admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-20T16:00:24.580431+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-20 16:00:28 +00:00
parent 7e6c07883e
commit f3342a693f
69 changed files with 5343 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2019/CVE-2019-194xx/CVE-2019-19450.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2019-19450",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:12.310",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code=\"' followed by arbitrary Python code, a similar issue to CVE-2019-17626."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MrBitBucket/reportlab-mirror/blob/master/CHANGES.md",
"source": "cve@mitre.org"
},
{
"url": "https://pastebin.com/5MicRrr4",
"source": "cve@mitre.org"
}
]
}

67
CVE-2022/CVE-2022-14xx/CVE-2022-1438.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2022-1438",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T14:15:12.607",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:1043",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1044",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1045",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1049",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-1438",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031904",
"source": "secalert@redhat.com"
}
]
}

18
CVE-2022/CVE-2022-301xx/CVE-2022-30114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-19T12:15:09.340",
"lastModified": "2023-05-26T18:07:15.257",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-20T15:15:11.437",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -105,20 +105,6 @@
}
],
"references": [
{
"url": "http://fastgate.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://fastweb.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://str0ng4le.github.io/jekyll/update/2023/05/12/fastgate-bof-cve-2022-30114/",
"source": "cve@mitre.org",

87
CVE-2022/CVE-2022-39xx/CVE-2022-3916.json Normal file
View File

@ -0,0 +1,87 @@
{
"id": "CVE-2022-3916",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T15:15:11.583",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2022:8961",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8962",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8963",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8964",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2022:8965",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1043",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1044",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1045",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1047",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:1049",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3916",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141404",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2022/CVE-2022-454xx/CVE-2022-45448.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45448",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.180",
"lastModified": "2023-09-20T13:15:11.180",
"vulnStatus": "Received",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-01xx/CVE-2023-0118.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-0118",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T14:15:12.827",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:4466",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0118",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2159291",
"source": "secalert@redhat.com"
}
]
}

47
CVE-2023/CVE-2023-04xx/CVE-2023-0462.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-0462",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-20T14:15:12.990",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0462",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162970",
"source": "secalert@redhat.com"
}
]
}

4
CVE-2023/CVE-2023-08xx/CVE-2023-0829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0829",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-09-20T13:15:11.547",
"lastModified": "2023-09-20T13:15:11.547",
"vulnStatus": "Received",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2233
CVE-2023/CVE-2023-288xx/CVE-2023-28831.json
View File

File diff suppressed because it is too large Load Diff

71
CVE-2023/CVE-2023-28xx/CVE-2023-2848.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2848",
"sourceIdentifier": "report@snyk.io",
"published": "2023-09-14T12:15:07.737",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:08:13.750",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation."
},
{
"lang": "es",
"value": "Movim anterior a la versi\u00f3n 0.22 se ve afectado por una vulnerabilidad de Cross-Site WebSocket Hijacking. Este fue el resultado de una validaci\u00f3n de encabezado faltante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
},
{
"source": "report@snyk.io",
"type": "Secondary",
@ -46,18 +80,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:movim:movim:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.22",
"matchCriteriaId": "A1A64DAC-B509-400D-88DE-4726C3A0C9D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Patch"
]
},
{
"url": "https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff",
"source": "report@snyk.io"
"source": "report@snyk.io",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-320xx/CVE-2023-32005.json
View File

@ -1,20 +1,82 @@
{
"id": "CVE-2023-32005",
"sourceIdentifier": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-12T02:15:11.863",
"lastModified": "2023-09-12T11:52:05.517",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:11:22.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument.\n\nThis flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la versi\u00f3n 20 de Node.js, que afecta a los usuarios del modelo de permisos experimental cuando se utiliza el indicador --allow-fs-read con un argumento \"non-*\". Esta falla surge de un modelo de permisos inadecuado que no logra restringir las estad\u00edsticas de archivos a trav\u00e9s de la API `fs.statfs`. Como resultado, los actores maliciosos pueden recuperar estad\u00edsticas de archivos a los que no tienen acceso de lectura expl\u00edcito. Esta vulnerabilidad afecta a todos los usuarios que utilizan el modelo de permiso experimental en Node.js 20. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el modelo de permiso es una caracter\u00edstica experimental de Node.js."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndIncluding": "20.6.1",
"matchCriteriaId": "8FFDCDFB-D221-4F5A-BEC6-C3A6F2F5A5F3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://hackerone.com/reports/2051224",
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1"
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-326xx/CVE-2023-32643.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32643",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.770",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:32:32.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en GLib. El c\u00f3digo de deserializaci\u00f3n de GVariant es vulnerable a un desbordamiento del b\u00fafer introducido por la soluci\u00f3n para CVE-2023-32665. Este error no afecta a ninguna versi\u00f3n publicada de GLib, pero s\u00ed afecta a los distribuidores de GLib que siguieron las instrucciones de los desarrolladores de GLib para respaldar la soluci\u00f3n inicial para CVE-2023-32665."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.75.1",
"matchCriteriaId": "510DFD41-BCB1-4BCA-B1CE-261DFAB2BD8A"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2840",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
}
]
}

8
CVE-2023/CVE-2023-33xx/CVE-2023-3341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3341",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:11.770",
"lastModified": "2023-09-20T13:15:11.770",
"vulnStatus": "Received",
"lastModified": "2023-09-20T15:15:11.727",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"source": "security-officer@isc.org"
},
{
"url": "https://kb.isc.org/docs/cve-2023-3341",
"source": "security-officer@isc.org"

