admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-04T19:00:18.495838+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-04 19:00:22 +00:00
parent 548a54690d
commit f8f16268c3
46 changed files with 4539 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2021/CVE-2021-359xx/CVE-2021-35991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-35991", "id": "CVE-2021-35991",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2021-08-20T19:15:10.263", "published": "2021-08-20T19:15:10.263",
"lastModified": "2023-10-25T18:16:53.437", "lastModified": "2023-12-04T17:31:51.637",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -65,7 +65,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -75,12 +75,12 @@
] ]
}, },
{ {
"source": "nvd@nist.gov", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-908" "value": "CWE-824"
} }
] ]
} }

48
CVE-2022/CVE-2022-419xx/CVE-2022-41951.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41951", "id": "CVE-2022-41951",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-27T21:15:07.553", "published": "2023-11-27T21:15:07.553",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:28:54.857",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oroinc:oroplatform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.9",
"matchCriteriaId": "1124E7EE-1C8D-4B17-8803-81B7BF744F83"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937", "url": "https://github.com/oroinc/platform/security/advisories/GHSA-9v3j-4j64-p937",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

10
CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42344", "id": "CVE-2022-42344",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2022-10-20T17:15:10.723", "published": "2022-10-20T17:15:10.723",
"lastModified": "2023-10-25T18:17:18.470", "lastModified": "2023-12-04T17:33:35.887",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -40,7 +40,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -50,12 +50,12 @@
] ]
}, },
{ {
"source": "nvd@nist.gov", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-639" "value": "CWE-863"
} }
] ]
} }

74
CVE-2023/CVE-2023-24xx/CVE-2023-2448.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2448", "id": "CVE-2023-2448",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.537", "published": "2023-11-22T16:15:08.537",
"lastModified": "2023-11-22T18:15:08.603", "lastModified": "2023-12-04T17:38:31.713",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode." "value": "The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to arbitrary shortcode execution. An attacker can leverage CVE-2023-2446 to get sensitive information via shortcode."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'userpro_shortcode_template' en versiones hasta la 5.1.4 incluida. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios. Un atacante puede aprovechar CVE-2023-2446 para obtener informaci\u00f3n confidencial mediante un c\u00f3digo corto."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +58,58 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.4",
"matchCriteriaId": "498C35EE-4702-4B1C-BF55-71F81664FB52"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2023/CVE-2023-24xx/CVE-2023-2449.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2449", "id": "CVE-2023-2449",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2023-11-22T16:15:08.697", "published": "2023-11-22T16:15:08.697",
"lastModified": "2023-11-22T18:15:08.663", "lastModified": "2023-12-04T17:17:55.380",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability." "value": "The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (userpro_process_form). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-2448 and CVE-2023-2446, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability."
},
{
"lang": "es",
"value": "El complemento UserPro para WordPress es vulnerable a restablecimientos de contrase\u00f1a no autorizados en versiones hasta la 5.1.1 incluida. Esto se debe a que el complemento utiliza la funcionalidad nativa de restablecimiento de contrase\u00f1a, con una validaci\u00f3n insuficiente de la funci\u00f3n de restablecimiento de contrase\u00f1a (userpro_process_form). La funci\u00f3n utiliza el valor de texto plano de una clave de restablecimiento de contrase\u00f1a en lugar de un valor hash, lo que significa que se puede recuperar y utilizar posteriormente f\u00e1cilmente. Un atacante puede aprovechar CVE-2023-2448 y CVE-2023-2446, u otra vulnerabilidad como inyecci\u00f3n SQL en otro complemento o tema instalado en el sitio para explotar con \u00e9xito esta vulnerabilidad."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +58,58 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1.1",
"matchCriteriaId": "E30F7B1B-A4E6-4C8F-ACA8-0A9B16EED37B"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-305xx/CVE-2023-30588.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30588", "id": "CVE-2023-30588",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.437", "published": "2023-11-28T20:15:07.437",
"lastModified": "2023-11-29T14:18:11.973", "lastModified": "2023-12-04T17:40:31.033",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,82 @@
"value": "Cuando se utiliza una clave p\u00fablica no v\u00e1lida para crear x509 certificates utilizando la API crypto.X509Certificate(), se produce una terminaci\u00f3n no esperada que la hace susceptible a ataques DoS cuando el atacante podr\u00eda forzar interrupciones en el procesamiento de la aplicaci\u00f3n, ya que el proceso finaliza al acceder a la informaci\u00f3n de clave p\u00fablica de los certificados proporcionados desde el c\u00f3digo de usuario. El contexto actual de los usuarios desaparecer\u00e1 y eso provocar\u00e1 un escenario DoS. Esta vulnerabilidad afecta a todas las versiones activas de Node.js v16, v18 y v20." "value": "Cuando se utiliza una clave p\u00fablica no v\u00e1lida para crear x509 certificates utilizando la API crypto.X509Certificate(), se produce una terminaci\u00f3n no esperada que la hace susceptible a ataques DoS cuando el atacante podr\u00eda forzar interrupciones en el procesamiento de la aplicaci\u00f3n, ya que el proceso finaliza al acceder a la informaci\u00f3n de clave p\u00fablica de los certificados proporcionados desde el c\u00f3digo de usuario. El contexto actual de los usuarios desaparecer\u00e1 y eso provocar\u00e1 un escenario DoS. Esta vulnerabilidad afecta a todas las versiones activas de Node.js v16, v18 y v20."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.20.1",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndExcluding": "18.16.1",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.3.1",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-305xx/CVE-2023-30590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30590", "id": "CVE-2023-30590",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-11-28T20:15:07.480", "published": "2023-11-28T20:15:07.480",
"lastModified": "2023-11-29T14:18:11.973", "lastModified": "2023-12-04T17:39:07.437",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,82 @@
"value": "La funci\u00f3n API generateKeys() devuelta por crypto.createDiffieHellman() solo genera claves faltantes (o desactualizadas), es decir, solo genera una clave privada si a\u00fan no se ha configurado ninguna, pero la funci\u00f3n tambi\u00e9n es necesaria para calcular la clave p\u00fablica correspondiente. despu\u00e9s de llamar a setPrivateKey(). Sin embargo, la documentaci\u00f3n dice que esta llamada API: \"Genera valores de clave Diffie-Hellman p\u00fablicos y privados\". El comportamiento documentado es muy diferente del comportamiento real, y esta diferencia podr\u00eda conducir f\u00e1cilmente a problemas de seguridad en las aplicaciones que utilizan estas API, ya que DiffieHellman puede usarse como base para la seguridad a nivel de aplicaci\u00f3n; en consecuencia, las implicaciones son amplias." "value": "La funci\u00f3n API generateKeys() devuelta por crypto.createDiffieHellman() solo genera claves faltantes (o desactualizadas), es decir, solo genera una clave privada si a\u00fan no se ha configurado ninguna, pero la funci\u00f3n tambi\u00e9n es necesaria para calcular la clave p\u00fablica correspondiente. despu\u00e9s de llamar a setPrivateKey(). Sin embargo, la documentaci\u00f3n dice que esta llamada API: \"Genera valores de clave Diffie-Hellman p\u00fablicos y privados\". El comportamiento documentado es muy diferente del comportamiento real, y esta diferencia podr\u00eda conducir f\u00e1cilmente a problemas de seguridad en las aplicaciones que utilizan estas API, ya que DiffieHellman puede usarse como base para la seguridad a nivel de aplicaci\u00f3n; en consecuencia, las implicaciones son amplias."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.0.0",
"versionEndExcluding": "16.20.1",
"matchCriteriaId": "7E7F6F9A-AF9F-453B-870D-1E8759567F29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndExcluding": "18.16.1",
"matchCriteriaId": "3AA02CEF-5AC5-46F7-94DE-D9EA15678AE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.0",
"versionEndExcluding": "20.3.1",
"matchCriteriaId": "1CAA23E6-4930-4326-9CB0-AEE5013BFD37"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases", "url": "https://nodejs.org/en/blog/vulnerability/june-2023-security-releases",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

