admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-04T19:00:18.495838+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-04 19:00:22 +00:00
parent 548a54690d
commit f8f16268c3
46 changed files with 4539 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2021/CVE-2021-359xx/CVE-2021-35991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-35991",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-08-20T19:15:10.263",
"lastModified": "2023-10-25T18:16:53.437",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T17:31:51.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -75,12 +75,12 @@
]
},
{
"source": "nvd@nist.gov",
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-908"
"value": "CWE-824"
}
]
}

48
CVE-2022/CVE-2022-419xx/CVE-2022-41951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41951",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-27T21:15:07.553",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:28:54.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,10 +70,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.9",
"matchCriteriaId": "1124E7EE-1C8D-4B17-8803-81B7BF744F83"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

10
CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42344",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-10-20T17:15:10.723",
"lastModified": "2023-10-25T18:17:18.470",
"vulnStatus": "Modified",
"lastModified": "2023-12-04T17:33:35.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,7 +40,7 @@
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -50,12 +50,12 @@
]
},
{
"source": "nvd@nist.gov",
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
"value": "CWE-863"
}
]
}

74
CVE-2023/CVE-2023-24xx/CVE-2023-2448.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2448",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.537",
"lastModified": "2023-11-22T18:15:08.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:38:31.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'userpro_shortcode_template' en versiones hasta la 5.1.4 incluida. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios. Un atacante puede aprovechar CVE-2023-2446 para obtener informaci\u00f3n confidencial mediante un c\u00f3digo corto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.4",
"matchCriteriaId": "498C35EE-4702-4B1C-BF55-71F81664FB52"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-24xx/CVE-2023-2449.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2449",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.697",
"lastModified": "2023-11-22T18:15:08.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:17:55.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a restablecimientos de contrase\u00f1a no autorizados en versiones hasta la 5.1.1 incluida. Esto se debe a que el complemento utiliza la funcionalidad nativa de restablecimiento de contrase\u00f1a, con una validaci\u00f3n insuficiente de la funci\u00f3n de restablecimiento de contrase\u00f1a (userpro_process_form). La funci\u00f3n utiliza el valor de texto plano de una clave de restablecimiento de contrase\u00f1a en lugar de un valor hash, lo que significa que se puede recuperar y utilizar posteriormente f\u00e1cilmente. Un atacante puede aprovechar CVE-2023-2448 y CVE-2023-2446, u otra vulnerabilidad como inyecci\u00f3n SQL en otro complemento o tema instalado en el sitio para explotar con \u00e9xito esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-305xx/CVE-2023-30588.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30588",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.437",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:40:31.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,82 @@
"value": "Cuando se utiliza una clave p\u00fablica no v\u00e1lida para crear x509 certificates utilizando la API crypto.X509Certificate(), se produce una terminaci\u00f3n no esperada que la hace susceptible a ataques DoS cuando el atacante podr\u00eda forzar interrupciones en el procesamiento de la aplicaci\u00f3n, ya que el proceso finaliza al acceder a la informaci\u00f3n de clave p\u00fablica de los certificados proporcionados desde el c\u00f3digo de usuario. El contexto actual de los usuarios desaparecer\u00e1 y eso provocar\u00e1 un escenario DoS. Esta vulnerabilidad afecta a todas las versiones activas de Node.js v16, v18 y v20."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.20.1",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndExcluding": "18.16.1",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.3.1",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37"
}
]
}
]
}
],
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-305xx/CVE-2023-30590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30590",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.480",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:39:07.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,82 @@
"value": "La funci\u00f3n API generateKeys() devuelta por crypto.createDiffieHellman() solo genera claves faltantes (o desactualizadas), es decir, solo genera una clave privada si a\u00fan no se ha configurado ninguna, pero la funci\u00f3n tambi\u00e9n es necesaria para calcular la clave p\u00fablica correspondiente. despu\u00e9s de llamar a setPrivateKey(). Sin embargo, la documentaci\u00f3n dice que esta llamada API: \"Genera valores de clave Diffie-Hellman p\u00fablicos y privados\". El comportamiento documentado es muy diferente del comportamiento real, y esta diferencia podr\u00eda conducir f\u00e1cilmente a problemas de seguridad en las aplicaciones que utilizan estas API, ya que DiffieHellman puede usarse como base para la seguridad a nivel de aplicaci\u00f3n; en consecuencia, las implicaciones son amplias."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.20.1",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndExcluding": "18.16.1",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.3.1",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37"
}
]
}
]
}
],
"references": [
{
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-33xx/CVE-2023-3368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3368",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:41.683",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:57:35.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,22 +80,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.20",
"matchCriteriaId": "0B1CD4A4-2EE0-453B-B45B-753D6539D7C4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-3368/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