108
CVE-2023/CVE-2023-364xx/CVE-2023-36479.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36479",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T19:15:08.387",
"lastModified": "2023-09-17T12:01:22.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:59:11.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n"
},
{
"lang": "es",
"value": "Eclipse Jetty Canonical Repository es el repositorio can\u00f3nico para el proyecto Jetty. Los usuarios de CgiServlet con una estructura de comando muy espec\u00edfica pueden ejecutar el comando incorrecto. Si un usuario env\u00eda una solicitud a un servlet org.eclipse.jetty.servlets.CGI para un binario con un espacio en su nombre, el servlet escapar\u00e1 del comando envolvi\u00e9ndolo entre comillas. Este comando empaquetado, m\u00e1s un prefijo de comando opcional, se ejecutar\u00e1 mediante una llamada a Runtime.exec. Si el nombre binario original proporcionado por el usuario contiene una comilla seguida de un espacio, la l\u00ednea de comando resultante contendr\u00e1 varios tokens en lugar de uno. Este problema se solucion\u00f3 en las versiones 9.4.52, 10.0.16, 11.0.16 y 12.0.0-beta2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +70,94 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.4.52",
"matchCriteriaId": "64EE3E5D-9A4F-4C6A-B723-101CF69F89F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.16",
"matchCriteriaId": "1D15B5CF-CDFA-4303-8A9F-CF2FAD8E10CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.16",
"matchCriteriaId": "9153C468-135C-49C4-B33B-1828E37AF483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:12.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "CA07CE23-17D8-4EFB-A6A2-97CCB8FF8461"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:12.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9A862281-65C6-47DC-9A13-521B9187C7CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:12.0.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "4B999249-2A88-4270-8401-07CF57157D23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:12.0.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "C591F4A5-8A66-4A08-B969-C4264A98C7CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:12.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "9B9C2A15-1AC2-4DFA-849E-63657784FA3D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse/jetty.project/pull/9516",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9888",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9889",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37263.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37263",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T19:15:08.637",
"lastModified": "2023-09-17T12:01:22.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:38:23.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue."
},
{
"lang": "es",
"value": "Strapi es un sistema de gesti\u00f3n de contenidos headless de c\u00f3digo abierto. Antes de la versi\u00f3n 4.12.1, los permisos a nivel de campo no se respetaban en el t\u00edtulo de la relaci\u00f3n. Si un actor tiene un t\u00edtulo de relaci\u00f3n y la relaci\u00f3n muestra un campo para el que no tiene permiso para ver, el campo seguir\u00e1 estando visible. La versi\u00f3n 4.12.1 tiene una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.12.1",
"matchCriteriaId": "F8A80799-A87E-41E1-9D7B-9F27E85A29BD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.12.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-m284-85mf-cgrc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-380xx/CVE-2023-38039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38039",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-15T04:15:10.127",
"lastModified": "2023-09-16T03:15:10.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:08:11.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,93 @@
"value": "Cuando curl recupera una respuesta HTTP, almacena los encabezados entrantes para que se pueda acceder a ellos m\u00e1s tarde a trav\u00e9s de la API de encabezados libcurl. Sin embargo, curl no ten\u00eda un l\u00edmite en cuanto a la cantidad o el tama\u00f1o de encabezados que aceptar\u00eda en una respuesta, lo que permit\u00eda que un servidor malicioso transmitiera una serie interminable de encabezados y, finalmente, provocara que curl se quedara sin memoria din\u00e1mica."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.84.0",
"versionEndExcluding": "8.3.0",
"matchCriteriaId": "BB4B1B0E-7087-4220-A58A-D084F7325B66"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/2072338",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Mailing List"
]
}
]
}

70
CVE-2023/CVE-2023-380xx/CVE-2023-38040.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-38040",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-09-17T05:15:10.213",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:42:07.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.1",
"matchCriteriaId": "D4105460-20E1-45B8-80B1-DA8041D6B7B1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://hackerone.com/reports/1694171",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

48
CVE-2023/CVE-2023-385xx/CVE-2023-38558.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38558",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-09-14T11:15:07.643",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:03:07.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en SIMATIC PCS neo (Consola de administraci\u00f3n) V4.0 (todas las versiones), SIMATIC PCS neo (Consola de administraci\u00f3n) V4.0 Update 1 (todas las versiones). La aplicaci\u00f3n afectada pierde las credenciales de administrador de Windows. Un atacante con acceso local a la Consola de Administraci\u00f3n podr\u00eda obtener las credenciales y hacerse pasar por el usuario administrador, obteniendo as\u00ed acceso de administrador a otros sistemas Windows."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +60,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DE7A5B02-CA5E-4741-BF1B-CCF52006078B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:simatic_pcs_neo:4.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "C0EF78CE-A542-4770-9C07-EB328E852400"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-646240.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-388xx/CVE-2023-38891.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-38891",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T23:15:07.587",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:29:35.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Vtiger CRM v.7.5.0 permite a un atacante remoto autenticado escalar privilegios a trav\u00e9s de la funci\u00f3n getQueryColumnsList en ReportRun.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vtiger:vtiger_crm:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED159B0-85DF-49E3-8C5E-E82F215A3E1C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Reports/ReportRun.php#L395",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/jselliott/CVE-2023-38891",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-396xx/CVE-2023-39641.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2023-39641",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T00:15:07.623",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:18:25.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent()."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Active Design psaffiliate anterior a v1.9.8 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:activedesign:full_affiliates:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.9.8",
"matchCriteriaId": "45A21203-4D01-4F3D-8176-93C57D7D61CD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://addons.prestashop.com/fr/referencement-payant-affiliation/26226-full-affiliates.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://security.friendsofpresta.org/modules/2023/08/31/psaffiliate.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-409xx/CVE-2023-40982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40982",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T03:15:09.047",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:39:26.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "Una vulnerabilidad cross-site scripting (XSS) almacenadas en Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de payload elaborado inyectado en el m\u00f3dulo clonado en el par\u00e1metro nombre."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED"
}
]
}
]
}
],
"references": [
{
"url": "http://webmin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

