admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-06T18:00:24.978385+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-06 18:00:28 +00:00
parent 6623060f8f
commit f260538f90
102 changed files with 2944 additions and 726 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
CVE-2006/CVE-2006-04xx/CVE-2006-0459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2006-0459",
"sourceIdentifier": "secalert@redhat.com",
"published": "2006-03-29T23:02:00.000",
"lastModified": "2018-10-03T21:35:35.057",
"vulnStatus": "Modified",
"lastModified": "2023-10-06T17:23:19.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -65,14 +65,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:will_estes_and_john_millaway:flex:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.32",
"matchCriteriaId": "30229289-06EE-4F8A-ACF2-90F846519D57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:will_estes_and_john_millaway:flex:2.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0DBBA1-0E20-47C4-9D87-951C9655C768"
"matchCriteriaId": "E0145625-8490-4671-A17C-85426C258AF9"
}
]
}
@ -82,25 +77,77 @@
"references": [
{
"url": "http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Product"
]
},
{
"url": "http://secunia.com/advisories/19071",
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/19126",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/19228",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/19424",
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://securityreason.com/securityalert/570",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.osvdb.org/23440",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Patch"
]
},
{
"url": "http://www.securityfocus.com/bid/16896",
"source": "secalert@redhat.com",
"tags": [
"Patch"
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
@ -113,15 +160,25 @@
},
{
"url": "http://www.vupen.com/english/advisories/2006/0770",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"URL Repurposed"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24995",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://usn.ubuntu.com/260-1/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2016/CVE-2016-63xx/CVE-2016-6354.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2016-6354",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-09-21T14:25:20.800",
"lastModified": "2017-01-18T02:59:08.390",
"lastModified": "2023-10-06T17:12:21.840",
"vulnStatus": "Modified",
"descriptions": [
{
@ -99,9 +99,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flex_project:flex:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:westes:flex:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6.0",
"matchCriteriaId": "E0DA3F8A-FC82-4E61-88C4-282AB9554A6C"
"matchCriteriaId": "BCADB986-7D3F-4E57-B982-08800DD34F0F"
}
]
}

6
CVE-2019/CVE-2019-197xx/CVE-2019-19726.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-19726",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-12-12T01:15:10.823",
"lastModified": "2023-10-06T06:15:09.430",
"lastModified": "2023-10-06T17:15:11.493",
"vulnStatus": "Modified",
"descriptions": [
{
@ -111,6 +111,10 @@
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
"source": "cve@mitre.org"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Dec/31",
"source": "cve@mitre.org",

6
CVE-2019/CVE-2019-62xx/CVE-2019-6293.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-6293",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-01-15T00:29:00.523",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2023-10-06T17:12:21.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flex_project:flex:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFD34FB-2AF6-4BC9-A4EE-0A958797BE86"
"criteria": "cpe:2.3:a:westes:flex:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "102A6858-CA8E-4679-9806-0851B19327EC"
}
]
}

6
CVE-2020/CVE-2020-62xx/CVE-2020-6215.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-6215",
"sourceIdentifier": "cna@sap.com",
"published": "2020-04-14T20:15:15.293",
"lastModified": "2023-10-06T06:15:10.467",
"lastModified": "2023-10-06T17:15:11.600",
"vulnStatus": "Modified",
"descriptions": [
{
@ -165,6 +165,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html",
"source": "cna@sap.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/13",
"source": "cna@sap.com"

6
CVE-2021/CVE-2021-12xx/CVE-2021-1233.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1233",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T21:15:11.943",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -179,8 +179,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1241.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1241",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T21:15:12.100",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -223,8 +223,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1260.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1260",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.643",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -213,8 +213,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1261.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1261",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.800",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -213,8 +213,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1262.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1262",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:14.970",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -183,8 +183,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1263.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1263",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.127",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -213,8 +213,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1273.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1273",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.923",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -223,8 +223,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1274.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1274",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:15.970",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -233,8 +233,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1278.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1278",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.173",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -233,8 +233,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1279",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.253",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -233,8 +233,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1298.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1298",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.643",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -213,8 +213,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-12xx/CVE-2021-1299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1299",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.720",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -213,8 +213,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-13xx/CVE-2021-1300.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1300",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.800",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -203,8 +203,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-13xx/CVE-2021-1301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1301",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.877",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -203,8 +203,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