74
CVE-2023/CVE-2023-33xx/CVE-2023-3368.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3368", "id": "CVE-2023-3368",
"sourceIdentifier": "info@starlabs.sg", "sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:41.683", "published": "2023-11-28T07:15:41.683",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:57:35.040",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "info@starlabs.sg", "source": "info@starlabs.sg",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{ {
"source": "info@starlabs.sg", "source": "info@starlabs.sg",
"type": "Secondary", "type": "Secondary",
@ -50,22 +80,54 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.11.20",
"matchCriteriaId": "0B1CD4A4-2EE0-453B-B45B-753D6539D7C4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a", "url": "https://github.com/chamilo/chamilo-lms/commit/37be9ce7243a30259047dd4517c48ff8b21d657a",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b", "url": "https://https://github.com/chamilo/chamilo-lms/commit/4c69b294f927db62092e01b70ac9bd6e32d5b48b",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://starlabs.sg/advisories/23/23-3368/", "url": "https://starlabs.sg/advisories/23/23-3368/",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368", "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-121-2023-07-05-Critical-impact-High-risk-Unauthenticated-Command-Injection-CVE-2023-3368",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

202
CVE-2023/CVE-2023-351xx/CVE-2023-35136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35136", "id": "CVE-2023-35136",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.143", "published": "2023-11-28T02:15:42.143",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:09:37.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -50,10 +50,206 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

224
CVE-2023/CVE-2023-351xx/CVE-2023-35139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35139", "id": "CVE-2023-35139",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.347", "published": "2023-11-28T02:15:42.347",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:09:27.617",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -17,8 +17,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "security@zyxel.com.tw", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -50,10 +70,206 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.37",
"matchCriteriaId": "A959A961-FE39-4743-BCFB-700131DE4372"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.37",
"matchCriteriaId": "78B5CDFF-8571-4232-AC38-8E4AD12F683B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndIncluding": "5.37",
"matchCriteriaId": "A959A961-FE39-4743-BCFB-700131DE4372"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.00",
"versionEndIncluding": "5.37",
"matchCriteriaId": "78B5CDFF-8571-4232-AC38-8E4AD12F683B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-35xx/CVE-2023-3545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3545", "id": "CVE-2023-3545",
"sourceIdentifier": "info@starlabs.sg", "sourceIdentifier": "info@starlabs.sg",
"published": "2023-11-28T07:15:42.913", "published": "2023-11-28T07:15:42.913",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:50:46.923",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "info@starlabs.sg", "source": "info@starlabs.sg",
"type": "Secondary", "type": "Secondary",
@ -39,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-178"
}
]
},
{ {
"source": "info@starlabs.sg", "source": "info@starlabs.sg",
"type": "Secondary", "type": "Secondary",
@ -50,18 +80,47 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chamilo:chamilo:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.20",
"matchCriteriaId": "FF883FF3-A05D-4939-9777-9FCC16A9AFBB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549", "url": "https://github.com/chamilo/chamilo-lms/commit/dc7bfce429fbd843a95a57c184b6992c4d709549",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://starlabs.sg/advisories/23/23-3545/", "url": "https://starlabs.sg/advisories/23/23-3545/",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545", "url": "https://support.chamilo.org/projects/chamilo-18/wiki/security_issues#Issue-125-2023-07-13-Critical-impact-Moderate-risk-Htaccess-File-Upload-Security-Bypass-on-Windows-CVE-2023-3545",
"source": "info@starlabs.sg" "source": "info@starlabs.sg",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