78
CVE-2023/CVE-2023-419xx/CVE-2023-41900.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41900",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.600",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:20:42.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue."
},
{
"lang": "es",
"value": "Jetty es un servidor web y motor de servlet basado en Java. Las versiones 9.4.21 a 9.4.51, 10.0.15 y 11.0.15 son vulnerables a una autenticaci\u00f3n d\u00e9bil. Si un `OpenIdAuthenticator` de Jetty usa el `LoginService` anidado opcional, y ese `LoginService` decide revocar a un usuario ya autenticado, entonces la solicitud actual seguir\u00e1 tratando al usuario como autenticado. Luego, la autenticaci\u00f3n se borra de la sesi\u00f3n y las solicitudes posteriores no se tratar\u00e1n como autenticadas. Por lo tanto, se podr\u00eda permitir que una solicitud en una sesi\u00f3n previamente autenticada omita la autenticaci\u00f3n despu\u00e9s de haber sido rechazada por \"LoginService\". Esto afecta los usos de jetty-openid que han configurado un \"LoginService\" anidado y donde ese \"LoginService\" ser\u00e1 capaz de rechazar usuarios previamente autenticados. Las versiones 9.4.52, 10.0.16 y 11.0.16 tienen un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.21",
"versionEndExcluding": "9.4.52",
"matchCriteriaId": "3A0E2B68-3CC4-45A2-955B-15977887458B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.16",
"matchCriteriaId": "1D15B5CF-CDFA-4303-8A9F-CF2FAD8E10CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndExcluding": "11.0.16",
"matchCriteriaId": "9153C468-135C-49C4-B33B-1828E37AF483"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse/jetty.project/pull/9528",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9660",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-419xx/CVE-2023-41902.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-41902",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.217",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/NSEcho/5d048a0796ceef59d6b1df1659bd1057",
"source": "cve@mitre.org"
},
{
"url": "https://www.corecode.io/macupdater/history2.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.corecode.io/macupdater/history3.html",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-422xx/CVE-2023-42270.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-42270",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-15T14:15:11.137",
"lastModified": "2023-09-15T16:20:53.853",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:50:37.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF)."
},
{
"lang": "es",
"value": "Grocy &lt;= 4.0.2 es vulnerable a Cross Site Request Forgery (CSRF)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grocy_project:grocy:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.2",
"matchCriteriaId": "5D58ABC4-131B-4873-BBB7-1FB0F42AD00F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://xploit.sh/posts/cve-2023-xxxxx/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

52
CVE-2023/CVE-2023-424xx/CVE-2023-42439.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42439",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.780",
"lastModified": "2023-09-17T12:01:04.570",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:08:36.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available."
},
{
"lang": "es",
"value": "GeoNode es una plataforma de c\u00f3digo abierto que facilita la creaci\u00f3n, el intercambio y el uso colaborativo de datos geoespaciales. Existe una vulnerabilidad SSRF a partir de la versi\u00f3n 3.2.0, que pasa por alto los controles existentes en el software. Esto puede permitir a un usuario solicitar servicios internos para una SSRF de lectura completa, devolviendo cualquier dato de la red interna. La aplicaci\u00f3n utiliza una lista blanca, pero se puede omitir la lista blanca. La omisi\u00f3n enga\u00f1ar\u00e1 a la aplicaci\u00f3n dici\u00e9ndole que el primer host es una direcci\u00f3n incluida en la lista blanca, pero el navegador usar\u00e1 `@` o `%40` como credencial para el geoservidor del host en el puerto 8080, lo que devolver\u00e1 los datos a ese host en la respuesta. Al momento de la publicaci\u00f3n, no hay ninguna versi\u00f3n parcheada disponible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:geosolutionsgroup:geonode:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"matchCriteriaId": "69FA4757-D421-4F1E-AA1C-767EA3785C47"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-424xx/CVE-2023-42464.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T15:15:11.817",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Netatalk/netatalk/issues/486",
"source": "cve@mitre.org"
},
{
"url": "https://netatalk.sourceforge.io/",
"source": "cve@mitre.org"
},
{
"url": "https://netatalk.sourceforge.io/2.0/htmldocs/afpd.8.html",
"source": "cve@mitre.org"
}
]
}

27
CVE-2023/CVE-2023-42xx/CVE-2023-4231.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4231",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:07.867",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:34:03.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cevik:informatics_online_payment_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.09",
"matchCriteriaId": "F05F7343-C728-4D01-A343-A3DB74714563"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0532",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-42xx/CVE-2023-4236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4236",
"sourceIdentifier": "security-officer@isc.org",
"published": "2023-09-20T13:15:12.313",
"lastModified": "2023-09-20T13:15:12.313",
"vulnStatus": "Received",
"lastModified": "2023-09-20T15:15:12.167",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
@ -35,6 +35,10 @@
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2",
"source": "security-officer@isc.org"
},
{
"url": "https://kb.isc.org/docs/cve-2023-4236",
"source": "security-officer@isc.org"

20
CVE-2023/CVE-2023-431xx/CVE-2023-43196.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43196",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.437",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug4.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43197.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43197",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.497",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43198.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.710",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug5.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43199.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:13.893",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug6.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43200.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43200",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.007",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug3.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-432xx/CVE-2023-43201.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43201",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.173",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DI-7200GV2/bug2.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43202.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.340",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug4.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43203.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43203",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.513",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43204.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43204",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.643",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43206.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43206",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.793",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug6.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-432xx/CVE-2023-43207.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43207",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T14:15:14.963",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/D-Link/DWL-6610/bug3.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-434xx/CVE-2023-43477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43477",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T13:15:12.047",
"lastModified": "2023-09-20T13:15:12.047",
"vulnStatus": "Received",
"lastModified": "2023-09-20T14:13:22.137",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