6
CVE-2021/CVE-2021-13xx/CVE-2021-1302.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1302",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:16.970",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
}
]
}

6
CVE-2021/CVE-2021-13xx/CVE-2021-1304.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-1304",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2021-01-20T20:15:17.127",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
}
]
}

6
CVE-2022/CVE-2022-207xx/CVE-2022-20716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-20716",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2022-04-15T15:15:13.063",
"lastModified": "2023-09-29T15:03:41.913",
"lastModified": "2023-10-06T16:24:48.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -116,8 +116,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F278A6-82F5-4217-932E-98A918D9A017"
"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3D96F7-3574-443F-9AD4-5E62E0F5E4F5"
},
{
"vulnerable": true,

60
CVE-2022/CVE-2022-362xx/CVE-2022-36276.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-36276",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:10.033",
"lastModified": "2023-10-04T18:14:55.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:17:28.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database."
},
{
"lang": "es",
"value": "TCMAN GIM v8.0.1 es vulnerable a una inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'SqlWhere' dentro de la funci\u00f3n 'BuscarESM'. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un atacante remoto interact\u00fae directamente con la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tcman:gim:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11CE9810-63E8-47FB-80D7-E5D17613C8DD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2022/CVE-2022-362xx/CVE-2022-36277.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-36277",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T16:15:10.103",
"lastModified": "2023-10-04T18:14:55.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:16:56.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks."
},
{
"lang": "es",
"value": "Los par\u00e1metros 'sReferencia', 'sDescripcion', 'txtCodigo' y 'txtDescripcion', en los archivos frmGestionStock.aspx y frmEditServicio.aspx en TCMAN GIM v8.0.1, podr\u00edan permitir a un atacante realizar ataques XSS persistentes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tcman:gim:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11CE9810-63E8-47FB-80D7-E5D17613C8DD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-tcman-gim",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

220
CVE-2023/CVE-2023-226xx/CVE-2023-22618.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-22618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T12:15:10.300",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:23:54.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans."
},
{
"lang": "es",
"value": "Si no se siguen las reglas de la gu\u00eda de refuerzo de seguridad, los productos Nokia WaveLite permiten a un usuario local crear nuevos usuarios con privilegios administrativos mediante la manipulaci\u00f3n de una solicitud web. Esto afecta (por ejemplo) a: WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, y WaveLite Metro 200 NE OPS and F2B fans."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,14 +58,202 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_and_fan_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "BB113474-6B7B-4381-AEBC-F66AC7F901DC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_and_fan:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4207E9-E6F7-4BE7-8479-ABD20CF7C567"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ops_and_fans_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "20A58D4A-8FF3-4E1C-8B55-0B62BE31234C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ops_and_fans:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C24BC-465A-40BA-8401-3ED9DFB436F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_and_f2b_fans_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "B2EDFA13-A50A-478A-B976-DDAC931F4101"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_and_f2b_fans:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D596475-F5A2-4E4F-8089-1FABC6F9040E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "B3D0DF10-B1C1-4942-BDB7-E8C7DC1940CB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ops_and_f2b_fans:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A96C6248-AF86-4789-B54A-526F3F2E0200"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ne_and_f2b_fans_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "AA7E04B2-3E58-4B59-A333-037A878124CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ne_and_f2b_fans:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9643CBCD-1304-42CF-8EFC-88A7278C28E3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nokia:wavelite_metro_200_ne_ops_and_f2b_fans_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r2.1.1",
"matchCriteriaId": "8EC1F219-E43D-4027-849D-42BEFB5CC709"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nokia:wavelite_metro_200_ne_ops_and_f2b_fans:-:*:*:*:*:*:*:*",
"matchCriteriaId": "762C3BED-CF69-4E7A-9A42-450C5BA6BADB"
}
]
}
]
}
],
"references": [
{
"url": "https://nokia.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-22618/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-233xx/CVE-2023-23365.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-23365",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.737",
"lastModified": "2023-10-06T17:15:11.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-28",
"source": "security@qnapsecurity.com.tw"
}
]
}

