admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-13T02:00:24.970284+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-13 02:00:28 +00:00
parent 82bae9baef
commit ed5d02eb50
58 changed files with 1906 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2020/CVE-2020-241xx/CVE-2020-24165.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-24165",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-28T21:15:07.510",
"lastModified": "2023-10-06T15:15:12.670",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-13T01:17:47.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -61,6 +61,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -73,7 +88,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://pastebin.com/iqCbjdT8",
@ -84,7 +103,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0012/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1052.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1052",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-01-08T01:15:14.400",
"lastModified": "2023-10-03T15:15:35.193",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:31:57.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -180,7 +180,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1053",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-01-08T01:15:14.463",
"lastModified": "2023-10-03T15:15:35.357",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:36:20.580",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -180,7 +180,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1056",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-01-08T01:15:14.620",
"lastModified": "2023-10-03T15:15:35.427",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:34:52.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -153,7 +153,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1076",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-04-21T23:15:07.700",
"lastModified": "2023-10-03T15:15:35.513",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:25:30.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -203,7 +203,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1077.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1077",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-04-21T23:15:07.733",
"lastModified": "2023-10-03T15:15:35.617",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:38:09.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -145,7 +145,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1090",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-07-22T05:15:07.680",
"lastModified": "2023-10-03T15:15:35.700",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:42:20.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -139,7 +139,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1093.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1093",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-07-22T05:15:07.937",
"lastModified": "2023-10-03T15:15:35.797",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:43:55.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -183,7 +183,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1094",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-07-22T05:15:08.023",
"lastModified": "2023-10-03T15:15:35.887",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:48:16.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -183,7 +183,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2021/CVE-2021-10xx/CVE-2021-1095.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-1095",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2021-07-22T05:15:08.113",
"lastModified": "2023-10-03T15:15:35.963",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:49:32.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -183,7 +183,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2022/CVE-2022-218xx/CVE-2022-21813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21813",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-02-07T20:15:07.773",
"lastModified": "2023-10-03T15:15:36.057",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:51:06.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -159,7 +179,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2022/CVE-2022-218xx/CVE-2022-21814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-21814",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-02-07T20:15:07.830",
"lastModified": "2023-10-03T15:15:36.167",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:51:57.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -149,7 +169,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-212xx/CVE-2023-21235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21235",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:12.537",
"lastModified": "2023-10-04T21:15:09.760",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:00:32.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -71,7 +71,10 @@
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/wear/2023/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-31xx/CVE-2023-3180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3180",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-03T15:15:29.960",
"lastModified": "2023-10-05T18:15:11.830",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T00:59:53.243",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,36 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -102,15 +132,26 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0008/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32707",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.117",
"lastModified": "2023-10-04T16:15:10.187",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:05:56.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

9
CVE-2023/CVE-2023-381xx/CVE-2023-38139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38139",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.470",
"lastModified": "2023-09-29T17:15:46.800",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:55:32.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -152,7 +152,10 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174849/Microsoft-Windows-Kernel-Refcount-Overflow-Use-After-Free.html",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38139",

11
CVE-2023/CVE-2023-383xx/CVE-2023-38353.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38353",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:11.427",
"lastModified": "2023-09-25T22:15:10.510",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:15:16.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "MiniTool Power Data Recovery 11.5 contiene un sistema de pago inseguro en la aplicaci\u00f3n que permite a los atacantes robar informaci\u00f3n altamente sensible a trav\u00e9s de un ataque de intermediario."
"value": "MiniTool Power Data Recovery en la versi\u00f3n 11.6 y anteriores contiene un sistema de pago inseguro en la aplicaci\u00f3n que permite a los atacantes robar informaci\u00f3n altamente confidencial a trav\u00e9s de un ataque de man-in-the-middle"
}
],
"metrics": {
@ -59,8 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:power_data_recovery:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "339356A1-870F-4086-B247-ABA2643E259A"
"criteria": "cpe:2.3:a:minitool:power_data_recovery:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.6",
"matchCriteriaId": "F686EDE6-6473-4814-A211-85C713671C6D"
}
]
}