43
CVE-2023/CVE-2023-434xx/CVE-2023-43478.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-43478",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2023-09-20T14:15:15.127",
"lastModified": "2023-09-20T14:25:39.550",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnreport@tenable.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.tenable.com/security/research/tra-2023-19",
"source": "vulnreport@tenable.com"
}
]
}

73
CVE-2023/CVE-2023-436xx/CVE-2023-43616.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43616",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T06:15:10.523",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-20T15:17:16.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,78 @@
"value": "Se descubri\u00f3 un problema en Croc hasta la versi\u00f3n 9.6.5. Un remitente puede hacer que un receptor sobrescriba archivos durante la extracci\u00f3n ZIP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schollz:croc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.6.5",
"matchCriteriaId": "5B173A01-5175-444D-9651-68AD4E2C30C2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/schollz/croc/issues/594",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/08/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-436xx/CVE-2023-43630.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43630",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-20T15:15:11.877",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201d key, but\ndue to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the \u201cvault\u201d key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n\u201c7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4\u201d, this is no longer the case for PCR14, as\nthe code in \u201cmeasurefs.go\u201d explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the \u201cvault\u201d\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted \u201cvault\u201d \n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-328"
},
{
"lang": "en",
"value": "CWE-522"
},
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/config-partition-not-measured-from-2-fronts/",
"source": "cve@asrg.io"
}
]
}

59
CVE-2023/CVE-2023-436xx/CVE-2023-43635.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43635",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-20T15:15:11.987",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nVault Key Sealed With SHA1 PCRs\n\n\n\n\n\n\nThe measured boot solution implemented in EVE OS leans on a PCR locking mechanism.\n\nDifferent parts of the system update different PCR values in the TPM, resulting in a unique\nvalue for each PCR entry.\n\nThese PCRs are then used in order to seal/unseal a key from the TPM which is used to\nencrypt/decrypt the \u201cvault\u201d directory.\n\nThis \u201cvault\u201d directory is the most sensitive point in the system and as such, its content should\nbe protected.\n\nThis mechanism is noted in Zededa\u2019s documentation as the \u201cmeasured boot\u201d mechanism,\ndesigned to protect said \u201cvault\u201d.\n\nThe code that\u2019s responsible for generating and fetching the key from the TPM assumes that\nSHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being\nchecked.\n\nThe issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs.\nThis leads to several issues:\n\n\u2022 Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well\nas not sealing their keys at all, meaning the \u201cvault\u201d is not protected from an attacker.\n\n\u2022 SHA1 is considered insecure and reduces the complexity level required to unseal the\nkey in machines which have their SHA1 PCRs enabled.\n\n\n\nAn attacker can very easily retrieve the contents of the \u201cvault\u201d, which will effectively render\nthe \u201cmeasured boot\u201d mechanism meaningless.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-328"
},
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/vault-key-sealed-with-sha1-pcrs/",
"source": "cve@asrg.io"
}
]
}

55
CVE-2023/CVE-2023-436xx/CVE-2023-43636.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-43636",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-20T15:15:12.063",
"lastModified": "2023-09-20T15:21:11.573",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIn EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromised device from accessing\nthe encrypted data located in the vault.\n\nAs per the \u201cmeasured boot\u201d design, the PCR values calculated at different stages of the boot\nprocess will change if any of their respective parts are changed.\n\nThis includes, among other things, the configuration of the bios, grub, the kernel cmdline,\ninitrd, and more.\n\nHowever, this mechanism does not validate the entire rootfs, so an attacker can edit the\nfilesystem and gain control over the system.\n\nAs the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4,\nwhich is easily changeable.\n\nThis will not stop an attacker, as an attacker can repackage the squashfs with their changes\nin it and replace the partition altogether.\n\nThis can also be done directly on the device, as the \u201c003-storage-init\u201d container contains the\n\u201cmksquashfs\u201d and \u201cunsquashfs\u201d binaries (with the corresponding libs).\n\n\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the \u201cmeasured boot\u201d mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n\u2022 aa3501d6c57206ced222c33aea15a9169d629141\n\n\u2022 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@asrg.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://asrg.io/security-advisories/19274/",
"source": "cve@asrg.io"
}
]
}

52
CVE-2023/CVE-2023-45xx/CVE-2023-4516.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4516",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2023-09-14T09:15:08.610",
"lastModified": "2023-09-14T13:01:03.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:03:29.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update\nService that could allow a local attacker to change update source, potentially leading to remote\ncode execution when the attacker force an update containing malicious content.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad \"CWE-306: Autenticaci\u00f3n Faltante para Funciones Cr\u00edticas\" en el servicio de actualizaci\u00f3n IGSS que podr\u00eda permitir a un atacante local cambiar la fuente de actualizaci\u00f3n, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo cuando el atacante fuerce una actualizaci\u00f3n que contenga contenido malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cybersecurity@se.com",
"type": "Secondary",
@ -46,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:interactive_graphical_scada_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "16.0.0.23211",
"matchCriteriaId": "93B0387C-D40E-446F-AD55-4214804A0B4D"
}
]
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-255-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-255-01.pdf",
"source": "cybersecurity@se.com"
"source": "cybersecurity@se.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-46xx/CVE-2023-4661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4661",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:07.907",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:09:24.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saphira:connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0",
"matchCriteriaId": "19925FD3-7CDB-4EEE-A6E8-AB9CA34E7CC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0535",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-46xx/CVE-2023-4663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4663",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.133",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:13:47.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +60,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:saphira:connect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0",
"matchCriteriaId": "19925FD3-7CDB-4EEE-A6E8-AB9CA34E7CC1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0535",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-46xx/CVE-2023-4670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4670",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:08.063",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:24:30.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:innosa_probbys_project:innosa_probbys:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2",
"matchCriteriaId": "BD7E053C-D1F9-41F8-B138-4F341EC26FDE"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0531",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