59
CVE-2023/CVE-2023-233xx/CVE-2023-23366.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-23366",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.840",
"lastModified": "2023-10-06T17:15:11.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-28",
"source": "security@qnapsecurity.com.tw"
}
]
}

55
CVE-2023/CVE-2023-233xx/CVE-2023-23370.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-23370",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.920",
"lastModified": "2023-10-06T17:15:11.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-36",
"source": "security@qnapsecurity.com.tw"
}
]
}

59
CVE-2023/CVE-2023-233xx/CVE-2023-23371.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-23371",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:11.997",
"lastModified": "2023-10-06T17:15:11.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.2.0.0823 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-311"
},
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-39",
"source": "security@qnapsecurity.com.tw"
}
]
}

51
CVE-2023/CVE-2023-254xx/CVE-2023-25489.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-25489",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T11:15:09.917",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:26:25.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <=\u00a02.0.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Jeff Sherk Update Theme and Plugins en el complemento Zip File en versiones &lt;= 2.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iwebss:update_theme_and_plugins_from_zip_file:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "27B6D40C-2CE4-41E8-9220-8A6C65CA1140"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/update-theme-and-plugins-from-zip-file/wordpress-update-theme-and-plugins-from-zip-file-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-267xx/CVE-2023-26782.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26782",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T20:15:13.883",
"lastModified": "2023-05-09T01:54:45.817",
"lastModified": "2023-10-06T17:20:59.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
"value": "CWE-88"
"value": "CWE-94"
}
]
}

159
CVE-2023/CVE-2023-31xx/CVE-2023-3153.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3153",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-04T12:15:10.503",
"lastModified": "2023-10-04T12:56:02.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:23:42.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Open Virtual Network donde el monitor de servicio MAC no califica correctamente el l\u00edmite. Este problema podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio, incluso en implementaciones con CoPP habilitado y configurado correctamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -34,30 +58,149 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.03.3",
"matchCriteriaId": "5CA7DFF4-C739-4EE8-AC5D-6EC06E387309"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.03.4",
"versionEndExcluding": "22.09.2",
"matchCriteriaId": "66B2BA9A-04F3-4E63-B367-E7AE5AD04FB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.09.3",
"versionEndExcluding": "22.12.1",
"matchCriteriaId": "393B5A8F-01A6-48E3-9D04-E9F5EDDCA555"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.12.2",
"versionEndExcluding": "23.03.1",
"matchCriteriaId": "20978238-A456-4B17-B7AD-DC006C6B16A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ovn:open_virtual_network:*:*:*:*:*:*:*:*",
"versionStartIncluding": "23.03.2",
"versionEndExcluding": "23.06.1",
"matchCriteriaId": "D7AF4A0C-4E74-4721-96E0-E5A400B9AF58"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:fast_datapath:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A63D05D-BFAF-484B-BA49-5F5E399CDA02"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3153",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2213279",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/ovn-org/ovn/issues/198",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Patch"
]
},
{
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

51
CVE-2023/CVE-2023-320xx/CVE-2023-32091.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32091",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T14:15:10.703",
"lastModified": "2023-10-03T14:29:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:24:58.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=\u00a00.9.4 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento POEditor en versiones &lt;= 0.9.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:poeditor:poeditor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.9.4",
"matchCriteriaId": "F8C0D20C-4C9B-4D64-A12A-A61D4B3015F4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/poeditor/wordpress-poeditor-plugin-0-9-4-cross-site-request-forgery-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-329xx/CVE-2023-32971.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32971",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.083",
"lastModified": "2023-10-06T17:15:12.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-37",
"source": "security@qnapsecurity.com.tw"
}
]
}

59
CVE-2023/CVE-2023-329xx/CVE-2023-32972.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32972",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-06T17:15:12.170",
"lastModified": "2023-10-06T17:15:12.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
},
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-37",
"source": "security@qnapsecurity.com.tw"
}
]
}