10
CVE-2023/CVE-2023-383xx/CVE-2023-38354.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38354",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:11.737",
"lastModified": "2023-09-25T22:15:10.687",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:15:44.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "MiniTool Movie Maker 4.1 contiene un proceso de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de intermediario."
"value": "MiniTool Shadow Maker en la versi\u00f3n 4.1 contiene un proceso de instalaci\u00f3n inseguro que permite a los atacantes lograr la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de un ataque de man-in-the-middle."
}
],
"metrics": {
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:movie_maker:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98ECE2C2-CF0D-4D38-BFB3-EF4EF2EF595D"
"criteria": "cpe:2.3:a:minitool:shadowmaker:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4F8B2F-2780-41C8-9EFF-05B814E1EDD7"
}
]
}

8
CVE-2023/CVE-2023-383xx/CVE-2023-38355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38355",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-19T16:15:12.007",
"lastModified": "2023-10-03T19:15:09.603",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:14:34.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:minitool:movie_maker:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4079B2C-E112-4A23-BD15-01DBFC31FB13"
"criteria": "cpe:2.3:a:minitool:movie_maker:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "762E2975-0C9B-47ED-9711-7FDF8274301E"
}
]
}

40
CVE-2023/CVE-2023-400xx/CVE-2023-40044.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-40044",
"sourceIdentifier": "security@progress.com",
"published": "2023-09-27T15:18:57.307",
"lastModified": "2023-10-04T17:15:10.073",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:22:24.903",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-10-05",
"cisaActionDue": "2023-10-26",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability",
"descriptions": [
{
"lang": "en",
@ -108,15 +112,26 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174917/Progress-Software-WS_FTP-Unauthenticated-Remote-Code-Execution.html",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://attackerkb.com/topics/bn32f9sNax/cve-2023-40044",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://censys.com/cve-2023-40044/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023",
@ -127,7 +142,10 @@
},
{
"url": "https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Exploit"
]
},
{
"url": "https://www.progress.com/ws_ftp",
@ -138,11 +156,17 @@
},
{
"url": "https://www.rapid7.com/blog/post/2023/09/29/etr-critical-vulnerabilities-in-ws_ftp-server/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.theregister.com/2023/10/02/ws_ftp_update/",
"source": "security@progress.com"
"source": "security@progress.com",
"tags": [
"Third Party Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-401xx/CVE-2023-40167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40167",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.827",
"lastModified": "2023-09-30T15:15:10.080",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:59:32.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -141,6 +141,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
@ -153,11 +178,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5507",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",

71
CVE-2023/CVE-2023-405xx/CVE-2023-40589.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40589",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T19:15:11.360",
"lastModified": "2023-10-07T21:15:16.767",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-13T01:08:04.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -92,6 +92,46 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -99,8 +139,7 @@
"url": "https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
"Patch"
]
},
{
@ -113,19 +152,35 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6LLDAPEXRDJOM3PREDDD267SSNT77DP/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHMTGKCZXJPQOR5ZD2I4GPDNP2DKRXMF/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH2ATH2BKDNKCJAU4WPPXK4SHLE3UJUV/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

11
CVE-2023/CVE-2023-423xx/CVE-2023-42331.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42331",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T20:15:11.853",
"lastModified": "2023-10-05T18:15:11.930",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:19:51.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos en EliteCMS 1.01 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente Manage_uploads.php."
"value": "Una vulnerabilidad de carga de archivos en EliteCMS versi\u00f3n 1.01 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente Manage_uploads.php."
}
],
"metrics": {
@ -88,7 +88,10 @@
},
{
"url": "https://github.com/Num-Nine/CVE/wiki/Any-file-is-uploaded-to-eliteCMS1.01",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

9
CVE-2023/CVE-2023-432xx/CVE-2023-43256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-25T14:15:10.690",
"lastModified": "2023-10-03T21:15:10.377",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:11:37.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -71,7 +71,10 @@
"references": [
{
"url": "https://blog.moku.fr/cves/CVE-2023-43256/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.moku.fr/cves/CVE-unassigned/",