734
CVE-2023/CVE-2023-379xx/CVE-2023-37925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37925", "id": "CVE-2023-37925",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.547", "published": "2023-11-28T02:15:42.547",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:09:07.153",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -50,10 +50,738 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtg.0\\)",
"matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvt.0\\)",
"matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtd.0\\)",
"matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acco.0\\)",
"matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abyw.0\\)",
"matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acge.0\\)",
"matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abzl.0\\)",
"matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(accv.0\\)",
"matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acgf.0\\)",
"matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvs.0\\)",
"matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abwa.0\\)",
"matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtf.0\\)",
"matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abte.0\\)",
"matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accn.0\\)",
"matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abzd.0\\)",
"matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accm.0\\)",
"matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abrm.0\\)",
"matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acdo.0\\)",
"matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acgg.0\\)",
"matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

212
CVE-2023/CVE-2023-379xx/CVE-2023-37926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37926", "id": "CVE-2023-37926",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.740", "published": "2023-11-28T02:15:42.740",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:08:43.703",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -39,6 +39,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -50,10 +60,206 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-382xx/CVE-2023-38268.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38268", "id": "CVE-2023-38268",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T20:15:07.083", "published": "2023-12-01T20:15:07.083",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:33:51.837",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585." "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site request forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 260585."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260585",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7067682", "url": "https://www.ibm.com/support/pages/node/7067682",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

58
CVE-2023/CVE-2023-400xx/CVE-2023-40056.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-40056", "id": "CVE-2023-40056",
"sourceIdentifier": "psirt@solarwinds.com", "sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-11-28T18:15:07.900", "published": "2023-11-28T18:15:07.900",
"lastModified": "2023-11-28T18:29:23.617", "lastModified": "2023-12-04T18:51:22.073",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\nSQL Injection Remote Code Vulnerability was found in the SolarWinds\nPlatform. This vulnerability can be exploited with a low privileged account. \n\n\n\n\n\n" "value": "\n\n\n\n\n\n\n\n\n\n\n\nSQL Injection Remote Code Vulnerability was found in the SolarWinds\nPlatform. This vulnerability can be exploited with a low privileged account. \n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de c\u00f3digo remoto de inyecci\u00f3n SQL en la plataforma SolarWinds. Esta vulnerabilidad se puede explotar con una cuenta con pocos privilegios."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@solarwinds.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -46,14 +70,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:solarwinds_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.4.2",
"matchCriteriaId": "5C3B0A46-E7A1-4BBB-96B0-6F074FE6ACC7"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm", "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4-2_release_notes.htm",
"source": "psirt@solarwinds.com" "source": "psirt@solarwinds.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056", "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40056",
"source": "psirt@solarwinds.com" "source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

100
CVE-2023/CVE-2023-406xx/CVE-2023-40699.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-40699", "id": "CVE-2023-40699",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.633", "published": "2023-12-01T21:15:07.633",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:33:32.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n" "value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 265161."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -36,8 +60,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt@us.ibm.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,14 +80,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265161", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265161",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7067714", "url": "https://www.ibm.com/support/pages/node/7067714",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-416xx/CVE-2023-41613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41613", "id": "CVE-2023-41613",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T14:15:07.457", "published": "2023-12-04T14:15:07.457",
"lastModified": "2023-12-04T14:15:07.457", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

87
CVE-2023/CVE-2023-420xx/CVE-2023-42009.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42009", "id": "CVE-2023-42009",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:07.857", "published": "2023-12-01T21:15:07.857",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:33:10.530",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504." "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265504."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 265504."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,69 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265504", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265504",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://https://www.ibm.com/support/pages/node/7070755", "url": "https://https://www.ibm.com/support/pages/node/7070755",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-420xx/CVE-2023-42019.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42019", "id": "CVE-2023-42019",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.053", "published": "2023-12-01T21:15:08.053",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:32:49.137",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n" "value": "\n\n\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 265161."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265569", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265569",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7067719", "url": "https://www.ibm.com/support/pages/node/7067719",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-420xx/CVE-2023-42022.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42022", "id": "CVE-2023-42022",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.260", "published": "2023-12-01T21:15:08.260",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:32:03.803",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.\n\n\n\n" "value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 265938.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 265938."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265938", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265938",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7074335", "url": "https://www.ibm.com/support/pages/node/7074335",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