36
CVE-2023/CVE-2023-32xx/CVE-2023-3213.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-3213",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-04T02:15:09.990",
"lastModified": "2023-10-04T12:56:10.477",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-06T16:26:39.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information."
},
{
"lang": "es",
"value": "El complemento WP Mail SMTP Pro para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capability en la funci\u00f3n is_print_page en versiones hasta la 3.8.0 incluida. Esto hace posible que atacantes no autenticados revelen informaci\u00f3n de correo electr\u00f3nico potencialmente confidencial."
}
],
"metrics": {
@ -46,14 +50,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpforms:wp_mail_smtp:*:*:*:*:pro:wordpress:*:*",
"versionEndIncluding": "3.8.0",
"matchCriteriaId": "72700BB4-510E-4F8B-9DA2-4E55E08D2852"
}
]
}
]
}
],
"references": [
{
"url": "https://wpmailsmtp.com/docs/how-to-view-recent-changes-to-the-wp-mail-smtp-plugin-changelog/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-394xx/CVE-2023-39410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39410",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-29T17:15:46.923",
"lastModified": "2023-10-04T09:15:31.680",
"vulnStatus": "Modified",
"lastModified": "2023-10-06T17:58:36.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -89,7 +89,11 @@
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/29/6",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-399xx/CVE-2023-39928.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39928",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-06T16:15:13.223",
"lastModified": "2023-10-06T17:11:15.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831",
"source": "talos-cna@cisco.com"
}
]
}