202
CVE-2023/CVE-2023-351xx/CVE-2023-35136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35136",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.143",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:09:37.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,206 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

224
CVE-2023/CVE-2023-351xx/CVE-2023-35139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35139",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.347",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:09:27.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -50,10 +70,206 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.37",
"matchCriteriaId": "A959A961-FE39-4743-BCFB-700131DE4372"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.37",
"matchCriteriaId": "78B5CDFF-8571-4232-AC38-8E4AD12F683B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.37",
"matchCriteriaId": "A959A961-FE39-4743-BCFB-700131DE4372"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.37",
"matchCriteriaId": "78B5CDFF-8571-4232-AC38-8E4AD12F683B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-35xx/CVE-2023-3545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3545",
"sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:42.913",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:50:46.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-178"
}
]
},
{
"source": "info@starlabs.sg",
"type": "Secondary",
@ -50,18 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.20",
"matchCriteriaId": "FF883FF3-A05D-4939-9777-9FCC16A9AFBB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Patch"
]
},
{
"url": "https://starlabs.sg/advisories/23/23-3545/",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545",
"source": "info@starlabs.sg"
"source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

734
CVE-2023/CVE-2023-379xx/CVE-2023-37925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37925",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.547",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:09:07.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,738 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtg.0\\)",
"matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvt.0\\)",
"matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtd.0\\)",
"matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acco.0\\)",
"matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abyw.0\\)",
"matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acge.0\\)",
"matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abzl.0\\)",
"matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(accv.0\\)",
"matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acgf.0\\)",
"matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvs.0\\)",
"matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abwa.0\\)",
"matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtf.0\\)",
"matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abte.0\\)",
"matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accn.0\\)",
"matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abzd.0\\)",
"matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accm.0\\)",
"matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abrm.0\\)",
"matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acdo.0\\)",
"matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acgg.0\\)",
"matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

212
CVE-2023/CVE-2023-379xx/CVE-2023-37926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37926",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.740",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:08:43.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -39,6 +39,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -50,10 +60,206 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-382xx/CVE-2023-38268.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38268",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T20:15:07.083",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:33:51.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 260585."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067682",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-400xx/CVE-2023-40056.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-40056",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-28T18:15:07.900",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:51:22.073",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\nSQL Injection Remote Code Vulnerability was found in the SolarWinds\nPlatform. This vulnerability can be exploited with a low privileged account. \n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de c\u00f3digo remoto de inyecci\u00f3n SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.4.2",
"matchCriteriaId": "5C3B0A46-E7A1-4BBB-96B0-6F074FE6ACC7"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-406xx/CVE-2023-40699.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40699",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.633",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:33:32.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 265161."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265161",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067714",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-416xx/CVE-2023-41613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41613",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T14:15:07.457",
"lastModified": "2023-12-04T14:15:07.457",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

87
CVE-2023/CVE-2023-420xx/CVE-2023-42009.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42009",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.857",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:33:10.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 265504."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,69 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265504",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7070755",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
}
]
}

88
CVE-2023/CVE-2023-420xx/CVE-2023-42019.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42019",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.053",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:32:49.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 265161."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265569",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067719",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-420xx/CVE-2023-42022.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42022",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.260",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:32:03.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 265938."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265938",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7074335",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-425xx/CVE-2023-42504.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42504",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T18:15:08.353",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:44:20.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0\n\n"
},
{
"lang": "es",
"value": "Un usuario malicioso autenticado podr\u00eda iniciar m\u00faltiples solicitudes simult\u00e1neas, cada una de las cuales solicita m\u00faltiples exportaciones de paneles, lo que lleva a una posible denegaci\u00f3n de servicio. Este problema afecta a Apache Superset: antes de 3.0.0"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -46,14 +70,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "B7CD7B20-D07E-4327-AA44-37ABCBA3E656"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/6",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-425xx/CVE-2023-42505.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42505",
"sourceIdentifier": "security@apache.org",
"published": "2023-11-28T17:15:08.093",
"lastModified": "2023-11-28T18:29:23.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:58:39.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.\n\n"
},
{
"lang": "es",
"value": "Un usuario autenticado con permisos de lectura sobre los metadatos de las conexiones de bases de datos podr\u00eda acceder a informaci\u00f3n confidencial, como el nombre de usuario de la conexi\u00f3n. Este problema afecta a Apache Superset anterior a 3.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "B7CD7B20-D07E-4327-AA44-37ABCBA3E656"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/5",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-430xx/CVE-2023-43015.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43015",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T20:15:07.287",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:33:42.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 266064."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266064",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067704",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-430xx/CVE-2023-43021.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43021",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.460",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:31:26.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 266167."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266167",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7074317",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