58
CVE-2023/CVE-2023-425xx/CVE-2023-42504.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42504", "id": "CVE-2023-42504",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-11-28T18:15:08.353", "published": "2023-11-28T18:15:08.353",
"lastModified": "2023-11-28T18:29:23.617", "lastModified": "2023-12-04T18:44:20.847",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0\n\n" "value": "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0\n\n"
},
{
"lang": "es",
"value": "Un usuario malicioso autenticado podr\u00eda iniciar m\u00faltiples solicitudes simult\u00e1neas, cada una de las cuales solicita m\u00faltiples exportaciones de paneles, lo que lleva a una posible denegaci\u00f3n de servicio. Este problema afecta a Apache Superset: antes de 3.0.0"
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "B7CD7B20-D07E-4327-AA44-37ABCBA3E656"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/6", "url": "http://www.openwall.com/lists/oss-security/2023/11/28/6",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l", "url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-425xx/CVE-2023-42505.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42505", "id": "CVE-2023-42505",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-11-28T17:15:08.093", "published": "2023-11-28T17:15:08.093",
"lastModified": "2023-11-28T18:29:23.617", "lastModified": "2023-12-04T18:58:39.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.\n\n" "value": "An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.\n\n"
},
{
"lang": "es",
"value": "Un usuario autenticado con permisos de lectura sobre los metadatos de las conexiones de bases de datos podr\u00eda acceder a informaci\u00f3n confidencial, como el nombre de usuario de la conexi\u00f3n. Este problema afecta a Apache Superset anterior a 3.0.0."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Secondary", "type": "Secondary",
@ -36,8 +60,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -46,14 +80,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "B7CD7B20-D07E-4327-AA44-37ABCBA3E656"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/11/28/5", "url": "http://www.openwall.com/lists/oss-security/2023/11/28/5",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y", "url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-430xx/CVE-2023-43015.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43015", "id": "CVE-2023-43015",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T20:15:07.287", "published": "2023-12-01T20:15:07.287",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:33:42.547",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064." "value": "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266064."
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 266064."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266064", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266064",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7067704", "url": "https://www.ibm.com/support/pages/node/7067704",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2023/CVE-2023-430xx/CVE-2023-43021.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-43021", "id": "CVE-2023-43021",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.460", "published": "2023-12-01T21:15:08.460",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:31:26.617",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.\n\n" "value": "\nIBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 266167.\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 podr\u00eda permitir a un atacante remoto obtener informaci\u00f3n confidencial cuando se devuelve un mensaje de error t\u00e9cnico detallado en el navegador. Esta informaci\u00f3n podr\u00eda usarse en futuros ataques contra el sistema. ID de IBM X-Force: 266167."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266167", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266167",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7074317", "url": "https://www.ibm.com/support/pages/node/7074317",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

152
CVE-2023/CVE-2023-43xx/CVE-2023-4397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4397", "id": "CVE-2023-4397",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:42.990", "published": "2023-11-28T02:15:42.990",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:05:04.100",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -50,10 +50,156 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "26B7AE28-E9ED-4488-BF31-74A15DE79C7A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

222
CVE-2023/CVE-2023-43xx/CVE-2023-4398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4398", "id": "CVE-2023-4398",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:43.187", "published": "2023-11-28T02:15:43.187",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:04:39.363",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security@zyxel.com.tw", "source": "security@zyxel.com.tw",
"type": "Secondary", "type": "Secondary",
@ -50,10 +70,206 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

12
CVE-2023/CVE-2023-443xx/CVE-2023-44339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44339", "id": "CVE-2023-44339",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2023-11-16T10:15:10.717", "published": "2023-11-16T10:15:10.717",
"lastModified": "2023-11-22T17:15:45.410", "lastModified": "2023-12-04T17:34:46.583",
"vulnStatus": "Analyzed", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
@ -21,19 +21,19 @@
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL", "attackVector": "LOCAL",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "LOW", "privilegesRequired": "NONE",
"userInteraction": "REQUIRED", "userInteraction": "REQUIRED",
"scope": "UNCHANGED", "scope": "UNCHANGED",
"confidentialityImpact": "HIGH", "confidentialityImpact": "HIGH",
"integrityImpact": "NONE", "integrityImpact": "NONE",
"availabilityImpact": "NONE", "availabilityImpact": "NONE",
"baseScore": 5.0, "baseScore": 5.5,
"baseSeverity": "MEDIUM" "baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.3, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
}, },
{ {
@ -61,7 +61,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt@adobe.com", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Primary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