31
CVE-2023/CVE-2023-43xx/CVE-2023-4355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4355",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-15T18:15:11.923",
"lastModified": "2023-10-05T18:15:13.017",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:01:41.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -78,6 +78,21 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
@ -92,7 +107,11 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174950/Chrome-Dangling-FixedArray-Pointers-Memory-Corruption.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop_15.html",
@ -111,7 +130,11 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DMXHPRUGBUDNHZCZCIVMWAUIEXEGMGT/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCFEK63FUHFXZH5MSG6TNQOXMQWM4M5S/",

59
CVE-2023/CVE-2023-441xx/CVE-2023-44176.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44176",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.587",
"lastModified": "2023-10-13T00:15:11.587",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R3.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73140",
"source": "sirt@juniper.net"
}
]
}

59
CVE-2023/CVE-2023-441xx/CVE-2023-44177.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44177",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.680",
"lastModified": "2023-10-13T00:15:11.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S1-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73140",
"source": "sirt@juniper.net"
}
]
}

59
CVE-2023/CVE-2023-441xx/CVE-2023-44178.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-44178",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.760",
"lastModified": "2023-10-13T00:15:11.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73140",
"source": "sirt@juniper.net"
}
]
}

47
CVE-2023/CVE-2023-441xx/CVE-2023-44181.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-44181",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.837",
"lastModified": "2023-10-13T00:15:11.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog.\n\nThis issue is triggered when Storm control is enabled and ICMPv6 packets are present on device.\n\nThis issue affects Juniper Networks:\n\nJunos OS\n\n\n\n * All versions prior to 20.2R3-S6 on QFX5k;\n * 20.3 versions prior to 20.3R3-S5 on QFX5k;\n * 20.4 versions prior to 20.4R3-S5 on QFX5k;\n * 21.1 versions prior to 21.1R3-S4 on QFX5k;\n * 21.2 versions prior to 21.2R3-S3 on QFX5k;\n * 21.3 versions prior to 21.3R3-S2 on QFX5k;\n * 21.4 versions prior to 21.4R3 on QFX5k;\n * 22.1 versions prior to 22.1R3 on QFX5k;\n * 22.2 versions prior to 22.2R2 on QFX5k.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://supportportal.juniper.net/JSA73145",
"source": "sirt@juniper.net"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/task/rate-limiting-storm-control-disabling-cli-els.html",
"source": "sirt@juniper.net"
}
]
}

63
CVE-2023/CVE-2023-441xx/CVE-2023-44182.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44182",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.900",
"lastModified": "2023-10-13T00:15:11.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73149",
"source": "sirt@juniper.net"
},
{
"url": "https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-software-user-interfaces-overview.html",
"source": "sirt@juniper.net"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/interfaces-telemetry/topics/concept/junos-telemetry-interface-grpc-sensors.html",
"source": "sirt@juniper.net"
}
]
}