152
CVE-2023/CVE-2023-43xx/CVE-2023-4397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4397",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.990",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:05:04.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,156 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

222
CVE-2023/CVE-2023-43xx/CVE-2023-4398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4398",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:43.187",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:04:39.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
@ -50,10 +70,206 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-443xx/CVE-2023-44339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44339",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.717",
"lastModified": "2023-11-22T17:15:45.410",
"lastModified": "2023-12-04T17:34:46.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",

88
CVE-2023/CVE-2023-461xx/CVE-2023-46174.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46174",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.663",
"lastModified": "2023-12-03T16:37:34.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:31:04.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 269506."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,70 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269506",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7067717",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-480xx/CVE-2023-48022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48022",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:06.910",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:46:54.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"
}
]
}
]
}
],
"references": [
{
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
}
]
}

75
CVE-2023/CVE-2023-480xx/CVE-2023-48023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48023",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:07.060",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:30:56.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,80 @@
"value": "Anyscale Ray 2.6.3 y 2.8.0 permite /log_proxy SSRF. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"
}
]
}
]
}
],
"references": [
{
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
}
]
}

75
CVE-2023/CVE-2023-480xx/CVE-2023-48034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48034",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.777",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:11:26.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Un problema descubierto en Acer Wireless Keyboard SK-9662 permite a un atacante en proximidad f\u00edsica descifrar pulsaciones de teclas inal\u00e1mbricas e inyectar pulsaciones de teclas arbitrarias mediante el uso de un cifrado d\u00e9bil."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:sk-9662_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E945161-CF3F-48FD-937C-7AF63670842F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:sk-9662:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6ADD71-B71C-4E5F-ACD0-010A107EE6CD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aprkr/CVE-2023-48034",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-481xx/CVE-2023-48193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T21:15:08.373",
"lastModified": "2023-11-29T14:18:11.973",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:41:43.977",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "La vulnerabilidad de permisos inseguros en JumpServer GPLv3 v.3.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario omitiendo la funci\u00f3n de filtrado de comandos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA14CBD-A40D-4DB1-B0F4-42E9C62A5B54"
}
]
}
]
}
],
"references": [
{
"url": "http://jumpserver.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jumpserver/jumpserver",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-488xx/CVE-2023-48815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48815",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T15:15:07.500",
"lastModified": "2023-12-04T15:15:07.500",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-488xx/CVE-2023-48866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48866",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T15:15:07.560",
"lastModified": "2023-12-04T15:15:07.560",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

28
CVE-2023/CVE-2023-489xx/CVE-2023-48910.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48910",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T17:15:07.137",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/microcks/microcks",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/orgs/microcks/discussions/892",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-489xx/CVE-2023-48965.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48965",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T16:15:11.640",
"lastModified": "2023-12-04T16:15:11.640",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-489xx/CVE-2023-48966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48966",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T16:15:11.727",
"lastModified": "2023-12-04T16:15:11.727",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-489xx/CVE-2023-48967.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48967",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T17:15:07.190",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/noear/solon/issues/226",
"source": "cve@mitre.org"
}
]
}

66
CVE-2023/CVE-2023-490xx/CVE-2023-49075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49075",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T05:15:08.160",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:53:15.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,22 +70,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.2.2",
"matchCriteriaId": "6FC10AB5-C7AE-40CF-BC49-6F46432ED1B4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"URL Repurposed",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-490xx/CVE-2023-49078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49078",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T19:15:07.397",
"lastModified": "2023-11-29T14:18:18.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T17:41:18.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zediious:raptor-web:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B46AE-B7E3-446D-B612-15849A930CD4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/zediious/raptor-web/releases/tag/0.4.4.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
}
]
}

202
CVE-2023/CVE-2023-56xx/CVE-2023-5650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5650",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:43.380",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:02:41.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,206 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-57xx/CVE-2023-5767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5767",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-04T15:15:07.613",
"lastModified": "2023-12-04T15:15:07.613",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-57xx/CVE-2023-5768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5768",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-04T15:15:07.793",
"lastModified": "2023-12-04T15:15:07.793",
"vulnStatus": "Received",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

