mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-09-17 18:45:49 +00:00
Auto-Update: 2023-11-08T15:00:18.797171+00:00
This commit is contained in:
cad-safe-bot
parent
798188f172
commit
e92bfb7587
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2021-33636",
|
||||
"sourceIdentifier": "securities@openeuler.org",
|
||||
"published": "2023-10-29T08:15:20.707",
|
||||
"lastModified": "2023-10-30T11:54:30.703",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:36:12.577",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Cuando el comando isula load se utiliza para cargar im\u00e1genes maliciosas, los atacantes pueden ejecutar c\u00f3digo arbitrario."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "securities@openeuler.org",
|
||||
"type": "Secondary",
|
||||
@ -35,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "securities@openeuler.org",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +80,54 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.0.8-20210518.144540:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "51FA2EC1-A161-4862-A120-CD48ABF49BBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.0.18-10:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8848DE4D-ADA9-4E92-9FB9-DB53D3733173"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.1.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F3205F81-7008-467C-A79A-BBD521231D48"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2021-33637",
|
||||
"sourceIdentifier": "securities@openeuler.org",
|
||||
"published": "2023-10-29T08:15:20.763",
|
||||
"lastModified": "2023-10-30T11:54:30.703",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:12:00.513",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Cuando el comando isula export se utiliza para exportar un contenedor a una imagen y el contenedor est\u00e1 controlado por un atacante, el atacante puede escapar del contenedor."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.0,
|
||||
"impactScore": 4.0
|
||||
},
|
||||
{
|
||||
"source": "securities@openeuler.org",
|
||||
"type": "Secondary",
|
||||
@ -35,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "securities@openeuler.org",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +80,54 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.0.8-20210518.144540:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "51FA2EC1-A161-4862-A120-CD48ABF49BBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.0.18-10:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8848DE4D-ADA9-4E92-9FB9-DB53D3733173"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openeuler:isula:2.1.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F3205F81-7008-467C-A79A-BBD521231D48"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
|
||||
"source": "securities@openeuler.org"
|
||||
"source": "securities@openeuler.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43619",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.143",
|
||||
"lastModified": "2023-04-06T15:05:59.617",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -94,13 +94,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -110,8 +110,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43620",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.207",
|
||||
"lastModified": "2023-04-06T15:06:27.990",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43621",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.270",
|
||||
"lastModified": "2023-04-06T15:06:48.767",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43622",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.333",
|
||||
"lastModified": "2023-04-06T15:07:03.080",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43623",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.403",
|
||||
"lastModified": "2023-04-06T14:47:55.050",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43624",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.490",
|
||||
"lastModified": "2023-04-06T15:05:08.527",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43625",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.563",
|
||||
"lastModified": "2023-04-06T15:05:22.093",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43626",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.647",
|
||||
"lastModified": "2023-04-06T14:40:44.893",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43627",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.743",
|
||||
"lastModified": "2023-04-05T20:50:48.233",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43628",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.823",
|
||||
"lastModified": "2023-04-05T20:51:02.077",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43629",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.897",
|
||||
"lastModified": "2023-04-05T20:51:16.590",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43630",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:19.983",
|
||||
"lastModified": "2023-04-05T20:49:17.533",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43631",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:20.057",
|
||||
"lastModified": "2023-04-05T20:49:45.933",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43632",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:20.143",
|
||||