97
CVE-2023/CVE-2023-46xx/CVE-2023-4680.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4680",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-09-15T00:15:07.967",
"lastModified": "2023-09-15T00:31:20.767",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:55:39.430",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11."
},
{
"lang": "es",
"value": "El motor de secretos de tr\u00e1nsito de HashiCorp Vault y Vault Enterprise permiti\u00f3 a los usuarios autorizados especificar nonces arbitrarios, incluso con el cifrado convergente deshabilitado. El punto final de cifrado, en combinaci\u00f3n con un ataque fuera de l\u00ednea, podr\u00eda usarse para descifrar texto cifrado arbitrario y potencialmente derivar la subclave de autenticaci\u00f3n cuando se utiliza el motor de secretos de tr\u00e1nsito sin cifrado convergente. Introducido en 1.6.0 y corregido en 1.14.3, 1.13.7 y 1.12.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -46,10 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndExcluding": "1.12.11",
"matchCriteriaId": "88214AA6-BE16-44D0-8BF3-961AA4F4912C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.6.0",
"versionEndExcluding": "1.12.11",
"matchCriteriaId": "308AEF45-E549-4EA3-8028-3A95978BF44C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.7",
"matchCriteriaId": "1190B84C-4AE0-4353-A7B3-64B646E4BCA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.7",
"matchCriteriaId": "148E1E7C-5DB9-4261-BF3B-A54C8B5F43EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.14.0",
"versionEndExcluding": "1.14.3",
"matchCriteriaId": "931AAAF6-4AB0-46EB-A03F-FF98A22867C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.14.0",
"versionEndExcluding": "1.14.3",
"matchCriteriaId": "778CBB0C-2739-4733-871A-9B053843FADC"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2023/CVE-2023-48xx/CVE-2023-4831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4831",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T08:15:08.147",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:08:53.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:weather:ncode_ncep:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230914",
"matchCriteriaId": "0E571B42-5773-4719-AA59-3692C4569016"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0529-2",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2023/CVE-2023-48xx/CVE-2023-4833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4833",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.423",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:59:26.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:besttem_network_marketing_project:besttem_network_marketing:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.2309.6",
"matchCriteriaId": "603ED223-AED1-4892-B7D6-23B2859B67F0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0533",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2023/CVE-2023-48xx/CVE-2023-4835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4835",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-15T09:15:08.607",
"lastModified": "2023-09-15T12:51:51.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:06:08.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +48,43 @@
"value": "CWE-89"
}
]
},
{
"source": "cve@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:petroleum_management_software_application_project:petroleum_management_software_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20230912",
"matchCriteriaId": "4895F736-517B-41B3-8059-CC86D9F76397"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0533",
"source": "cve@usom.gov.tr"
"source": "cve@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-49xx/CVE-2023-4973.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4973",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-15T02:15:08.367",
"lastModified": "2023-09-15T16:15:07.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T14:59:53.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:creativeitem:academy_lms:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "80460466-B428-4CAE-A420-70D9C13CF5F1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.239749",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239749",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-50xx/CVE-2023-5019.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5019",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T04:15:11.460",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:41:46.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tongda OA y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo general/hr/manage/staff_reinstatement/delete.php. La manipulaci\u00f3n del argumento REINSTATEMENT_ID conduce a la inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 11.10 puede solucionar este problema. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-239860."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.10",
"matchCriteriaId": "17F21834-2024-4969-BB2C-1C56D7C85F5D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ggg48966/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239860",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239860",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-50xx/CVE-2023-5020.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5020",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T05:15:10.283",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:42:14.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239861 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en 07FLY CRM V2 y clasificada como cr\u00edtica. Este problema afecta a un procesamiento desconocido del archivo /index.php/sysmanage/Login/login_auth/ del componente P\u00e1gina de Inicio de Sesi\u00f3n del Adminsitrador. La manipulaci\u00f3n del argumento account conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-239861."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:07fly:customer_relationship_management:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACF0250F-E01B-4A3B-B699-E6F89BC04A8F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chosir/exp/tree/main",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239861",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239861",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-50xx/CVE-2023-5021.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T05:15:10.370",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:42:33.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester AC Repair and Services System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo admin/?page=system_info/contact_information es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento telephone/mobile/address conduce a secuencias de comandos entre sitios. Es posible lanzar el ataque de forma remota. VDB-239862 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,14 +97,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:ac_repair_and_services_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05923259-9480-4FD7-AE20-DCD4D8B79498"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239862",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239862",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-50xx/CVE-2023-5022.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T06:15:07.530",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:45:39.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en DedeCMS hasta 5.7.100 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /include/dialog/select_templets_post.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ruta activa conduce a un Path Traversal absoluto. El identificador asociado de esta vulnerabilidad es VDB-239863."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.7.100",
"matchCriteriaId": "49210FC1-84C6-456F-9EE9-3EAFDEBA6182"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bayuncao/DEDEcms",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239863",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239863",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-50xx/CVE-2023-5023.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5023",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T07:15:09.927",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:45:16.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a una funcionalidad desconocida del archivo general/hr/manage/staff_relatives/delete.php. La manipulaci\u00f3n del argumento RELATIVES_ID conduce a una inyecci\u00f3n sql. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. El identificador de esta vulnerabilidad es VDB-239864."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A77F4CAB-A2ED-4AFF-B9C7-03C69B14AE9D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/RCEraser/cve/blob/main/sql_inject_3.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239864",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239864",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-50xx/CVE-2023-5024.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5024",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T07:15:10.063",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:45:10.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Planno 23.04.04. Se ha clasificado como problem\u00e1tica. Afecta a una parte desconocida del componente Comment Handler. La manipulaci\u00f3n conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. Se ha asignado a esta vulnerabilidad el identificador VDB-239865."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,22 +97,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:planno:planning_biblio:23.04.04:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8D1FCC-920B-4E42-900A-9C38563C798F"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.planno.fr/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://youtu.be/evdhcUlD1EQ",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-50xx/CVE-2023-5025.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5025",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T07:15:10.153",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:44:37.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en KOHA hasta el 23.05.03. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /cgi-bin/koha/catalogue/search.pl del componente MARC. La manipulaci\u00f3n conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-239866 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.05.03",
"matchCriteriaId": "FF9BC848-073A-4AB2-8ADF-3EDA92766E4A"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.239866",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239866",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=b5107YkpgaM",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-50xx/CVE-2023-5026.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T10:15:07.560",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:43:52.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Tongda OA 11.10. Se ve afectada una funci\u00f3n desconocida del archivo /general/ipanel/menu_code.php?MENU_TYPE=FAV. La manipulaci\u00f3n del argumento OA_SUB_WINDOW conduce a cross site scripting. Es posible lanzar el ataque de forma remota. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. El identificador de esta vulnerabilidad es VDB-239868."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,7 +87,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +95,56 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8F52BB0F-F178-4DFE-AE9E-6C91D2137799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Mykonos-x/cve/tree/main/cve/tongda/v11/xss",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.239868",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239868",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T17:15:44.610",
"lastModified": "2023-09-18T00:49:33.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:43:04.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:razormist:simple_membership_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F68A34B4-9A49-46AB-A32A-D94C57365FC8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LianghaoW/CveHub/blob/main/Simple-Membership-System%20club_validator.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239869",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239869",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