63
CVE-2023/CVE-2023-441xx/CVE-2023-44183.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44183",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:11.983",
"lastModified": "2023-10-13T00:15:11.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.\n\nAn indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.\n\nUse the following command to determine if FPC0 has gone missing from the device.\n\nshow chassis fpc detail\nThis issue affects:\n\nJuniper Networks Junos OS on QFX5000 Series, EX4600 Series:\n\n\n\n * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73148",
"source": "sirt@juniper.net"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/sdn-vxlan.html",
"source": "sirt@juniper.net"
},
{
"url": "https://www.juniper.net/documentation/us/en/software/junos/multicast-l2/topics/topic-map/redundant-trunk-groups.html",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44184.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44184",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.067",
"lastModified": "2023-10-13T00:15:12.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\nAn indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:\n\nmgd process example:\n\nuser@device-re#> show system processes extensive | match \"mgd|PID\" | except last\nPID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\n92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage.\nExample to check for NETCONF activity:\n\nWhile there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with \"client-mode 'netconf'\"\n\nFor example:\n\nmgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73147",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44185.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44185",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.147",
"lastModified": "2023-10-13T00:15:12.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.\n\nContinued receipt of this packet will cause a sustained Denial of Service condition.\n\nThis issue affects:\n\n\n\n * Juniper Networks Junos OS:\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S6-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO versions prior to 21.3R3-S3-EVO;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-EVO;\n * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73146",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44191.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44191",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.220",
"lastModified": "2023-10-13T00:15:12.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections.\n\nThis issue affects:\n\nJuniper Networks Junos OS on QFX5000 Series and EX4000 Series\n\n\n\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 21.1R1\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73155",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44192.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44192",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.297",
"lastModified": "2023-10-13T00:15:12.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS).\n\nOn all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak.\n\nTo confirm the memory leak, monitor for \"sheaf:possible leak\" and \"vtep not found\" messages in the logs.\n\nThis issue affects:\n\nJuniper Networks Junos OS QFX5000 Series:\n\n\n\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73156",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44193.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44193",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.377",
"lastModified": "2023-10-13T00:15:12.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).\n\nOn all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S1;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73157",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44194.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44194",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.450",
"lastModified": "2023-10-13T00:15:12.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S1.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73158",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44195.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44195",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.530",
"lastModified": "2023-10-13T00:15:12.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\n\nIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\n\nCVE-2023-44196 is a prerequisite for this issue.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * 21.3-EVO versions prior to 21.3R3-S5-EVO;\n * 21.4-EVO versions prior to 21.4R3-S4-EVO;\n * 22.1-EVO version 22.1R1-EVO and later;\n * 22.2-EVO version 22.2R1-EVO and later;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO.\n\n\n\n\nThis issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-923"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73160",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44196",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.610",
"lastModified": "2023-10-13T00:15:12.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later;\n * 21.2-EVO versions prior to 21.2R3-S6-EVO;\n * 21.3-EVO version 21.3R1-EVO and later;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-S4-EVO;\n * 22.2-EVO versions prior to 22.2R3-S3-EVO;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73162",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44197.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44197",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.687",
"lastModified": "2023-10-13T00:15:12.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions;\n * 21.2-EVO versions prior to 21.2R3-S2-EVO;\n * 21.3-EVO version 21.3R1-EVO and later versions;\n * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73163",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44198.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44198",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.760",
"lastModified": "2023-10-13T00:15:12.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.\n\nIf the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and MX Series:\n\n\n\n * 20.4 versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nThis issue doesn't not affected releases prior to 20.4R1.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73164",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-441xx/CVE-2023-44199.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44199",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.837",
"lastModified": "2023-10-13T00:15:12.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R1-S1, 22.2R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73165",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44201.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44201",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.910",
"lastModified": "2023-10-13T00:15:12.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.\n\nWhen a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S4-EVO;\n * 21.1 versions prior to 21.1R3-S2-EVO;\n * 21.2 versions prior to 21.2R3-S2-EVO;\n * 21.3 versions prior to 21.3R3-S1-EVO;\n * 21.4 versions prior to 21.4R2-S2-EVO.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://supprtportal.juniper.net/JSA73167",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44203.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44203",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:12.987",
"lastModified": "2023-10-13T00:15:12.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS).\n\nWhen a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood.\n\nThis issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only.\n\nThis issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S3;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2.\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73169",
"source": "sirt@juniper.net"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44204.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44204",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-13T00:15:13.070",
"lastModified": "2023-10-13T00:15:13.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.\n\nThis issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1, 23.2R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO;\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1286"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73170",
"source": "sirt@juniper.net"
}
]
}

6
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-12T18:15:11.437",
"lastModified": "2023-10-13T00:15:13.153",
"vulnStatus": "Awaiting Analysis",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -148,6 +148,10 @@
"url": "https://github.com/caddyserver/caddy/issues/5877",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/dotnet/announcements/issues/277",
"source": "cve@mitre.org"

53
CVE-2023/CVE-2023-44xx/CVE-2023-4427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4427",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-23T00:15:09.073",
"lastModified": "2023-10-05T18:15:13.177",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:12:47.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,12 +66,41 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174951/Chrome-ReduceJSLoadPropertyWithEnumeratedKey-Out-Of-Bounds-Access.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html",
@ -90,15 +119,27 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5483",

