247`)
* [CVE-2023-36419](CVE-2023/CVE-2023-364xx/CVE-2023-36419.json) (`2023-10-10T18:15:12.300`)
* [CVE-2023-31096](CVE-2023/CVE-2023-310xx/CVE-2023-31096.json) (`2023-10-10T19:15:09.530`)
* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-10T19:15:09.690`)
* [CVE-2023-45312](CVE-2023/CVE-2023-453xx/CVE-2023-45312.json) (`2023-10-10T21:15:09.680`)
### CVEs modified in the last Commit
Recently modified CVEs: `24`
Recently modified CVEs: `18`
* [CVE-2022-33160](CVE-2022/CVE-2022-331xx/CVE-2022-33160.json) (`2023-10-10T19:33:22.613`)
* [CVE-2023-42808](CVE-2023/CVE-2023-428xx/CVE-2023-42808.json) (`2023-10-10T18:31:06.820`)
* [CVE-2023-43793](CVE-2023/CVE-2023-437xx/CVE-2023-43793.json) (`2023-10-10T18:44:48.727`)
* [CVE-2023-4380](CVE-2023/CVE-2023-43xx/CVE-2023-4380.json) (`2023-10-10T18:51:05.010`)
* [CVE-2023-4237](CVE-2023/CVE-2023-42xx/CVE-2023-4237.json) (`2023-10-10T18:51:53.670`)
* [CVE-2023-43799](CVE-2023/CVE-2023-437xx/CVE-2023-43799.json) (`2023-10-10T18:52:02.820`)
* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-10T18:57:47.523`)
* [CVE-2023-3971](CVE-2023/CVE-2023-39xx/CVE-2023-3971.json) (`2023-10-10T19:11:16.463`)
* [CVE-2023-3665](CVE-2023/CVE-2023-36xx/CVE-2023-3665.json) (`2023-10-10T19:11:44.630`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T19:15:09.597`)
* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-10-10T19:15:09.767`)
* [CVE-2023-4128](CVE-2023/CVE-2023-41xx/CVE-2023-4128.json) (`2023-10-10T19:15:09.883`)
* [CVE-2023-22515](CVE-2023/CVE-2023-225xx/CVE-2023-22515.json) (`2023-10-10T19:22:02.770`)
* [CVE-2023-41654](CVE-2023/CVE-2023-416xx/CVE-2023-41654.json) (`2023-10-10T19:22:19.100`)
* [CVE-2023-41650](CVE-2023/CVE-2023-416xx/CVE-2023-41650.json) (`2023-10-10T19:22:25.553`)
* [CVE-2023-43058](CVE-2023/CVE-2023-430xx/CVE-2023-43058.json) (`2023-10-10T19:24:52.810`)
* [CVE-2023-2306](CVE-2023/CVE-2023-23xx/CVE-2023-2306.json) (`2023-10-10T19:28:52.517`)
* [CVE-2023-5452](CVE-2023/CVE-2023-54xx/CVE-2023-5452.json) (`2023-10-10T19:34:10.860`)
* [CVE-2023-23366](CVE-2023/CVE-2023-233xx/CVE-2023-23366.json) (`2023-10-10T19:35:17.273`)
* [CVE-2023-23365](CVE-2023/CVE-2023-233xx/CVE-2023-23365.json) (`2023-10-10T19:35:30.007`)
* [CVE-2023-44243](CVE-2023/CVE-2023-442xx/CVE-2023-44243.json) (`2023-10-10T19:35:39.473`)
* [CVE-2023-44233](CVE-2023/CVE-2023-442xx/CVE-2023-44233.json) (`2023-10-10T19:35:47.653`)
* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-10T19:37:06.347`)
* [CVE-2023-41094](CVE-2023/CVE-2023-410xx/CVE-2023-41094.json) (`2023-10-10T19:40:06.293`)
* [CVE-2022-34355](CVE-2022/CVE-2022-343xx/CVE-2022-34355.json) (`2023-10-10T20:41:30.020`)
* [CVE-2023-43321](CVE-2023/CVE-2023-433xx/CVE-2023-43321.json) (`2023-10-10T20:00:32.087`)
* [CVE-2023-35803](CVE-2023/CVE-2023-358xx/CVE-2023-35803.json) (`2023-10-10T20:04:36.633`)
* [CVE-2023-43809](CVE-2023/CVE-2023-438xx/CVE-2023-43809.json) (`2023-10-10T20:12:47.170`)
* [CVE-2023-30995](CVE-2023/CVE-2023-309xx/CVE-2023-30995.json) (`2023-10-10T20:15:09.650`)
* [CVE-2023-44807](CVE-2023/CVE-2023-448xx/CVE-2023-44807.json) (`2023-10-10T20:16:41.627`)
* [CVE-2023-5214](CVE-2023/CVE-2023-52xx/CVE-2023-5214.json) (`2023-10-10T20:24:44.750`)
* [CVE-2023-41950](CVE-2023/CVE-2023-419xx/CVE-2023-41950.json) (`2023-10-10T20:40:08.160`)
* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-10-10T20:44:03.887`)
* [CVE-2023-36123](CVE-2023/CVE-2023-361xx/CVE-2023-36123.json) (`2023-10-10T20:47:20.130`)
* [CVE-2023-44146](CVE-2023/CVE-2023-441xx/CVE-2023-44146.json) (`2023-10-10T20:49:38.620`)
* [CVE-2023-41801](CVE-2023/CVE-2023-418xx/CVE-2023-41801.json) (`2023-10-10T20:53:59.430`)
* [CVE-2023-32972](CVE-2023/CVE-2023-329xx/CVE-2023-32972.json) (`2023-10-10T20:54:43.317`)
* [CVE-2023-41732](CVE-2023/CVE-2023-417xx/CVE-2023-41732.json) (`2023-10-10T20:54:49.370`)
* [CVE-2023-42794](CVE-2023/CVE-2023-427xx/CVE-2023-42794.json) (`2023-10-10T21:15:09.440`)
* [CVE-2023-42795](CVE-2023/CVE-2023-427xx/CVE-2023-42795.json) (`2023-10-10T21:15:09.517`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T21:15:09.593`)
* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-10T21:15:09.733`)
## Download and Usage