88
CVE-2023/CVE-2023-461xx/CVE-2023-46174.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46174", "id": "CVE-2023-46174",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-12-01T21:15:08.663", "published": "2023-12-01T21:15:08.663",
"lastModified": "2023-12-03T16:37:34.417", "lastModified": "2023-12-04T18:31:04.347",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.\n\n\n\n" "value": "\n\n\nIBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269506.\n\n\n\n"
},
{
"lang": "es",
"value": "IBM InfoSphere Information Server 11.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 269506."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "psirt@us.ibm.com", "source": "psirt@us.ibm.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,70 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.0",
"matchCriteriaId": "8DD9FF76-6982-4FBF-847D-2408A166ADFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:infosphere_information_server:*:*:*:*:on_cloud:*:*:*",
"versionStartIncluding": "11.7.0.0",
"versionEndExcluding": "11.7.1.4",
"matchCriteriaId": "0F179F2C-DF77-462C-BCA6-7F64CE1812BA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269506", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269506",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.ibm.com/support/pages/node/7067717", "url": "https://www.ibm.com/support/pages/node/7067717",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-480xx/CVE-2023-48022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48022", "id": "CVE-2023-48022",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:06.910", "published": "2023-11-28T08:15:06.910",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:46:54.517",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,80 @@
"value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado." "value": "Anyscale Ray 2.6.3 y 2.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la API de env\u00edo de trabajos. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://docs.ray.io/en/latest/ray-security/index.html", "url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-480xx/CVE-2023-48023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48023", "id": "CVE-2023-48023",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T08:15:07.060", "published": "2023-11-28T08:15:07.060",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:30:56.670",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,15 +14,80 @@
"value": "Anyscale Ray 2.6.3 y 2.8.0 permite /log_proxy SSRF. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado." "value": "Anyscale Ray 2.6.3 y 2.8.0 permite /log_proxy SSRF. NOTA: la posici\u00f3n del proveedor es que este informe es irrelevante porque Ray, como se indica en su documentaci\u00f3n, no est\u00e1 manipulado para su uso fuera de un entorno de red estrictamente controlado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1083D908-E7F7-44BE-89CD-B760224C5585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anyscale:ray:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE882370-6570-49E0-A11F-95D3FBCD4714"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0", "url": "https://bishopfox.com/blog/ray-versions-2-6-3-2-8-0",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://docs.ray.io/en/latest/ray-security/index.html", "url": "https://docs.ray.io/en/latest/ray-security/index.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-480xx/CVE-2023-48034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48034", "id": "CVE-2023-48034",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-11-27T21:15:07.777", "published": "2023-11-27T21:15:07.777",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:11:26.057",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,11 +14,78 @@
"value": "Un problema descubierto en Acer Wireless Keyboard SK-9662 permite a un atacante en proximidad f\u00edsica descifrar pulsaciones de teclas inal\u00e1mbricas e inyectar pulsaciones de teclas arbitrarias mediante el uso de un cifrado d\u00e9bil." "value": "Un problema descubierto en Acer Wireless Keyboard SK-9662 permite a un atacante en proximidad f\u00edsica descifrar pulsaciones de teclas inal\u00e1mbricas e inyectar pulsaciones de teclas arbitrarias mediante el uso de un cifrado d\u00e9bil."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:acer:sk-9662_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E945161-CF3F-48FD-937C-7AF63670842F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:acer:sk-9662:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6ADD71-B71C-4E5F-ACD0-010A107EE6CD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/aprkr/CVE-2023-48034", "url": "https://github.com/aprkr/CVE-2023-48034",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2023/CVE-2023-481xx/CVE-2023-48193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48193", "id": "CVE-2023-48193",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-11-28T21:15:08.373", "published": "2023-11-28T21:15:08.373",
"lastModified": "2023-11-29T14:18:11.973", "lastModified": "2023-12-04T17:41:43.977",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -14,19 +14,81 @@
"value": "La vulnerabilidad de permisos inseguros en JumpServer GPLv3 v.3.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario omitiendo la funci\u00f3n de filtrado de comandos." "value": "La vulnerabilidad de permisos inseguros en JumpServer GPLv3 v.3.8.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario omitiendo la funci\u00f3n de filtrado de comandos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEA14CBD-A40D-4DB1-B0F4-42E9C62A5B54"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://jumpserver.com", "url": "http://jumpserver.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md", "url": "https://github.com/296430468/lcc_test/blob/main/jumpserver_BUG.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/jumpserver/jumpserver", "url": "https://github.com/jumpserver/jumpserver",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-488xx/CVE-2023-48815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48815", "id": "CVE-2023-48815",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T15:15:07.500", "published": "2023-12-04T15:15:07.500",
"lastModified": "2023-12-04T15:15:07.500", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-488xx/CVE-2023-48866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48866", "id": "CVE-2023-48866",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T15:15:07.560", "published": "2023-12-04T15:15:07.560",
"lastModified": "2023-12-04T15:15:07.560", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

28
CVE-2023/CVE-2023-489xx/CVE-2023-48910.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-48910",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T17:15:07.137",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/b33t1e/2a2dc17cf36cd741b2c99425c892d826",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/microcks/microcks",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/orgs/microcks/discussions/892",
"source": "cve@mitre.org"
}
]
}

4
CVE-2023/CVE-2023-489xx/CVE-2023-48965.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48965", "id": "CVE-2023-48965",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T16:15:11.640", "published": "2023-12-04T16:15:11.640",
"lastModified": "2023-12-04T16:15:11.640", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-489xx/CVE-2023-48966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48966", "id": "CVE-2023-48966",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T16:15:11.727", "published": "2023-12-04T16:15:11.727",
"lastModified": "2023-12-04T16:15:11.727", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

20
CVE-2023/CVE-2023-489xx/CVE-2023-48967.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48967",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T17:15:07.190",
"lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untrusted Data."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/noear/solon/issues/226",
"source": "cve@mitre.org"
}
]
}

66
CVE-2023/CVE-2023-490xx/CVE-2023-49075.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49075", "id": "CVE-2023-49075",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T05:15:08.160", "published": "2023-11-28T05:15:08.160",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T17:53:15.497",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,22 +70,56 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionEndExcluding": "1.2.2",
"matchCriteriaId": "6FC10AB5-C7AE-40CF-BC49-6F46432ED1B4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628", "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/e412b0597830ae564a604e2579eb40e76f7f0628",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345", "url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/345",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"URL Repurposed",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg", "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-9wwg-r3c7-4vfg",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch", "url": "https://patch-diff.githubusercontent.com/raw/pimcore/admin-ui-classic-bundle/pull/345.patch",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