72
CVE-2023/CVE-2023-44xx/CVE-2023-4431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4431",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-08-23T00:15:09.353",
"lastModified": "2023-09-21T03:15:11.483",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:13:53.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,6 +66,51 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -85,19 +130,34 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27NR3KG553CG6LGPMP6SHWEVHTYPL6RC/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5483",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-45xx/CVE-2023-4540.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4540",
"sourceIdentifier": "cvd@cert.pl",
"published": "2023-09-05T08:15:40.017",
"lastModified": "2023-10-04T09:15:31.897",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:30:13.930",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -91,7 +91,10 @@
},
{
"url": "https://https://cert.pl/en/posts/2023/09/CVE-2023-4540/",
"source": "cvd@cert.pl"
"source": "cvd@cert.pl",
"tags": [
"Broken Link"
]
}
]
}

60
CVE-2023/CVE-2023-48xx/CVE-2023-4813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-12T22:15:08.277",
"lastModified": "2023-10-05T16:15:12.537",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:18:50.727",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -102,6 +102,46 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA1F902F-1AD5-489F-B420-A3574D1880B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_s390x:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EEAC443B-622E-49FB-8C0F-2864B7EF5F80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "ED521457-498F-4E43-B714-9A3F2C3CD09A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56"
}
]
}
@ -126,15 +166,25 @@
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5455",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4813",

29
CVE-2023/CVE-2023-48xx/CVE-2023-4853.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4853",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T10:15:14.947",
"lastModified": "2023-10-05T22:15:12.977",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:23:33.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -140,11 +140,21 @@
"criteria": "cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF03BDE8-602D-4DEE-BA5B-5B20FDF47741"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F4A0F87-524E-4935-9B07-93793D8143FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77675CB7-67D7-44E9-B7FF-D224B3341AA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_serverless:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B8793-52C2-46E2-8752-92552AD4A643"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:process_automation_manager:7.0:*:*:*:*:*:*:*",
@ -179,15 +189,24 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5446",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5479",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5480",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4853",

20
CVE-2023/CVE-2023-49xx/CVE-2023-4916.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4916",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-13T03:15:09.343",
"lastModified": "2023-09-25T14:15:10.807",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:47:21.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -59,9 +59,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:login_with_phone_number_project:login_with_phone_number:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.8",
"matchCriteriaId": "EE10DE34-8DFE-46D5-9A0B-A7C79B5B31A0"
"criteria": "cpe:2.3:a:idehweb:login_with_phone_number:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.6",
"matchCriteriaId": "D0E94F46-4C82-4F54-9C83-44F07BF2706F"
}
]
}
@ -71,11 +71,17 @@
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2965324#L2942",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/login-with-phone-number/trunk/login-with-phonenumber.php?rev=2967707#L2948",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=cve",

11
CVE-2023/CVE-2023-49xx/CVE-2023-4987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4987",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T15:15:08.273",
"lastModified": "2023-09-19T18:15:17.673",
"vulnStatus": "Modified",
"lastModified": "2023-10-13T01:31:08.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -117,7 +117,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.239798",

10
CVE-2023/CVE-2023-50xx/CVE-2023-5054.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5054",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-19T07:15:51.917",
"lastModified": "2023-09-21T18:41:03.767",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-13T01:15:55.887",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer."
"value": "The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer."
},
{
"lang": "es",
@ -76,6 +76,10 @@
"Product"
]
},
{
"url": "https://superstorefinder.net/support/forums/topic/super-store-finder-for-wordpress-patch-notes/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=cve",
"source": "security@wordfence.com",

12
CVE-2023/CVE-2023-51xx/CVE-2023-5157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5157",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:19:41.807",
"lastModified": "2023-10-02T13:22:15.330",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-13T01:15:55.990",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -152,6 +152,14 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:5683",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5684",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5157",
"source": "secalert@redhat.com",

55
CVE-2023/CVE-2023-55xx/CVE-2023-5563.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5563",
"sourceIdentifier": "vulnerabilities@zephyrproject.org",
"published": "2023-10-13T00:15:13.247",
"lastModified": "2023-10-13T00:15:13.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "vulnerabilities@zephyrproject.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-98mc-rj7w-7rpv",
"source": "vulnerabilities@zephyrproject.org"
}
]
}