"lastModified": "2023-04-05T20:50:15.077",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -84,13 +84,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -100,8 +100,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2022-43633",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2023-03-29T19:15:20.213",
|
||||
"lastModified": "2023-04-05T20:31:25.597",
|
||||
"lastModified": "2023-11-08T13:30:00.990",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -94,13 +94,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99949C04-5E3E-467F-B701-73F068DB85E4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "548F934E-4896-4451-877D-1A178F56978E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:d-link:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2EAFDCA7-887D-4142-86D9-55D1E0F12AA4"
|
||||
"criteria": "cpe:2.3:o:dlink:dir-1935_firmware:1.03:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "723323DF-3E82-4454-8F8D-E1872B9428B0"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -110,8 +110,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:d-link:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8222F4EA-F306-4676-AA0B-03F3E9B1BF7D"
|
||||
"criteria": "cpe:2.3:h:dlink:dir-1935:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A721B868-A508-4F8B-9650-F132ED66E3A0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2022-48613",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:08.400",
|
||||
"lastModified": "2023-11-08T10:15:08.400",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-31421",
|
||||
"sourceIdentifier": "bressers@elastic.co",
|
||||
"published": "2023-10-26T04:15:16.000",
|
||||
"lastModified": "2023-10-26T11:44:17.377",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:17:30.160",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "bressers@elastic.co",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-295"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "bressers@elastic.co",
|
||||
"type": "Secondary",
|
||||
@ -50,14 +80,90 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:elastic:elastic_beats:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "8.0.0",
|
||||
"versionEndIncluding": "8.9.2",
|
||||
"matchCriteriaId": "F350E05B-DF03-4D1F-95A4-4F6C14DD1640"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:elastic:elastic_agent:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "8.0.0",
|
||||
"versionEndIncluding": "8.9.2",
|
||||
"matchCriteriaId": "9CB5A9F5-BEFA-472C-A29B-4E71F2B19609"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:elastic:elastic_apm_server:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "8.0.0",
|
||||
"versionEndIncluding": "8.9.2",
|
||||
"matchCriteriaId": "193D58C5-2266-4A8A-87F3-C9D2C5F3890E"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:elastic:elastic_fleet_server:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "8.0.0",
|
||||
"versionEndIncluding": "8.9.2",
|
||||
"matchCriteriaId": "F77F3ECE-C5B8-4BBB-B1B5-986DBCA2C0EE"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385",
|
||||
"source": "bressers@elastic.co"
|
||||
"source": "bressers@elastic.co",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.elastic.co/community/security",
|
||||
"source": "bressers@elastic.co"
|
||||
"source": "bressers@elastic.co",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-3812",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-07-24T16:15:13.337",
|
||||
"lastModified": "2023-11-07T04:19:44.010",
|
||||
"lastModified": "2023-11-08T14:15:07.727",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -33,7 +33,7 @@
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
@ -66,7 +66,7 @@
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
@ -130,6 +130,14 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6799",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6813",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-3812",
|
||||
"source": "secalert@redhat.com",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-39913",
|
||||
"sourceIdentifier": "security@apache.org",
|
||||
"published": "2023-11-08T08:15:08.883",
|
||||
"lastModified": "2023-11-08T08:15:08.883",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-3972",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-11-01T16:15:08.517",
|
||||
"lastModified": "2023-11-07T04:20:03.213",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:15:07.853",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -17,7 +17,7 @@
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
@ -40,7 +40,7 @@
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
@ -67,6 +67,22 @@
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6284",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6795",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6796",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6798",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6811",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-3972",
|
||||
"source": "secalert@redhat.com"
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-4061",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-11-08T01:15:08.693",
|
||||
"lastModified": "2023-11-08T01:15:08.693",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-41111",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-08T08:15:09.080",
|
||||
"lastModified": "2023-11-08T08:15:09.080",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-41112",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-08T08:15:09.327",
|
||||
"lastModified": "2023-11-08T08:15:09.327",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-41270",