734
CVE-2023/CVE-2023-57xx/CVE-2023-5797.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5797",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T03:15:07.123",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:01:55.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,738 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtg.0\\)",
"matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvt.0\\)",
"matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtd.0\\)",
"matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acco.0\\)",
"matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abyw.0\\)",
"matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acge.0\\)",
"matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abzl.0\\)",
"matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(accv.0\\)",
"matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acgf.0\\)",
"matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvs.0\\)",
"matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abwa.0\\)",
"matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtf.0\\)",
"matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abte.0\\)",
"matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accn.0\\)",
"matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abzd.0\\)",
"matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accm.0\\)",
"matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abrm.0\\)",
"matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acdo.0\\)",
"matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acgg.0\\)",
"matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw"
"source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-62xx/CVE-2023-6226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6226",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-11-28T05:15:08.920",
"lastModified": "2023-11-28T14:12:58.173",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-04T18:58:04.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,18 +58,58 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "7D04A19E-D1D5-4629-992D-B5493FF1F8A3"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Exploit"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-04T17:00:19.669004+00:00
2023-12-04T19:00:18.495838+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-04T16:54:09.293000+00:00
2023-12-04T18:58:39.287000+00:00
```
### Last Data Feed Release
@ -29,50 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
232141
232143
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `2`
* [CVE-2023-48815](CVE-2023/CVE-2023-488xx/CVE-2023-48815.json) (`2023-12-04T15:15:07.500`)
* [CVE-2023-48866](CVE-2023/CVE-2023-488xx/CVE-2023-48866.json) (`2023-12-04T15:15:07.560`)
* [CVE-2023-5767](CVE-2023/CVE-2023-57xx/CVE-2023-5767.json) (`2023-12-04T15:15:07.613`)
* [CVE-2023-5768](CVE-2023/CVE-2023-57xx/CVE-2023-5768.json) (`2023-12-04T15:15:07.793`)
* [CVE-2023-48965](CVE-2023/CVE-2023-489xx/CVE-2023-48965.json) (`2023-12-04T16:15:11.640`)
* [CVE-2023-48966](CVE-2023/CVE-2023-489xx/CVE-2023-48966.json) (`2023-12-04T16:15:11.727`)
* [CVE-2023-48910](CVE-2023/CVE-2023-489xx/CVE-2023-48910.json) (`2023-12-04T17:15:07.137`)
* [CVE-2023-48967](CVE-2023/CVE-2023-489xx/CVE-2023-48967.json) (`2023-12-04T17:15:07.190`)
### CVEs modified in the last Commit
Recently modified CVEs: `27`
Recently modified CVEs: `43`
* [CVE-2023-6274](CVE-2023/CVE-2023-62xx/CVE-2023-6274.json) (`2023-12-04T15:08:18.743`)
* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-04T15:10:22.267`)
* [CVE-2023-6225](CVE-2023/CVE-2023-62xx/CVE-2023-6225.json) (`2023-12-04T15:10:44.187`)
* [CVE-2023-44327](CVE-2023/CVE-2023-443xx/CVE-2023-44327.json) (`2023-12-04T16:15:07.433`)
* [CVE-2023-44328](CVE-2023/CVE-2023-443xx/CVE-2023-44328.json) (`2023-12-04T16:15:07.673`)
* [CVE-2023-44329](CVE-2023/CVE-2023-443xx/CVE-2023-44329.json) (`2023-12-04T16:15:07.870`)