59
CVE-2023/CVE-2023-55xx/CVE-2023-5564.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-5564",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-13T01:15:56.093",
"lastModified": "2023-10-13T01:15:56.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/froxlor/froxlor/commit/e8ed43056c1665522a586e3485da67f2bdf073aa",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.dev/bounties/9254d8f3-a847-4ae8-8477-d2ce027cff5c",
"source": "security@huntr.dev"
}
]
}

93
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-12T23:55:25.917588+00:00
2023-10-13T02:00:24.970284+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-12T23:15:11.307000+00:00
2023-10-13T01:59:32.977000+00:00
```
### Last Data Feed Release
@ -23,59 +23,72 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2023-10-12T00:00:13.577137+00:00
2023-10-13T00:00:13.551394+00:00
```
### Total Number of included CVEs
```plain
227699
227721
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `22`
* [CVE-2023-22392](CVE-2023/CVE-2023-223xx/CVE-2023-22392.json) (`2023-10-12T23:15:10.680`)
* [CVE-2023-27316](CVE-2023/CVE-2023-273xx/CVE-2023-27316.json) (`2023-10-12T22:15:09.640`)
* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-12T23:15:10.883`)
* [CVE-2023-36841](CVE-2023/CVE-2023-368xx/CVE-2023-36841.json) (`2023-10-12T23:15:10.967`)
* [CVE-2023-36843](CVE-2023/CVE-2023-368xx/CVE-2023-36843.json) (`2023-10-12T23:15:11.053`)
* [CVE-2023-41261](CVE-2023/CVE-2023-412xx/CVE-2023-41261.json) (`2023-10-12T23:15:11.137`)
* [CVE-2023-41262](CVE-2023/CVE-2023-412xx/CVE-2023-41262.json) (`2023-10-12T23:15:11.190`)
* [CVE-2023-41263](CVE-2023/CVE-2023-412xx/CVE-2023-41263.json) (`2023-10-12T23:15:11.243`)
* [CVE-2023-44175](CVE-2023/CVE-2023-441xx/CVE-2023-44175.json) (`2023-10-12T23:15:11.307`)
* [CVE-2023-44176](CVE-2023/CVE-2023-441xx/CVE-2023-44176.json) (`2023-10-13T00:15:11.587`)
* [CVE-2023-44177](CVE-2023/CVE-2023-441xx/CVE-2023-44177.json) (`2023-10-13T00:15:11.680`)
* [CVE-2023-44178](CVE-2023/CVE-2023-441xx/CVE-2023-44178.json) (`2023-10-13T00:15:11.760`)
* [CVE-2023-44181](CVE-2023/CVE-2023-441xx/CVE-2023-44181.json) (`2023-10-13T00:15:11.837`)
* [CVE-2023-44182](CVE-2023/CVE-2023-441xx/CVE-2023-44182.json) (`2023-10-13T00:15:11.900`)
* [CVE-2023-44183](CVE-2023/CVE-2023-441xx/CVE-2023-44183.json) (`2023-10-13T00:15:11.983`)
* [CVE-2023-44184](CVE-2023/CVE-2023-441xx/CVE-2023-44184.json) (`2023-10-13T00:15:12.067`)
* [CVE-2023-44185](CVE-2023/CVE-2023-441xx/CVE-2023-44185.json) (`2023-10-13T00:15:12.147`)
* [CVE-2023-44191](CVE-2023/CVE-2023-441xx/CVE-2023-44191.json) (`2023-10-13T00:15:12.220`)
* [CVE-2023-44192](CVE-2023/CVE-2023-441xx/CVE-2023-44192.json) (`2023-10-13T00:15:12.297`)
* [CVE-2023-44193](CVE-2023/CVE-2023-441xx/CVE-2023-44193.json) (`2023-10-13T00:15:12.377`)