53
CVE-2023/CVE-2023-490xx/CVE-2023-49078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49078", "id": "CVE-2023-49078",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-28T19:15:07.397", "published": "2023-11-28T19:15:07.397",
"lastModified": "2023-11-29T14:18:18.333", "lastModified": "2023-12-04T17:41:18.540",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,14 +70,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zediious:raptor-web:0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B46AE-B7E3-446D-B612-15849A930CD4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zediious/raptor-web/releases/tag/0.4.4.1", "url": "https://github.com/zediious/raptor-web/releases/tag/0.4.4.1",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq", "url": "https://github.com/zediious/raptor-web/security/advisories/GHSA-8r6g-fhh4-xhmq",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

202
CVE-2023/CVE-2023-56xx/CVE-2023-5650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5650", "id": "CVE-2023-5650",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T02:15:43.380", "published": "2023-11-28T02:15:43.380",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:02:41.510",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -50,10 +50,206 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

4
CVE-2023/CVE-2023-57xx/CVE-2023-5767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5767", "id": "CVE-2023-5767",
"sourceIdentifier": "cybersecurity@hitachienergy.com", "sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-04T15:15:07.613", "published": "2023-12-04T15:15:07.613",
"lastModified": "2023-12-04T15:15:07.613", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

4
CVE-2023/CVE-2023-57xx/CVE-2023-5768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5768", "id": "CVE-2023-5768",
"sourceIdentifier": "cybersecurity@hitachienergy.com", "sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2023-12-04T15:15:07.793", "published": "2023-12-04T15:15:07.793",
"lastModified": "2023-12-04T15:15:07.793", "lastModified": "2023-12-04T17:16:41.913",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",

734
CVE-2023/CVE-2023-57xx/CVE-2023-5797.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5797", "id": "CVE-2023-5797",
"sourceIdentifier": "security@zyxel.com.tw", "sourceIdentifier": "security@zyxel.com.tw",
"published": "2023-11-28T03:15:07.123", "published": "2023-11-28T03:15:07.123",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:01:55.800",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -50,10 +50,738 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.32",
"versionEndIncluding": "5.37",
"matchCriteriaId": "2A9AF767-1BC2-4160-9FD6-246DD2AD0F18"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.50",
"versionEndIncluding": "5.37",
"matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndIncluding": "5.37",
"matchCriteriaId": "0DE544DC-2644-4706-BB80-75B7E16DF4DD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:usg_20w-vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BEA412F-3DA1-4E91-9C74-0666147DABCE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "371CE32A-C28E-44D2-9B0B-D8775928FD0E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.30",
"versionEndIncluding": "5.37",
"matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa110ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtg.0\\)",
"matchCriteriaId": "C7DDF8F2-1E1C-4040-B24D-7959863AD5AF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa110ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3F9232-F988-4428-9898-4F536123CE88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa1123acv3_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvt.0\\)",
"matchCriteriaId": "6372C936-65AD-431B-B0F3-3731E6B236EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa1123acv3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C13E7F-2186-4587-83E9-57B05A7147B7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa210ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtd.0\\)",
"matchCriteriaId": "D24E34B2-E5E8-4269-A168-4904A7751427"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa210ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB129F9-64D8-43C2-9366-51EBDF419F5F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa220ax-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acco.0\\)",
"matchCriteriaId": "A3B44BE7-A6FD-4B9B-B6F9-60A4B792E57B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa220ax-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E03F755-424D-4248-9076-ED7BECEB94C5"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abyw.0\\)",
"matchCriteriaId": "D93BE4DB-8B74-4FE1-814D-22E78027FC7B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2806A3B3-8F13-4170-B284-8809E3502044"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa50ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acge.0\\)",
"matchCriteriaId": "A88CCD01-D827-4891-8E99-67B6FD064FE9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa50ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7DD6E6B-61EC-4E60-8244-56ADB26F2234"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa55axe_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(abzl.0\\)",
"matchCriteriaId": "C732FD48-F3FC-45A6-9081-D2067305D6F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa55axe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7440976-5CB4-40BE-95C2-98EF4B888109"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(accv.0\\)",
"matchCriteriaId": "221D7820-55CA-447C-94FB-4946EC1536E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A903978-737E-4266-A670-BC94E32CAF96"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:nwa90ax-pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.80\\(acgf.0\\)",
"matchCriteriaId": "9D936894-A119-4EC4-BA51-3B2CD9F3F477"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:nwa90ax-pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA44855-B135-44BD-AE21-FC58CD647AB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abvs.0\\)",
"matchCriteriaId": "34B57801-88C6-4BAB-A47F-EE428F8208C1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C024551-F08F-4152-940D-1CF8BCD79613"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wac500h_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abwa.0\\)",
"matchCriteriaId": "9E013C28-F1C2-474C-B909-6BE89752C335"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wac500h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1FD502-4F62-4C77-B3BC-E563B24F0067"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax510d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abtf.0\\)",
"matchCriteriaId": "E174A280-1FC8-4A97-B7B1-3B8F5B47EB82"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax510d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A37A0E9-D505-4376-AB0E-1C0FD7E53A55"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax610d_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abte.0\\)",
"matchCriteriaId": "40288F50-E5B5-4398-BCBB-0C946869AB64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax610d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3518DA0A-2C7B-4979-A457-0826C921B0F0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax620d-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accn.0\\)",
"matchCriteriaId": "B6EE5DA9-A76F-47EE-8DF2-7950DD37A1B7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax620d-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4EBCC9-4FF9-41FC-9FFE-DBFAB239888B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax630s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abzd.0\\)",
"matchCriteriaId": "5C0C05AC-CF02-4D2B-BB8D-7DF960BAD814"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax630s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC74AAF9-5206-4CEB-9023-6CD4F38AA623"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax640s-6e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(accm.0\\)",
"matchCriteriaId": "9EBCEA07-66B1-48A0-9121-09C5FE30A4E2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax640s-6e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20E4E9A0-DF92-47B7-94D6-0867E3171E47"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax650s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(abrm.0\\)",
"matchCriteriaId": "0FE4DC40-903F-4063-99EA-D7D272400D22"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax650s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D784994E-E2CE-4328-B490-D9DC195A53DB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wax655e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acdo.0\\)",
"matchCriteriaId": "9C85EF6D-0300-4AE9-98FE-2FA05F6392D4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wax655e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61158220-B5E8-4BF4-B2C2-E8ABFD3266CF"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zyxel:wbe660s_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.70\\(acgg.0\\)",
"matchCriteriaId": "31DA2420-6E71-45FE-A1B4-76524431F932"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zyxel:wbe660s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC2F3A4-0598-49B0-9829-AF43C97E9E8E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps", "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps",
"source": "security@zyxel.com.tw" "source": "security@zyxel.com.tw",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-62xx/CVE-2023-6226.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6226", "id": "CVE-2023-6226",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2023-11-28T05:15:08.920", "published": "2023-11-28T05:15:08.920",
"lastModified": "2023-11-28T14:12:58.173", "lastModified": "2023-12-04T18:58:04.080",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -16,6 +16,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{ {
"source": "security@wordfence.com", "source": "security@wordfence.com",
"type": "Secondary", "type": "Secondary",
@ -38,18 +58,58 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getshortcodes:shortcodes_ultimate:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.0.0",
"matchCriteriaId": "7D04A19E-D1D5-4629-992D-B5493FF1F8A3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php", "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/meta.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Exploit"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3000576%40shortcodes-ultimate&new=3000576%40shortcodes-ultimate&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
} }
] ]
} }