* [CVE-2023-44340](CVE-2023/CVE-2023-443xx/CVE-2023-44340.json) (`2023-12-04T16:15:08.083`)
* [CVE-2023-44348](CVE-2023/CVE-2023-443xx/CVE-2023-44348.json) (`2023-12-04T16:15:08.290`)
* [CVE-2023-44356](CVE-2023/CVE-2023-443xx/CVE-2023-44356.json) (`2023-12-04T16:15:08.517`)
* [CVE-2023-44357](CVE-2023/CVE-2023-443xx/CVE-2023-44357.json) (`2023-12-04T16:15:08.723`)
* [CVE-2023-44358](CVE-2023/CVE-2023-443xx/CVE-2023-44358.json) (`2023-12-04T16:15:08.937`)
* [CVE-2023-44360](CVE-2023/CVE-2023-443xx/CVE-2023-44360.json) (`2023-12-04T16:15:09.163`)
* [CVE-2023-47044](CVE-2023/CVE-2023-470xx/CVE-2023-47044.json) (`2023-12-04T16:15:09.370`)
* [CVE-2023-47046](CVE-2023/CVE-2023-470xx/CVE-2023-47046.json) (`2023-12-04T16:15:09.573`)
* [CVE-2023-47047](CVE-2023/CVE-2023-470xx/CVE-2023-47047.json) (`2023-12-04T16:15:09.783`)
* [CVE-2023-47048](CVE-2023/CVE-2023-470xx/CVE-2023-47048.json) (`2023-12-04T16:15:09.987`)
* [CVE-2023-47049](CVE-2023/CVE-2023-470xx/CVE-2023-47049.json) (`2023-12-04T16:15:10.200`)
* [CVE-2023-47050](CVE-2023/CVE-2023-470xx/CVE-2023-47050.json) (`2023-12-04T16:15:10.477`)
* [CVE-2023-47051](CVE-2023/CVE-2023-470xx/CVE-2023-47051.json) (`2023-12-04T16:15:10.677`)
* [CVE-2023-47054](CVE-2023/CVE-2023-470xx/CVE-2023-47054.json) (`2023-12-04T16:15:10.880`)
* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-12-04T16:15:11.263`)
* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T16:15:11.793`)
* [CVE-2023-5427](CVE-2023/CVE-2023-54xx/CVE-2023-5427.json) (`2023-12-04T16:15:12.013`)
* [CVE-2023-2497](CVE-2023/CVE-2023-24xx/CVE-2023-2497.json) (`2023-12-04T16:41:46.397`)
* [CVE-2023-38218](CVE-2023/CVE-2023-382xx/CVE-2023-38218.json) (`2023-12-04T16:54:09.293`)
* [CVE-2023-5797](CVE-2023/CVE-2023-57xx/CVE-2023-5797.json) (`2023-12-04T18:01:55.800`)
* [CVE-2023-5650](CVE-2023/CVE-2023-56xx/CVE-2023-5650.json) (`2023-12-04T18:02:41.510`)
* [CVE-2023-4398](CVE-2023/CVE-2023-43xx/CVE-2023-4398.json) (`2023-12-04T18:04:39.363`)
* [CVE-2023-4397](CVE-2023/CVE-2023-43xx/CVE-2023-4397.json) (`2023-12-04T18:05:04.100`)
* [CVE-2023-37926](CVE-2023/CVE-2023-379xx/CVE-2023-37926.json) (`2023-12-04T18:08:43.703`)
* [CVE-2023-37925](CVE-2023/CVE-2023-379xx/CVE-2023-37925.json) (`2023-12-04T18:09:07.153`)
* [CVE-2023-35139](CVE-2023/CVE-2023-351xx/CVE-2023-35139.json) (`2023-12-04T18:09:27.617`)
* [CVE-2023-35136](CVE-2023/CVE-2023-351xx/CVE-2023-35136.json) (`2023-12-04T18:09:37.583`)
* [CVE-2023-48034](CVE-2023/CVE-2023-480xx/CVE-2023-48034.json) (`2023-12-04T18:11:26.057`)
* [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-12-04T18:30:56.670`)
* [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-04T18:31:04.347`)
* [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-04T18:31:26.617`)
* [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-04T18:32:03.803`)
* [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-04T18:32:49.137`)
* [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-04T18:33:10.530`)
* [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-04T18:33:32.667`)
* [CVE-2023-43015](CVE-2023/CVE-2023-430xx/CVE-2023-43015.json) (`2023-12-04T18:33:42.547`)
* [CVE-2023-38268](CVE-2023/CVE-2023-382xx/CVE-2023-38268.json) (`2023-12-04T18:33:51.837`)
* [CVE-2023-42504](CVE-2023/CVE-2023-425xx/CVE-2023-42504.json) (`2023-12-04T18:44:20.847`)
* [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-12-04T18:46:54.517`)
* [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-12-04T18:50:46.923`)
* [CVE-2023-40056](CVE-2023/CVE-2023-400xx/CVE-2023-40056.json) (`2023-12-04T18:51:22.073`)
* [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-12-04T18:57:35.040`)
* [CVE-2023-6226](CVE-2023/CVE-2023-62xx/CVE-2023-6226.json) (`2023-12-04T18:58:04.080`)
* [CVE-2023-42505](CVE-2023/CVE-2023-425xx/CVE-2023-42505.json) (`2023-12-04T18:58:39.287`)
## Download and Usage