51
CVE-2023/CVE-2023-401xx/CVE-2023-40199.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40199",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T13:15:10.750",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:24:47.113",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <=\u00a01.7.0 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento CRUDLab WP Like Button en versiones &lt;= 1.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crudlab:wp_like_button:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.7.0",
"matchCriteriaId": "F94DEA25-0587-4324-8892-B56736D6B26C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-like-button/wordpress-wp-like-button-plugin-1-6-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-402xx/CVE-2023-40201.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40201",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T13:15:10.833",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:25:17.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in\u00a0FuturioWP Futurio Extra plugin <=\u00a01.8.4 versions leads to\u00a0activation of arbitrary plugin."
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento FuturioWP Futurio Extra en versiones &lt;= 1.8.4 conduce a la activaci\u00f3n de un complemento arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:futuriowp:futurio_extra:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.4",
"matchCriteriaId": "F38CF4C8-CFB4-48A5-A8E4-530E88849E07"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/futurio-extra/wordpress-futurio-extra-plugin-1-8-2-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-402xx/CVE-2023-40202.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40202",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T13:15:10.907",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:24:52.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <=\u00a03.4.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Hannes Etzelstorfer // codemiq WP HTML Mail en versiones &lt;= 3.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codemiq:wp_html_mail:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.4.1",
"matchCriteriaId": "EE2928CE-370A-42BB-8A57-ECB774041FA9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-html-mail/wordpress-email-template-designer-wp-html-mail-plugin-3-4-0-cross-site-request-forgery-csrf?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-405xx/CVE-2023-40558.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40558",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T14:15:10.983",
"lastModified": "2023-10-03T14:29:08.387",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:25:05.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <=\u00a03.3.5 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en eMarket Design YouTube Video Gallery mediante el complemento YouTube Showcase en versiones &lt;= 3.3.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:emarketdesign:youtube_video_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.3.6",
"matchCriteriaId": "25DFFBA3-E282-4905-9907-E6D4ECEC3191"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/youtube-showcase/wordpress-video-gallery-management-plugin-3-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-430xx/CVE-2023-43068.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43068",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.027",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:57:26.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el shell restringido en SSH. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a ejecutar comandos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-430xx/CVE-2023-43069.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43069",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.140",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:56:59.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker.\n\n"
},
{
"lang": "es",
"value": "Dell SmartFabric Storage Software v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la CLI. Un atacante local autenticado podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda una posible inyecci\u00f3n de par\u00e1metros en curl o docker."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-430xx/CVE-2023-43070.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43070",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.240",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:57:03.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de path traversal en la interfaz HTTP. Un atacante autenticado remoto podr\u00eda explotar esta vulnerabilidad, lo que podr\u00eda provocar la modificaci\u00f3n o escritura de archivos arbitrarios en ubicaciones arbitrarias del contenedor de licencias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-430xx/CVE-2023-43071.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43071",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.347",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:56:09.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene posibles vulnerabilidades para la inyecci\u00f3n de HTML o de f\u00f3rmula CVS que podr\u00edan derivar en ataques de Cross-Site Scripting en p\u00e1ginas HTML en la GUI. Un atacante autenticado remotamente podr\u00eda explotar estos problemas, lo que dar\u00eda lugar a varios ataques de inyecci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-430xx/CVE-2023-43072.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43072",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.463",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:55:43.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de control de acceso inadecuado en la CLI. Un atacante local posiblemente no autenticado podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda ejecutar comandos de shell arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-430xx/CVE-2023-43073.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43073",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:12.563",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:55:26.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data.\n\n"
},
{
"lang": "es",
"value": "El software Dell SmartFabric Storage v1.4 (y anteriores) contiene una vulnerabilidad de validaci\u00f3n de entrada incorrecta en la configuraci\u00f3n RADIUS. Un atacante remoto autenticado podr\u00eda explotar esta vulnerabilidad y obtener acceso no autorizado a los datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-437xx/CVE-2023-43702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43702",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.167",
"lastModified": "2023-10-02T20:13:12.410",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.320",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43703",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.220",
"lastModified": "2023-10-02T20:13:06.190",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.440",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43704.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43704",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.277",
"lastModified": "2023-10-02T20:12:59.533",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.543",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43705",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.337",
"lastModified": "2023-10-02T20:12:48.367",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.643",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43706",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T02:15:09.397",
"lastModified": "2023-10-02T20:12:54.877",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.737",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43707",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.233",
"lastModified": "2023-10-02T20:12:42.573",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.827",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43708",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.300",
"lastModified": "2023-10-02T20:12:36.513",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:13.910",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43709",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.363",
"lastModified": "2023-10-02T20:12:28.853",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.003",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43710",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.423",
"lastModified": "2023-10-02T20:12:21.907",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.093",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43711",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T03:15:09.487",
"lastModified": "2023-10-02T20:12:08.600",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.183",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43712",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:09.850",
"lastModified": "2023-10-02T20:22:53.103",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.273",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43713",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:09.947",
"lastModified": "2023-10-02T20:22:47.300",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.370",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43714.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43714",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.010",
"lastModified": "2023-10-02T20:22:42.630",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.457",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43715.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43715",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.077",
"lastModified": "2023-10-02T20:22:38.453",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.547",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43716.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43716",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T21:15:10.140",
"lastModified": "2023-10-02T20:22:33.860",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.647",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43717",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.347",
"lastModified": "2023-10-02T20:22:28.010",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.740",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43718.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43718",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.410",
"lastModified": "2023-10-02T20:22:22.220",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.823",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43719.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43719",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.467",
"lastModified": "2023-10-02T20:22:15.927",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:14.917",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43720",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.533",
"lastModified": "2023-10-02T20:24:18.953",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.007",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43721.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43721",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.597",
"lastModified": "2023-10-02T20:24:12.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.097",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43722",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.657",
"lastModified": "2023-10-02T20:24:07.800",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.187",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43723",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.717",
"lastModified": "2023-10-02T20:24:01.857",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.273",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

24
CVE-2023/CVE-2023-437xx/CVE-2023-43724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43724",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.777",
"lastModified": "2023-10-02T20:23:55.357",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.367",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43725",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.843",
"lastModified": "2023-10-02T20:23:49.507",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.460",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