|
||||
"sourceIdentifier": "PSIRT@samsung.com",
|
||||
"published": "2023-11-08T07:15:27.367",
|
||||
"lastModified": "2023-11-08T07:15:27.367",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-42361",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-07T22:15:11.167",
|
||||
"lastModified": "2023-11-07T22:15:11.167",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-43803",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2023-10-18T21:15:09.260",
|
||||
"lastModified": "2023-11-02T18:15:09.303",
|
||||
"lastModified": "2023-11-08T13:15:07.720",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -110,6 +110,10 @@
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00005.html",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.nozominetworks.com/blog/security-flaws-affect-a-component-of-the-arduino-create-cloud-ide",
|
||||
"source": "security-advisories@github.com"
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-43984",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-07T23:15:07.680",
|
||||
"lastModified": "2023-11-07T23:15:07.680",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-44098",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T09:15:07.680",
|
||||
"lastModified": "2023-11-08T09:15:07.680",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-44115",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T04:15:07.707",
|
||||
"lastModified": "2023-11-08T04:15:07.707",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-45380",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-07T23:15:07.780",
|
||||
"lastModified": "2023-11-07T23:15:07.780",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-45498",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-10-27T04:15:10.487",
|
||||
"lastModified": "2023-10-30T15:15:41.553",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:08:01.397",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,19 +14,85 @@
|
||||
"value": "Se descubri\u00f3 que VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.* y v7.0.* contiene una vulnerabilidad de inyecci\u00f3n de comandos."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.0",
|
||||
"versionEndIncluding": "7.0",
|
||||
"matchCriteriaId": "918A96B9-89BC-4C83-AE79-A74634E2916C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-45499",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-10-27T04:15:10.617",
|
||||
"lastModified": "2023-10-30T15:15:41.903",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:07:34.800",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,19 +14,85 @@
|
||||
"value": "Se descubri\u00f3 que VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.* y v7.0.* conten\u00eda credenciales codificadas."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-798"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:vinchin:vinchin_backup_and_recovery:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.0",
|
||||
"versionEndIncluding": "7.0",
|
||||
"matchCriteriaId": "918A96B9-89BC-4C83-AE79-A74634E2916C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://seclists.org/fulldisclosure/2023/Oct/31",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-45897",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-10-28T21:15:07.577",
|
||||
"lastModified": "2023-11-02T21:15:09.913",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2023-11-08T13:56:07.750",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,27 +14,96 @@
|
||||
"value": "exfatprogs anteriores a 1.2.2 permiten el acceso a la memoria fuera de los l\u00edmites, como en read_file_dentry_set."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.2
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-125"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:namjaejeon:exfatprogs:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "1.2.2",
|
||||
"matchCriteriaId": "43240CAA-AAC1-4A9B-926C-F1AFAB7E47EB"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://dfir.ru/2023/11/01/cve-2023-45897-a-vulnerability-in-the-linux-exfat-userspace-tools/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/exfatprogs/exfatprogs/releases/tag/1.2.2",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Release Notes"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46001",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-07T22:15:11.473",
|
||||
"lastModified": "2023-11-07T22:15:11.473",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46133",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2023-10-25T21:15:10.093",
|
||||
"lastModified": "2023-10-25T23:05:15.713",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:14:18.310",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.2
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-327"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -54,14 +84,39 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:entronad:cryptoes:*:*:*:*:*:node.js:*:*",
|
||||
"versionEndExcluding": "2.1.0",
|
||||
"matchCriteriaId": "418D3686-F244-48BA-AB46-237018709069"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46483",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-11-08T08:15:09.523",
|
||||
"lastModified": "2023-11-08T08:15:09.523",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,16 +2,44 @@
|
||||
"id": "CVE-2023-46604",
|
||||
"sourceIdentifier": "security@apache.org",
|
||||
"published": "2023-10-27T15:15:14.017",
|
||||