87
CVE-2023/CVE-2023-50xx/CVE-2023-5028.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5028",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T11:15:07.420",
"lastModified": "2023-09-17T12:00:56.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:42:56.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Este problema afecta a una funcionalidad desconocida. La manipulaci\u00f3n conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s del archivo de registro de depuraci\u00f3n. Es posible lanzar el ataque en el dispositivo f\u00edsico. La complejidad del ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido revelado al p\u00fablico y puede ser utilizado. VDB-239870 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -61,8 +87,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +107,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:chinaunicom:tewa-800g_firmware:4.16l.04_ct2015_yueme:*:*:*:*:*:*:*",
"matchCriteriaId": "A9AD3BEE-C761-4848-88C8-6F67FF4B18D8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:chinaunicom:tewa-800g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33B35019-18EC-4B31-B2F4-5EF8816E3D84"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pinglan123/-/wiki/%E4%B8%AD%E5%9B%BD%E8%81%94%E9%80%9A%E5%AE%B6%E7%94%A8%E7%BD%91%E5%85%B3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239870",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239870",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-50xx/CVE-2023-5029.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T22:15:46.303",
"lastModified": "2023-09-18T00:49:33.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:43:17.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '\"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como cr\u00edtica fue encontrada en mcms 2.6 . Esto afecta a una parte desconocida del archivo /category/order/hits/copyright/46/finish/1/list/1. La manipulaci\u00f3n con la entrada '\"1 conduce a la inyecci\u00f3n de SQL. El exploit se ha divulgado al p\u00fablico y puede usarse. El identificador asociado de esta vulnerabilidad es VDB-239871."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chshcms:mccms:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8CE475-6841-4A82-8021-719D1FA0F5EE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1541284314/cve/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239871",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239871",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2023/CVE-2023-50xx/CVE-2023-5030.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-17T22:15:47.503",
"lastModified": "2023-09-18T00:49:33.877",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-20T15:43:26.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Tongda OA hasta 11.10 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo general/hr/recruit/plan/delete.php. La manipulaci\u00f3n del argumento PLAN_ID conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-239872."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_oa:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.10",
"matchCriteriaId": "C9499005-4C72-4FA6-99EB-749B5AF3F4BE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/husterdjx/cve/blob/main/sql1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.239872",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.239872",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-50xx/CVE-2023-5062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5062",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-20T03:15:14.073",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-20T15:23:45.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,18 +70,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpartisan:wordpress_charts:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.7.0",
"matchCriteriaId": "6B5EA45B-0534-44F2-9EC2-9EE8E045DEBF"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L223",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-charts/tags/0.7.0/wordpress_charts_js.php#L229",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2de2d2c5-1373-45b6-93a0-575713226669?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-50xx/CVE-2023-5063.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5063",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-20T03:15:14.457",
"lastModified": "2023-09-20T10:48:49.100",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-20T15:36:50.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stefanoai:widget_responsive_for_youtube:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "3CC5978E-CCEE-4AE3-8C38-0D1D25414BA4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/youtube-widget-responsive/trunk/youtube-widget-responsive.php?rev=2905626#L246",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2968766/youtube-widget-responsive#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