* [CVE-2023-44194](CVE-2023/CVE-2023-441xx/CVE-2023-44194.json) (`2023-10-13T00:15:12.450`)
* [CVE-2023-44195](CVE-2023/CVE-2023-441xx/CVE-2023-44195.json) (`2023-10-13T00:15:12.530`)
* [CVE-2023-44196](CVE-2023/CVE-2023-441xx/CVE-2023-44196.json) (`2023-10-13T00:15:12.610`)
* [CVE-2023-44197](CVE-2023/CVE-2023-441xx/CVE-2023-44197.json) (`2023-10-13T00:15:12.687`)
* [CVE-2023-44198](CVE-2023/CVE-2023-441xx/CVE-2023-44198.json) (`2023-10-13T00:15:12.760`)
* [CVE-2023-44199](CVE-2023/CVE-2023-441xx/CVE-2023-44199.json) (`2023-10-13T00:15:12.837`)
* [CVE-2023-44201](CVE-2023/CVE-2023-442xx/CVE-2023-44201.json) (`2023-10-13T00:15:12.910`)
* [CVE-2023-44203](CVE-2023/CVE-2023-442xx/CVE-2023-44203.json) (`2023-10-13T00:15:12.987`)
* [CVE-2023-44204](CVE-2023/CVE-2023-442xx/CVE-2023-44204.json) (`2023-10-13T00:15:13.070`)
* [CVE-2023-5563](CVE-2023/CVE-2023-55xx/CVE-2023-5563.json) (`2023-10-13T00:15:13.247`)
* [CVE-2023-5564](CVE-2023/CVE-2023-55xx/CVE-2023-5564.json) (`2023-10-13T01:15:56.093`)
### CVEs modified in the last Commit
Recently modified CVEs: `41`
Recently modified CVEs: `35`
* [CVE-2023-36789](CVE-2023/CVE-2023-367xx/CVE-2023-36789.json) (`2023-10-12T22:21:04.777`)
* [CVE-2023-36786](CVE-2023/CVE-2023-367xx/CVE-2023-36786.json) (`2023-10-12T22:21:38.897`)
* [CVE-2023-36785](CVE-2023/CVE-2023-367xx/CVE-2023-36785.json) (`2023-10-12T22:21:49.387`)
* [CVE-2023-36780](CVE-2023/CVE-2023-367xx/CVE-2023-36780.json) (`2023-10-12T22:22:01.300`)
* [CVE-2023-36778](CVE-2023/CVE-2023-367xx/CVE-2023-36778.json) (`2023-10-12T22:22:11.657`)
* [CVE-2023-36776](CVE-2023/CVE-2023-367xx/CVE-2023-36776.json) (`2023-10-12T22:22:20.477`)
* [CVE-2023-36706](CVE-2023/CVE-2023-367xx/CVE-2023-36706.json) (`2023-10-12T22:22:35.837`)
* [CVE-2023-36704](CVE-2023/CVE-2023-367xx/CVE-2023-36704.json) (`2023-10-12T22:22:46.590`)
* [CVE-2023-36703](CVE-2023/CVE-2023-367xx/CVE-2023-36703.json) (`2023-10-12T22:22:56.697`)
* [CVE-2023-36702](CVE-2023/CVE-2023-367xx/CVE-2023-36702.json) (`2023-10-12T22:23:09.707`)
* [CVE-2023-36701](CVE-2023/CVE-2023-367xx/CVE-2023-36701.json) (`2023-10-12T22:23:22.620`)
* [CVE-2023-36698](CVE-2023/CVE-2023-366xx/CVE-2023-36698.json) (`2023-10-12T22:23:58.360`)
* [CVE-2023-24479](CVE-2023/CVE-2023-244xx/CVE-2023-24479.json) (`2023-10-12T22:25:43.207`)
* [CVE-2023-31272](CVE-2023/CVE-2023-312xx/CVE-2023-31272.json) (`2023-10-12T22:26:42.633`)
* [CVE-2023-32632](CVE-2023/CVE-2023-326xx/CVE-2023-32632.json) (`2023-10-12T22:26:55.673`)
* [CVE-2023-32645](CVE-2023/CVE-2023-326xx/CVE-2023-32645.json) (`2023-10-12T22:27:09.257`)
* [CVE-2023-34346](CVE-2023/CVE-2023-343xx/CVE-2023-34346.json) (`2023-10-12T22:27:26.273`)
* [CVE-2023-35968](CVE-2023/CVE-2023-359xx/CVE-2023-35968.json) (`2023-10-12T22:27:41.250`)