"lastModified": "2023-10-29T01:44:42.707",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T14:28:20.003",
|
||||
"vulnStatus": "Analyzed",
|
||||
"cisaExploitAdd": "2023-11-02",
|
||||
"cisaActionDue": "2023-11-23",
|
||||
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
|
||||
"cisaVulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate\u00a0any class on the classpath.\u00a0\n\nUsers are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Apache ActiveMQ es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. La vulnerabilidad puede permitir que un atacante remoto con acceso a la red de un corredor ejecute comandos de shell arbitrarios manipulando tipos de clases serializadas en el protocolo OpenWire para hacer que el corredor cree una instancia de cualquier clase en el classpath. Se recomienda a los usuarios actualizar a la versi\u00f3n 5.15.16, 5.16.7, 5.17.6 o 5.18.3, que soluciona este problema."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "security@apache.org",
|
||||
"type": "Secondary",
|
||||
@ -46,14 +74,97 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "5.15.16",
|
||||
"matchCriteriaId": "28B695E3-E637-44DC-BF2C-A24943EADBA1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.16.0",
|
||||
"versionEndExcluding": "5.16.7",
|
||||
"matchCriteriaId": "D8A5C039-10BA-4D0E-A243-6B313721C7FF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.17.0",
|
||||
"versionEndExcluding": "5.17.6",
|
||||
"matchCriteriaId": "5C8395C4-40D7-4BD3-970B-3F0E32BCB771"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.18.0",
|
||||
"versionEndExcluding": "5.18.3",
|
||||
"matchCriteriaId": "CDA18155-D2AD-459A-94C7-136F981FD252"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "5.15.16",
|
||||
"matchCriteriaId": "2D92110D-B913-4431-B7EB-0C949544E7B8"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.16.0",
|
||||
"versionEndExcluding": "5.16.7",
|
||||
"matchCriteriaId": "8476D8D6-8394-4CD0-9E8C-41DCD96983BE"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.17.0",
|
||||
"versionEndExcluding": "5.17.6",
|
||||
"matchCriteriaId": "050649B9-4196-4BA1-9323-6B49E45B2E98"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:activemq_legacy_openwire_module:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.18.0",
|
||||
"versionEndExcluding": "5.18.3",
|
||||
"matchCriteriaId": "CE9AE45E-8CDE-4083-A996-D0E90EA0A792"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2023/10/27/5",
|
||||
"source": "security@apache.org"
|
||||
"source": "security@apache.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt",
|
||||
"source": "security@apache.org"
|
||||
"source": "security@apache.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46755",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:08.683",
|
||||
"lastModified": "2023-11-08T10:15:08.683",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46756",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T11:15:08.050",
|
||||
"lastModified": "2023-11-08T11:15:08.050",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46757",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T11:15:09.127",
|
||||
"lastModified": "2023-11-08T11:15:09.127",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46758",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T11:15:09.530",
|
||||
"lastModified": "2023-11-08T11:15:09.530",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46759",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T11:15:09.750",
|
||||
"lastModified": "2023-11-08T11:15:09.750",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46760",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:08.790",
|
||||
"lastModified": "2023-11-08T10:15:08.790",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46761",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.013",
|
||||
"lastModified": "2023-11-08T10:15:09.013",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46762",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.207",
|
||||
"lastModified": "2023-11-08T10:15:09.207",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46763",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.463",
|
||||
"lastModified": "2023-11-08T10:15:09.463",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46764",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.527",
|
||||
"lastModified": "2023-11-08T10:15:09.527",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46765",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.680",
|
||||
"lastModified": "2023-11-08T10:15:09.680",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46766",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:09.740",
|
||||
"lastModified": "2023-11-08T10:15:09.740",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46767",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:10.073",
|
||||
"lastModified": "2023-11-08T10:15:10.073",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46768",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T03:15:07.490",
|
||||
"lastModified": "2023-11-08T03:15:07.490",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46769",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T03:15:07.870",
|
||||
"lastModified": "2023-11-08T03:15:07.870",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46770",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T03:15:08.167",
|
||||