24
CVE-2023/CVE-2023-437xx/CVE-2023-43726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43726",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.903",
"lastModified": "2023-10-02T20:23:42.153",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.553",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43727",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:10.967",
"lastModified": "2023-10-02T20:23:35.937",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.640",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43728",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.027",
"lastModified": "2023-10-02T20:25:37.520",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.733",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43729.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43729",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.097",
"lastModified": "2023-10-02T20:25:31.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:15.817",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43730",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.163",
"lastModified": "2023-10-02T20:25:14.447",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.260",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43731.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43731",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T22:15:11.227",
"lastModified": "2023-10-02T20:25:27.757",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.367",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43732.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43732",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.127",
"lastModified": "2023-10-02T20:25:22.140",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.463",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43733.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43733",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.203",
"lastModified": "2023-10-02T20:25:05.513",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.553",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43734.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43734",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.260",
"lastModified": "2023-10-02T20:24:59.287",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.643",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

28
CVE-2023/CVE-2023-437xx/CVE-2023-43735.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43735",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.320",
"lastModified": "2023-10-02T20:24:51.227",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T17:15:12.740",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

4
CVE-2023/CVE-2023-437xx/CVE-2023-43740.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43740",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.110",
"lastModified": "2023-10-04T00:15:11.980",
"vulnStatus": "Modified",
"lastModified": "2023-10-06T17:59:22.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

93
CVE-2023/CVE-2023-438xx/CVE-2023-43838.json
View File

@ -2,39 +2,114 @@
"id": "CVE-2023-43838",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T16:15:10.277",
"lastModified": "2023-10-04T18:14:55.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:14:54.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar."
},
{
"lang": "es",
"value": "Una vulnerabilidad de carga de archivos arbitrarios en Personal Management System v1.4.64 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo SVG manipulado en el avatar de un perfil de usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:personal-management-system:personal_management_system:1.4.64:*:*:*:*:*:*:*",
"matchCriteriaId": "376FB2C9-9BAC-4173-A4BC-A11FE40FFF03"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.w3.org/2000/svg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/Volmarg",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/Volmarg/personal-management-system",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Volmarg/personal-management-system/blob/39d3c0df641a5435f2028b37a27d26ba61a3b97b/src/assets/scripts/core/ui/DataProcessor/SpecialAction.ts#L35",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/rootd4ddy/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "https://github.com/rootd4ddy/CVE-2023-43838",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-439xx/CVE-2023-43980.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43980",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T23:15:12.533",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:26:51.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Se descubri\u00f3 que Presto Changeo testsitecreator hasta v1.1.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente enable_json.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:presto-changeo:testsitecreator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.1.1",
"matchCriteriaId": "911998EE-8856-4C6E-A703-713F8621D4A0"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/28/testsitecreator-89.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.presto-changeo.com/prestashop/home/158-test-site-creator.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-440xx/CVE-2023-44043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44043",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-27T15:19:35.577",
"lastModified": "2023-10-03T20:15:10.020",
"vulnStatus": "Modified",
"lastModified": "2023-10-06T17:57:41.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

55
CVE-2023/CVE-2023-442xx/CVE-2023-44233.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44233",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T16:15:15.907",
"lastModified": "2023-10-06T17:11:15.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin \u2013 FooGallery plugin <=\u00a02.2.44 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-2-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44243.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44243",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-06T16:15:15.983",
"lastModified": "2023-10-06T17:11:15.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <=\u00a01.2.1 versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/instant-css/wordpress-instant-css-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