* [CVE-2023-35967](CVE-2023/CVE-2023-359xx/CVE-2023-35967.json) (`2023-10-12T22:28:03.643`)
* [CVE-2023-35966](CVE-2023/CVE-2023-359xx/CVE-2023-35966.json) (`2023-10-12T22:28:21.513`)
* [CVE-2023-35965](CVE-2023/CVE-2023-359xx/CVE-2023-35965.json) (`2023-10-12T22:32:08.507`)
* [CVE-2023-35056](CVE-2023/CVE-2023-350xx/CVE-2023-35056.json) (`2023-10-12T22:47:22.200`)
* [CVE-2023-35055](CVE-2023/CVE-2023-350xx/CVE-2023-35055.json) (`2023-10-12T22:47:39.863`)
* [CVE-2023-34426](CVE-2023/CVE-2023-344xx/CVE-2023-34426.json) (`2023-10-12T22:47:54.743`)
* [CVE-2023-34365](CVE-2023/CVE-2023-343xx/CVE-2023-34365.json) (`2023-10-12T22:48:08.197`)
* [CVE-2022-21813](CVE-2022/CVE-2022-218xx/CVE-2022-21813.json) (`2023-10-13T01:51:06.850`)
* [CVE-2022-21814](CVE-2022/CVE-2022-218xx/CVE-2022-21814.json) (`2023-10-13T01:51:57.353`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-13T00:15:13.153`)
* [CVE-2023-3180](CVE-2023/CVE-2023-31xx/CVE-2023-3180.json) (`2023-10-13T00:59:53.243`)
* [CVE-2023-21235](CVE-2023/CVE-2023-212xx/CVE-2023-21235.json) (`2023-10-13T01:00:32.633`)
* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-10-13T01:01:41.827`)
* [CVE-2023-32707](CVE-2023/CVE-2023-327xx/CVE-2023-32707.json) (`2023-10-13T01:05:56.517`)
* [CVE-2023-40589](CVE-2023/CVE-2023-405xx/CVE-2023-40589.json) (`2023-10-13T01:08:04.113`)
* [CVE-2023-43256](CVE-2023/CVE-2023-432xx/CVE-2023-43256.json) (`2023-10-13T01:11:37.700`)
* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-10-13T01:12:47.790`)
* [CVE-2023-4431](CVE-2023/CVE-2023-44xx/CVE-2023-4431.json) (`2023-10-13T01:13:53.427`)
* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-10-13T01:14:34.023`)
* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-10-13T01:15:16.980`)
* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-10-13T01:15:44.263`)
* [CVE-2023-5054](CVE-2023/CVE-2023-50xx/CVE-2023-5054.json) (`2023-10-13T01:15:55.887`)
* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-10-13T01:15:55.990`)
* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-10-13T01:18:50.727`)
* [CVE-2023-42331](CVE-2023/CVE-2023-423xx/CVE-2023-42331.json) (`2023-10-13T01:19:51.037`)
* [CVE-2023-40044](CVE-2023/CVE-2023-400xx/CVE-2023-40044.json) (`2023-10-13T01:22:24.903`)
* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-10-13T01:23:33.670`)
* [CVE-2023-4540](CVE-2023/CVE-2023-45xx/CVE-2023-4540.json) (`2023-10-13T01:30:13.930`)
* [CVE-2023-4987](CVE-2023/CVE-2023-49xx/CVE-2023-4987.json) (`2023-10-13T01:31:08.460`)
* [CVE-2023-4916](CVE-2023/CVE-2023-49xx/CVE-2023-4916.json) (`2023-10-13T01:47:21.747`)
* [CVE-2023-38139](CVE-2023/CVE-2023-381xx/CVE-2023-38139.json) (`2023-10-13T01:55:32.067`)
* [CVE-2023-40167](CVE-2023/CVE-2023-401xx/CVE-2023-40167.json) (`2023-10-13T01:59:32.977`)
## Download and Usage