"lastModified": "2023-11-08T03:15:08.167",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46771",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T09:15:07.763",
|
||||
"lastModified": "2023-11-08T09:15:07.763",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46772",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:10.293",
|
||||
"lastModified": "2023-11-08T10:15:10.293",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46774",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T10:15:10.350",
|
||||
"lastModified": "2023-11-08T10:15:10.350",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46792",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:11.640",
|
||||
"lastModified": "2023-11-07T22:15:11.640",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46793",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:12.280",
|
||||
"lastModified": "2023-11-07T22:15:12.280",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46794",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:12.833",
|
||||
"lastModified": "2023-11-07T22:15:12.833",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46795",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:13.063",
|
||||
"lastModified": "2023-11-07T22:15:13.063",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46796",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:13.257",
|
||||
"lastModified": "2023-11-07T22:15:13.257",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:03:25.303",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46797",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:13.447",
|
||||
"lastModified": "2023-11-07T22:15:13.447",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46798",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:13.640",
|
||||
"lastModified": "2023-11-07T22:15:13.640",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46799",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:13.837",
|
||||
"lastModified": "2023-11-07T22:15:13.837",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46800",
|
||||
"sourceIdentifier": "help@fluidattacks.com",
|
||||
"published": "2023-11-07T22:15:14.037",
|
||||
"lastModified": "2023-11-07T22:15:14.037",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-46818",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-10-27T04:15:10.907",
|
||||
"lastModified": "2023-10-27T12:41:08.827",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T13:56:23.527",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,74 @@
|
||||
"value": "Se descubri\u00f3 un problema en ISPConfig antes de 3.2.11p1. Un administrador puede lograr la inyecci\u00f3n de c\u00f3digo PHP en el editor de archivos de idioma si admin_allow_langedit est\u00e1 habilitado."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ispconfig:ispconfig:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "3.2.11",
|
||||
"matchCriteriaId": "2ED70CC8-81CD-4EDD-AC85-19FABB71CB9E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ispconfig:ispconfig:3.2.11:-:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FD518188-907A-48CB-ADE9-F7AB664AA515"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.ispconfig.org/blog/ispconfig-3-2-11p1-released/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Issue Tracking",
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-46846",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-11-03T08:15:07.953",
|
||||
"lastModified": "2023-11-07T14:15:22.977",
|
||||
"lastModified": "2023-11-08T14:15:07.953",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -67,6 +67,22 @@
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6748",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6801",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6803",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6804",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6810",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-46846",
|
||||
"source": "secalert@redhat.com"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-46847",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-11-03T08:15:08.023",
|
||||
"lastModified": "2023-11-07T14:15:23.170",
|
||||
"lastModified": "2023-11-08T14:15:08.053",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -67,6 +67,26 @@
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6748",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6801",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6803",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6804",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6805",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6810",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-46847",
|
||||
"source": "secalert@redhat.com"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-5367",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2023-10-25T20:15:18.323",
|
||||
"lastModified": "2023-11-07T04:23:57.217",
|
||||
"lastModified": "2023-11-08T14:15:08.163",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -37,7 +37,7 @@
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
@ -70,7 +70,7 @@
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "53f830b8-0a3f-465b-8143-3b8a9948e749",
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
@ -165,6 +165,14 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6802",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/errata/RHSA-2023:6808",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-5367",
|
||||