88
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-20T14:00:25.508157+00:00
2023-09-20T16:00:24.580431+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-20T13:46:09.607000+00:00
2023-09-20T15:59:11.650000+00:00
```
### Last Data Feed Release
@ -29,50 +29,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225894
225916
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `22`
* [CVE-2022-45448](CVE-2022/CVE-2022-454xx/CVE-2022-45448.json) (`2023-09-20T13:15:11.180`)
* [CVE-2023-5042](CVE-2023/CVE-2023-50xx/CVE-2023-5042.json) (`2023-09-20T12:15:12.077`)
* [CVE-2023-0829](CVE-2023/CVE-2023-08xx/CVE-2023-0829.json) (`2023-09-20T13:15:11.547`)
* [CVE-2023-3341](CVE-2023/CVE-2023-33xx/CVE-2023-3341.json) (`2023-09-20T13:15:11.770`)
* [CVE-2023-43477](CVE-2023/CVE-2023-434xx/CVE-2023-43477.json) (`2023-09-20T13:15:12.047`)
* [CVE-2023-4236](CVE-2023/CVE-2023-42xx/CVE-2023-4236.json) (`2023-09-20T13:15:12.313`)
* [CVE-2019-19450](CVE-2019/CVE-2019-194xx/CVE-2019-19450.json) (`2023-09-20T14:15:12.310`)
* [CVE-2022-1438](CVE-2022/CVE-2022-14xx/CVE-2022-1438.json) (`2023-09-20T14:15:12.607`)
* [CVE-2022-3916](CVE-2022/CVE-2022-39xx/CVE-2022-3916.json) (`2023-09-20T15:15:11.583`)
* [CVE-2023-0118](CVE-2023/CVE-2023-01xx/CVE-2023-0118.json) (`2023-09-20T14:15:12.827`)
* [CVE-2023-0462](CVE-2023/CVE-2023-04xx/CVE-2023-0462.json) (`2023-09-20T14:15:12.990`)
* [CVE-2023-41902](CVE-2023/CVE-2023-419xx/CVE-2023-41902.json) (`2023-09-20T14:15:13.217`)
* [CVE-2023-43196](CVE-2023/CVE-2023-431xx/CVE-2023-43196.json) (`2023-09-20T14:15:13.437`)
* [CVE-2023-43197](CVE-2023/CVE-2023-431xx/CVE-2023-43197.json) (`2023-09-20T14:15:13.497`)
* [CVE-2023-43198](CVE-2023/CVE-2023-431xx/CVE-2023-43198.json) (`2023-09-20T14:15:13.710`)
* [CVE-2023-43199](CVE-2023/CVE-2023-431xx/CVE-2023-43199.json) (`2023-09-20T14:15:13.893`)
* [CVE-2023-43200](CVE-2023/CVE-2023-432xx/CVE-2023-43200.json) (`2023-09-20T14:15:14.007`)
* [CVE-2023-43201](CVE-2023/CVE-2023-432xx/CVE-2023-43201.json) (`2023-09-20T14:15:14.173`)
* [CVE-2023-43202](CVE-2023/CVE-2023-432xx/CVE-2023-43202.json) (`2023-09-20T14:15:14.340`)
* [CVE-2023-43203](CVE-2023/CVE-2023-432xx/CVE-2023-43203.json) (`2023-09-20T14:15:14.513`)
* [CVE-2023-43204](CVE-2023/CVE-2023-432xx/CVE-2023-43204.json) (`2023-09-20T14:15:14.643`)
* [CVE-2023-43206](CVE-2023/CVE-2023-432xx/CVE-2023-43206.json) (`2023-09-20T14:15:14.793`)
* [CVE-2023-43207](CVE-2023/CVE-2023-432xx/CVE-2023-43207.json) (`2023-09-20T14:15:14.963`)
* [CVE-2023-43478](CVE-2023/CVE-2023-434xx/CVE-2023-43478.json) (`2023-09-20T14:15:15.127`)
* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2023-09-20T15:15:11.817`)
* [CVE-2023-43630](CVE-2023/CVE-2023-436xx/CVE-2023-43630.json) (`2023-09-20T15:15:11.877`)
* [CVE-2023-43635](CVE-2023/CVE-2023-436xx/CVE-2023-43635.json) (`2023-09-20T15:15:11.987`)
* [CVE-2023-43636](CVE-2023/CVE-2023-436xx/CVE-2023-43636.json) (`2023-09-20T15:15:12.063`)
### CVEs modified in the last Commit
Recently modified CVEs: `25`
Recently modified CVEs: `46`
* [CVE-2023-39643](CVE-2023/CVE-2023-396xx/CVE-2023-39643.json) (`2023-09-20T13:08:12.390`)
* [CVE-2023-40984](CVE-2023/CVE-2023-409xx/CVE-2023-40984.json) (`2023-09-20T13:08:51.797`)
* [CVE-2023-40985](CVE-2023/CVE-2023-409xx/CVE-2023-40985.json) (`2023-09-20T13:10:52.807`)
* [CVE-2023-40986](CVE-2023/CVE-2023-409xx/CVE-2023-40986.json) (`2023-09-20T13:11:09.520`)
* [CVE-2023-4977](CVE-2023/CVE-2023-49xx/CVE-2023-4977.json) (`2023-09-20T13:11:56.513`)
* [CVE-2023-4978](CVE-2023/CVE-2023-49xx/CVE-2023-4978.json) (`2023-09-20T13:12:24.480`)
* [CVE-2023-4979](CVE-2023/CVE-2023-49xx/CVE-2023-4979.json) (`2023-09-20T13:12:39.107`)
* [CVE-2023-4980](CVE-2023/CVE-2023-49xx/CVE-2023-4980.json) (`2023-09-20T13:12:54.970`)