24
CVE-2023/CVE-2023-448xx/CVE-2023-44807.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-44807",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T17:15:12.837",
"lastModified": "2023-10-06T17:15:12.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DIR-820l/bug2.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-44xx/CVE-2023-4401.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4401",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-10-05T18:15:13.087",
"lastModified": "2023-10-05T19:13:42.317",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T17:54:38.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nDell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the \u2018more\u2019 command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.\n\n"
},
{
"lang": "es",
"value": "El software de almacenamiento Dell SmartFabric v1.4 (y anteriores) contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el uso de la CLI del comando \"more\". Un atacante autenticado local o remoto podr\u00eda explotar esta vulnerabilidad, lo que le permitir\u00eda obtener acceso a nivel de root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:smartfabric_storage_software:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.1",
"matchCriteriaId": "9BD8875C-3CAC-443C-A6B5-FE7F702B5DFD"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000218107/dsa-2023-347-dell-smartfabric-storage-software-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-44xx/CVE-2023-4491.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4491",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:25.823",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:23:29.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en Easy Address Book Web Server versi\u00f3n 1.6. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante enviar un nombre de usuario muy largo a /searchbook.ghp, solicitando el nombre mediante una solicitud POST, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina remota."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-44xx/CVE-2023-4492.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4492",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:25.910",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:21:08.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded"
},
{
"lang": "es",
"value": "Vulnerabilidad en la versi\u00f3n 1.6 de Easy Address Book Web Server, que afecta los par\u00e1metros (nombre, tel\u00e9fono particular, apellido, segundo nombre, direcci\u00f3n de trabajo, ciudad de trabajo, pa\u00eds de trabajo, tel\u00e9fono de trabajo, estado de trabajo y zip de trabajo) del archivo /addrbook.ghp, lo que permite a un atacante inyectar un payload de JavaScript. especialmente manipulado para ejecutarse cuando la aplicaci\u00f3n est\u00e1 cargada"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-44xx/CVE-2023-4493.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4493",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:25.987",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:20:31.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) en Easy Address Book Web Server versi\u00f3n 1.6, a trav\u00e9s del archivo users_admin.ghp que afecta m\u00faltiples par\u00e1metros como (nombre, tel\u00e9fono particular, apellido, apellido, segundo nombre, direcci\u00f3n de trabajo, ciudad de trabajo, pa\u00eds de trabajo, tel\u00e9fono de trabajo, estado de trabajo, zip de trabajo). Esta vulnerabilidad permite a un atacante remoto almacenar un payload de JavaScript malicioso en la aplicaci\u00f3n para ejecutarla cuando se carga la p\u00e1gina, lo que afecta la integridad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_address_book_web_server_project:easy_address_book_web_server:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5C9543-0A62-454D-AB8D-EDDFA485E2B0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-44xx/CVE-2023-4494.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4494",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:26.057",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:20:06.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine."
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento del b\u00fafer en la versi\u00f3n 3.1 de Easy Chat Server. Un atacante podr\u00eda enviar un nombre de usuario excesivamente largo al archivo register.ghp solicitando el nombre mediante una solicitud GET, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en la m\u00e1quina remota."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8A1B0D-1E87-44C2-958E-742264C49145"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-44xx/CVE-2023-4495.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4495",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:26.127",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:19:45.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp."
},
{
"lang": "es",
"value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /registresult.htm (m\u00e9todo POST), en el par\u00e1metro Resume. El XSS se carga desde /register.ghp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-44xx/CVE-2023-4496.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4496",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:26.193",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:18:42.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter."
},
{
"lang": "es",
"value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) almacenada a trav\u00e9s de /body2.ghp (m\u00e9todo POST), en el par\u00e1metro mtowho."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-44xx/CVE-2023-4497.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4497",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-04T13:15:26.267",
"lastModified": "2023-10-04T14:16:47.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-06T16:31:00.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp."
},
{
"lang": "es",
"value": "Easy Chat Server, en su versi\u00f3n 3.1 y anteriores, no cifra suficientemente las entradas controladas por el usuario, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /registresult.htm (m\u00e9todo POST), en el par\u00e1metro Icon. El XSS se carga desde /users.ghp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:easy_chat_server_project:easy_chat_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "561066D5-EAB9-4201-AABF-B63A3461D4DF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-efs-software-products",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-10-06T06:15:12.157",
"lastModified": "2023-10-06T17:15:12.893",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -138,6 +138,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
"source": "secalert@redhat.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
"source": "secalert@redhat.com"

18
CVE-2023/CVE-2023-50xx/CVE-2023-5053.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5053",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-28T21:15:10.447",
"lastModified": "2023-10-02T18:10:08.777",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-06T16:15:16.057",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "help@fluidattacks.com",
"type": "Primary",
"description": [
{
@ -70,7 +70,7 @@
]
},
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{

4
CVE-2023/CVE-2023-51xx/CVE-2023-5111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5111",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2023-09-30T23:15:40.377",
"lastModified": "2023-10-04T00:15:12.257",
"vulnStatus": "Modified",
"lastModified": "2023-10-06T17:58:29.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More