"source": "secalert@redhat.com",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-5801",
|
||||
"sourceIdentifier": "psirt@huawei.com",
|
||||
"published": "2023-11-08T03:15:08.373",
|
||||
"lastModified": "2023-11-08T03:15:08.373",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-5811",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-10-27T01:15:32.383",
|
||||
"lastModified": "2023-11-07T04:24:25.513",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2023-11-08T14:27:21.353",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -17,7 +17,27 @@
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.8,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.7,
|
||||
"impactScore": 2.7
|
||||
},
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
@ -39,7 +59,7 @@
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
@ -65,7 +85,7 @@
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
@ -75,22 +95,58 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:flusity:flusity:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "2.304",
|
||||
"matchCriteriaId": "E9C3388B-D2C5-4EBE-9001-E438E4F263D6"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/flusity/flusity-CMS/commit/6943991c62ed87c7a57989a0cb7077316127def8",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/flusity/flusity-CMS/issues/3",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.243642",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Permissions Required",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.243642",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Permissions Required",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-5812",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-10-27T02:15:07.477",
|
||||
"lastModified": "2023-11-07T20:24:15.947",
|
||||
"lastModified": "2023-11-08T14:55:24.420",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -86,7 +86,7 @@
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -104,9 +104,9 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:flusity:cms:*:*:*:*:*:*:*:*",
|
||||
"criteria": "cpe:2.3:a:flusity:flusity:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "2.304",
|
||||
"matchCriteriaId": "A974EA87-1EBA-4891-AD2A-19BF6AAC0B51"
|
||||
"matchCriteriaId": "E9C3388B-D2C5-4EBE-9001-E438E4F263D6"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-5828",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2023-10-27T20:15:09.227",
|
||||
"lastModified": "2023-11-07T04:24:28.520",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2023-11-08T14:15:31.307",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -17,7 +17,27 @@
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
@ -39,7 +59,7 @@
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
@ -65,7 +85,7 @@
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
@ -75,18 +95,46 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:ontall:longxing_industrial_development_zone_project:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "2023-10-26",
|
||||
"matchCriteriaId": "A10BAA9F-8C7A-491F-8803-607735527ACE"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/Echosssy/-SQL-injection/blob/main/%E5%8D%97%E5%AE%81%E5%B8%82%E5%AE%89%E6%8B%93%E8%BD%AF%E4%BB%B6%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8SQL%20injection.doc",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.243727",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.243727",
|
||||
"source": "cna@vuldb.com"
|
||||
"source": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,15 +2,41 @@
|
||||
"id": "CVE-2023-5832",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2023-10-30T13:15:31.690",
|
||||
"lastModified": "2023-10-30T14:01:39.793",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T13:31:25.740",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Validaci\u00f3n de entrada incorrecta en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.1.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.2
|
||||
}
|
||||
],
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
@ -46,14 +72,40 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.1.0",
|
||||
"matchCriteriaId": "D3415DEB-007D-4160-B318-C69CC1335DB9"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://huntr.com/bounties/afee3726-571f-416e-bba5-0828c815f5df",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,15 +2,41 @@
|
||||
"id": "CVE-2023-5833",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2023-10-30T13:15:31.917",
|
||||
"lastModified": "2023-10-30T14:01:39.793",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T13:22:27.337",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Control de acceso inadecuado en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.1.0."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
],
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
@ -46,14 +72,40 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.1.0",
|
||||
"matchCriteriaId": "D3415DEB-007D-4160-B318-C69CC1335DB9"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://huntr.com/bounties/00ec6847-125b-43e9-9658-d3cace1751d6",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,15 +2,41 @@
|
||||
"id": "CVE-2023-5838",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2023-10-29T01:15:41.137",
|
||||
"lastModified": "2023-10-29T01:44:12.570",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-11-08T13:37:39.370",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Caducidad de sesi\u00f3n insuficiente en el repositorio de GitHub linkstackorg/linkstack anterior a v4.2.9."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