* [CVE-2023-4981](CVE-2023/CVE-2023-49xx/CVE-2023-4981.json) (`2023-09-20T13:13:02.687`)
* [CVE-2023-4982](CVE-2023/CVE-2023-49xx/CVE-2023-4982.json) (`2023-09-20T13:13:16.680`)
* [CVE-2023-41436](CVE-2023/CVE-2023-414xx/CVE-2023-41436.json) (`2023-09-20T13:14:37.207`)
* [CVE-2023-39612](CVE-2023/CVE-2023-396xx/CVE-2023-39612.json) (`2023-09-20T13:16:36.457`)
* [CVE-2023-39777](CVE-2023/CVE-2023-397xx/CVE-2023-39777.json) (`2023-09-20T13:20:46.513`)
* [CVE-2023-4994](CVE-2023/CVE-2023-49xx/CVE-2023-4994.json) (`2023-09-20T13:21:46.067`)
* [CVE-2023-5001](CVE-2023/CVE-2023-50xx/CVE-2023-5001.json) (`2023-09-20T13:22:48.797`)
* [CVE-2023-41157](CVE-2023/CVE-2023-411xx/CVE-2023-41157.json) (`2023-09-20T13:23:42.447`)
* [CVE-2023-3025](CVE-2023/CVE-2023-30xx/CVE-2023-3025.json) (`2023-09-20T13:24:06.947`)
* [CVE-2023-5012](CVE-2023/CVE-2023-50xx/CVE-2023-5012.json) (`2023-09-20T13:24:25.627`)
* [CVE-2023-5013](CVE-2023/CVE-2023-50xx/CVE-2023-5013.json) (`2023-09-20T13:26:13.750`)
* [CVE-2023-5018](CVE-2023/CVE-2023-50xx/CVE-2023-5018.json) (`2023-09-20T13:26:33.553`)
* [CVE-2023-5014](CVE-2023/CVE-2023-50xx/CVE-2023-5014.json) (`2023-09-20T13:27:12.107`)
* [CVE-2023-5015](CVE-2023/CVE-2023-50xx/CVE-2023-5015.json) (`2023-09-20T13:27:37.373`)
* [CVE-2023-5017](CVE-2023/CVE-2023-50xx/CVE-2023-5017.json) (`2023-09-20T13:27:53.113`)
* [CVE-2023-39638](CVE-2023/CVE-2023-396xx/CVE-2023-39638.json) (`2023-09-20T13:31:28.290`)
* [CVE-2023-32611](CVE-2023/CVE-2023-326xx/CVE-2023-32611.json) (`2023-09-20T13:46:09.607`)
* [CVE-2023-3341](CVE-2023/CVE-2023-33xx/CVE-2023-3341.json) (`2023-09-20T15:15:11.727`)
* [CVE-2023-4236](CVE-2023/CVE-2023-42xx/CVE-2023-4236.json) (`2023-09-20T15:15:12.167`)
* [CVE-2023-43616](CVE-2023/CVE-2023-436xx/CVE-2023-43616.json) (`2023-09-20T15:17:16.780`)
* [CVE-2023-39641](CVE-2023/CVE-2023-396xx/CVE-2023-39641.json) (`2023-09-20T15:18:25.327`)
* [CVE-2023-41900](CVE-2023/CVE-2023-419xx/CVE-2023-41900.json) (`2023-09-20T15:20:42.810`)
* [CVE-2023-5062](CVE-2023/CVE-2023-50xx/CVE-2023-5062.json) (`2023-09-20T15:23:45.557`)
* [CVE-2023-4670](CVE-2023/CVE-2023-46xx/CVE-2023-4670.json) (`2023-09-20T15:24:30.517`)
* [CVE-2023-4231](CVE-2023/CVE-2023-42xx/CVE-2023-4231.json) (`2023-09-20T15:34:03.560`)
* [CVE-2023-5063](CVE-2023/CVE-2023-50xx/CVE-2023-5063.json) (`2023-09-20T15:36:50.707`)
* [CVE-2023-37263](CVE-2023/CVE-2023-372xx/CVE-2023-37263.json) (`2023-09-20T15:38:23.920`)
* [CVE-2023-5019](CVE-2023/CVE-2023-50xx/CVE-2023-5019.json) (`2023-09-20T15:41:46.500`)
* [CVE-2023-38040](CVE-2023/CVE-2023-380xx/CVE-2023-38040.json) (`2023-09-20T15:42:07.227`)
* [CVE-2023-5020](CVE-2023/CVE-2023-50xx/CVE-2023-5020.json) (`2023-09-20T15:42:14.347`)
* [CVE-2023-5021](CVE-2023/CVE-2023-50xx/CVE-2023-5021.json) (`2023-09-20T15:42:33.997`)
* [CVE-2023-5028](CVE-2023/CVE-2023-50xx/CVE-2023-5028.json) (`2023-09-20T15:42:56.723`)
* [CVE-2023-5027](CVE-2023/CVE-2023-50xx/CVE-2023-5027.json) (`2023-09-20T15:43:04.867`)
* [CVE-2023-5029](CVE-2023/CVE-2023-50xx/CVE-2023-5029.json) (`2023-09-20T15:43:17.407`)
* [CVE-2023-5030](CVE-2023/CVE-2023-50xx/CVE-2023-5030.json) (`2023-09-20T15:43:26.210`)
* [CVE-2023-5026](CVE-2023/CVE-2023-50xx/CVE-2023-5026.json) (`2023-09-20T15:43:52.667`)
* [CVE-2023-5025](CVE-2023/CVE-2023-50xx/CVE-2023-5025.json) (`2023-09-20T15:44:37.900`)
* [CVE-2023-5024](CVE-2023/CVE-2023-50xx/CVE-2023-5024.json) (`2023-09-20T15:45:10.153`)
* [CVE-2023-5023](CVE-2023/CVE-2023-50xx/CVE-2023-5023.json) (`2023-09-20T15:45:16.757`)
* [CVE-2023-5022](CVE-2023/CVE-2023-50xx/CVE-2023-5022.json) (`2023-09-20T15:45:39.663`)
* [CVE-2023-42270](CVE-2023/CVE-2023-422xx/CVE-2023-42270.json) (`2023-09-20T15:50:37.700`)
* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-09-20T15:59:11.650`)
## Download and Usage