68
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-12-04T17:00:19.669004+00:00 2023-12-04T19:00:18.495838+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-12-04T16:54:09.293000+00:00 2023-12-04T18:58:39.287000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,50 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
232141 232143
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `6` Recently added CVEs: `2`
* [CVE-2023-48815](CVE-2023/CVE-2023-488xx/CVE-2023-48815.json) (`2023-12-04T15:15:07.500`) * [CVE-2023-48910](CVE-2023/CVE-2023-489xx/CVE-2023-48910.json) (`2023-12-04T17:15:07.137`)
* [CVE-2023-48866](CVE-2023/CVE-2023-488xx/CVE-2023-48866.json) (`2023-12-04T15:15:07.560`) * [CVE-2023-48967](CVE-2023/CVE-2023-489xx/CVE-2023-48967.json) (`2023-12-04T17:15:07.190`)
* [CVE-2023-5767](CVE-2023/CVE-2023-57xx/CVE-2023-5767.json) (`2023-12-04T15:15:07.613`)
* [CVE-2023-5768](CVE-2023/CVE-2023-57xx/CVE-2023-5768.json) (`2023-12-04T15:15:07.793`)
* [CVE-2023-48965](CVE-2023/CVE-2023-489xx/CVE-2023-48965.json) (`2023-12-04T16:15:11.640`)
* [CVE-2023-48966](CVE-2023/CVE-2023-489xx/CVE-2023-48966.json) (`2023-12-04T16:15:11.727`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `27` Recently modified CVEs: `43`
* [CVE-2023-6274](CVE-2023/CVE-2023-62xx/CVE-2023-6274.json) (`2023-12-04T15:08:18.743`) * [CVE-2023-5797](CVE-2023/CVE-2023-57xx/CVE-2023-5797.json) (`2023-12-04T18:01:55.800`)
* [CVE-2023-6275](CVE-2023/CVE-2023-62xx/CVE-2023-6275.json) (`2023-12-04T15:10:22.267`) * [CVE-2023-5650](CVE-2023/CVE-2023-56xx/CVE-2023-5650.json) (`2023-12-04T18:02:41.510`)
* [CVE-2023-6225](CVE-2023/CVE-2023-62xx/CVE-2023-6225.json) (`2023-12-04T15:10:44.187`) * [CVE-2023-4398](CVE-2023/CVE-2023-43xx/CVE-2023-4398.json) (`2023-12-04T18:04:39.363`)
* [CVE-2023-44327](CVE-2023/CVE-2023-443xx/CVE-2023-44327.json) (`2023-12-04T16:15:07.433`) * [CVE-2023-4397](CVE-2023/CVE-2023-43xx/CVE-2023-4397.json) (`2023-12-04T18:05:04.100`)
* [CVE-2023-44328](CVE-2023/CVE-2023-443xx/CVE-2023-44328.json) (`2023-12-04T16:15:07.673`) * [CVE-2023-37926](CVE-2023/CVE-2023-379xx/CVE-2023-37926.json) (`2023-12-04T18:08:43.703`)
* [CVE-2023-44329](CVE-2023/CVE-2023-443xx/CVE-2023-44329.json) (`2023-12-04T16:15:07.870`) * [CVE-2023-37925](CVE-2023/CVE-2023-379xx/CVE-2023-37925.json) (`2023-12-04T18:09:07.153`)
* [CVE-2023-44340](CVE-2023/CVE-2023-443xx/CVE-2023-44340.json) (`2023-12-04T16:15:08.083`) * [CVE-2023-35139](CVE-2023/CVE-2023-351xx/CVE-2023-35139.json) (`2023-12-04T18:09:27.617`)
* [CVE-2023-44348](CVE-2023/CVE-2023-443xx/CVE-2023-44348.json) (`2023-12-04T16:15:08.290`) * [CVE-2023-35136](CVE-2023/CVE-2023-351xx/CVE-2023-35136.json) (`2023-12-04T18:09:37.583`)
* [CVE-2023-44356](CVE-2023/CVE-2023-443xx/CVE-2023-44356.json) (`2023-12-04T16:15:08.517`) * [CVE-2023-48034](CVE-2023/CVE-2023-480xx/CVE-2023-48034.json) (`2023-12-04T18:11:26.057`)