],
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
@ -46,14 +72,40 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:linkstack:linkstack:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "4.2.9",
|
||||
"matchCriteriaId": "709F3049-BCBF-490A-9067-8874199BD9F9"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/linkstackorg/linkstack/commit/02f620092255f07e1d0252a0190fd42ef773ba05",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://huntr.com/bounties/8f6feca3-386d-4897-801c-39b9e3e5eb03",
|
||||
"source": "security@huntr.dev"
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-5941",
|
||||
"sourceIdentifier": "secteam@freebsd.org",
|
||||
"published": "2023-11-08T09:15:07.847",
|
||||
"lastModified": "2023-11-08T09:15:07.847",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-5978",
|
||||
"sourceIdentifier": "secteam@freebsd.org",
|
||||
"published": "2023-11-08T09:15:07.933",
|
||||
"lastModified": "2023-11-08T09:15:07.933",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6001",
|
||||
"sourceIdentifier": "security@yugabyte.com",
|
||||
"published": "2023-11-08T00:15:07.620",
|
||||
"lastModified": "2023-11-08T00:15:07.620",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6002",
|
||||
"sourceIdentifier": "security@yugabyte.com",
|
||||
"published": "2023-11-08T00:15:08.360",
|
||||
"lastModified": "2023-11-08T00:15:08.360",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:58.387",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6012",
|
||||
"sourceIdentifier": "cve-coordination@incibe.es",
|
||||
"published": "2023-11-08T11:15:09.923",
|
||||
"lastModified": "2023-11-08T11:15:09.923",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-11-08T14:00:53.167",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
||||
39
README.md
39
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2023-11-08T13:00:19.481318+00:00
|
||||
2023-11-08T15:00:18.797171+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2023-11-08T12:49:08.920000+00:00
|
||||
2023-11-08T14:55:24.420000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -34,20 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `5`
|
||||
Recently added CVEs: `0`
|
||||
|
||||
* [CVE-2023-46756](CVE-2023/CVE-2023-467xx/CVE-2023-46756.json) (`2023-11-08T11:15:08.050`)
|
||||
* [CVE-2023-46757](CVE-2023/CVE-2023-467xx/CVE-2023-46757.json) (`2023-11-08T11:15:09.127`)
|
||||
* [CVE-2023-46758](CVE-2023/CVE-2023-467xx/CVE-2023-46758.json) (`2023-11-08T11:15:09.530`)
|
||||
* [CVE-2023-46759](CVE-2023/CVE-2023-467xx/CVE-2023-46759.json) (`2023-11-08T11:15:09.750`)
|
||||
* [CVE-2023-6012](CVE-2023/CVE-2023-60xx/CVE-2023-6012.json) (`2023-11-08T11:15:09.923`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `1`
|
||||
Recently modified CVEs: `83`
|
||||
|
||||
* [CVE-2023-45746](CVE-2023/CVE-2023-457xx/CVE-2023-45746.json) (`2023-11-08T12:49:08.920`)
|
||||
* [CVE-2023-39913](CVE-2023/CVE-2023-399xx/CVE-2023-39913.json) (`2023-11-08T14:00:58.387`)
|
||||
* [CVE-2023-41111](CVE-2023/CVE-2023-411xx/CVE-2023-41111.json) (`2023-11-08T14:00:58.387`)
|
||||
* [CVE-2023-41112](CVE-2023/CVE-2023-411xx/CVE-2023-41112.json) (`2023-11-08T14:00:58.387`)
|
||||
* [CVE-2023-46483](CVE-2023/CVE-2023-464xx/CVE-2023-46483.json) (`2023-11-08T14:00:58.387`)
|
||||
* [CVE-2023-44098](CVE-2023/CVE-2023-440xx/CVE-2023-44098.json) (`2023-11-08T14:00:58.387`)
|
||||
* [CVE-2023-42361](CVE-2023/CVE-2023-423xx/CVE-2023-42361.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46001](CVE-2023/CVE-2023-460xx/CVE-2023-46001.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46792](CVE-2023/CVE-2023-467xx/CVE-2023-46792.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46793](CVE-2023/CVE-2023-467xx/CVE-2023-46793.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46794](CVE-2023/CVE-2023-467xx/CVE-2023-46794.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46795](CVE-2023/CVE-2023-467xx/CVE-2023-46795.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-46796](CVE-2023/CVE-2023-467xx/CVE-2023-46796.json) (`2023-11-08T14:03:25.303`)
|
||||
* [CVE-2023-45499](CVE-2023/CVE-2023-454xx/CVE-2023-45499.json) (`2023-11-08T14:07:34.800`)
|
||||
* [CVE-2023-45498](CVE-2023/CVE-2023-454xx/CVE-2023-45498.json) (`2023-11-08T14:08:01.397`)
|
||||
* [CVE-2023-46133](CVE-2023/CVE-2023-461xx/CVE-2023-46133.json) (`2023-11-08T14:14:18.310`)
|
||||
* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-08T14:15:07.727`)
|
||||
* [CVE-2023-3972](CVE-2023/CVE-2023-39xx/CVE-2023-3972.json) (`2023-11-08T14:15:07.853`)
|
||||
* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2023-11-08T14:15:07.953`)
|
||||
* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-08T14:15:08.053`)
|
||||
* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-08T14:15:08.163`)
|
||||
* [CVE-2023-5828](CVE-2023/CVE-2023-58xx/CVE-2023-5828.json) (`2023-11-08T14:15:31.307`)
|
||||
* [CVE-2023-31421](CVE-2023/CVE-2023-314xx/CVE-2023-31421.json) (`2023-11-08T14:17:30.160`)
|
||||
* [CVE-2023-5811](CVE-2023/CVE-2023-58xx/CVE-2023-5811.json) (`2023-11-08T14:27:21.353`)
|
||||
* [CVE-2023-46604](CVE-2023/CVE-2023-466xx/CVE-2023-46604.json) (`2023-11-08T14:28:20.003`)
|
||||
* [CVE-2023-5812](CVE-2023/CVE-2023-58xx/CVE-2023-5812.json) (`2023-11-08T14:55:24.420`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user