* [CVE-2023-44357](CVE-2023/CVE-2023-443xx/CVE-2023-44357.json) (`2023-12-04T16:15:08.723`) * [CVE-2023-48023](CVE-2023/CVE-2023-480xx/CVE-2023-48023.json) (`2023-12-04T18:30:56.670`)
* [CVE-2023-44358](CVE-2023/CVE-2023-443xx/CVE-2023-44358.json) (`2023-12-04T16:15:08.937`) * [CVE-2023-46174](CVE-2023/CVE-2023-461xx/CVE-2023-46174.json) (`2023-12-04T18:31:04.347`)
* [CVE-2023-44360](CVE-2023/CVE-2023-443xx/CVE-2023-44360.json) (`2023-12-04T16:15:09.163`) * [CVE-2023-43021](CVE-2023/CVE-2023-430xx/CVE-2023-43021.json) (`2023-12-04T18:31:26.617`)
* [CVE-2023-47044](CVE-2023/CVE-2023-470xx/CVE-2023-47044.json) (`2023-12-04T16:15:09.370`) * [CVE-2023-42022](CVE-2023/CVE-2023-420xx/CVE-2023-42022.json) (`2023-12-04T18:32:03.803`)
* [CVE-2023-47046](CVE-2023/CVE-2023-470xx/CVE-2023-47046.json) (`2023-12-04T16:15:09.573`) * [CVE-2023-42019](CVE-2023/CVE-2023-420xx/CVE-2023-42019.json) (`2023-12-04T18:32:49.137`)
* [CVE-2023-47047](CVE-2023/CVE-2023-470xx/CVE-2023-47047.json) (`2023-12-04T16:15:09.783`) * [CVE-2023-42009](CVE-2023/CVE-2023-420xx/CVE-2023-42009.json) (`2023-12-04T18:33:10.530`)
* [CVE-2023-47048](CVE-2023/CVE-2023-470xx/CVE-2023-47048.json) (`2023-12-04T16:15:09.987`) * [CVE-2023-40699](CVE-2023/CVE-2023-406xx/CVE-2023-40699.json) (`2023-12-04T18:33:32.667`)
* [CVE-2023-47049](CVE-2023/CVE-2023-470xx/CVE-2023-47049.json) (`2023-12-04T16:15:10.200`) * [CVE-2023-43015](CVE-2023/CVE-2023-430xx/CVE-2023-43015.json) (`2023-12-04T18:33:42.547`)
* [CVE-2023-47050](CVE-2023/CVE-2023-470xx/CVE-2023-47050.json) (`2023-12-04T16:15:10.477`) * [CVE-2023-38268](CVE-2023/CVE-2023-382xx/CVE-2023-38268.json) (`2023-12-04T18:33:51.837`)
* [CVE-2023-47051](CVE-2023/CVE-2023-470xx/CVE-2023-47051.json) (`2023-12-04T16:15:10.677`) * [CVE-2023-42504](CVE-2023/CVE-2023-425xx/CVE-2023-42504.json) (`2023-12-04T18:44:20.847`)
* [CVE-2023-47054](CVE-2023/CVE-2023-470xx/CVE-2023-47054.json) (`2023-12-04T16:15:10.880`) * [CVE-2023-48022](CVE-2023/CVE-2023-480xx/CVE-2023-48022.json) (`2023-12-04T18:46:54.517`)
* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-12-04T16:15:11.263`) * [CVE-2023-3545](CVE-2023/CVE-2023-35xx/CVE-2023-3545.json) (`2023-12-04T18:50:46.923`)
* [CVE-2023-49287](CVE-2023/CVE-2023-492xx/CVE-2023-49287.json) (`2023-12-04T16:15:11.793`) * [CVE-2023-40056](CVE-2023/CVE-2023-400xx/CVE-2023-40056.json) (`2023-12-04T18:51:22.073`)
* [CVE-2023-5427](CVE-2023/CVE-2023-54xx/CVE-2023-5427.json) (`2023-12-04T16:15:12.013`) * [CVE-2023-3368](CVE-2023/CVE-2023-33xx/CVE-2023-3368.json) (`2023-12-04T18:57:35.040`)
* [CVE-2023-2497](CVE-2023/CVE-2023-24xx/CVE-2023-2497.json) (`2023-12-04T16:41:46.397`) * [CVE-2023-6226](CVE-2023/CVE-2023-62xx/CVE-2023-6226.json) (`2023-12-04T18:58:04.080`)
* [CVE-2023-38218](CVE-2023/CVE-2023-382xx/CVE-2023-38218.json) (`2023-12-04T16:54:09.293`) * [CVE-2023-42505](CVE-2023/CVE-2023-425xx/CVE-2023-42505.json) (`2023-12-04T18:58:39.287`)
## Download and Usage ## Download and Usage