admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-16T20:00:24.350486+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-16 20:00:28 +00:00
parent 0c189f46e6
commit fdd5c5749f
75 changed files with 4480 additions and 260 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2020/CVE-2020-110xx/CVE-2020-11080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-11080",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-03T23:15:11.073",
"lastModified": "2022-08-29T20:41:12.937",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:15.283",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -345,6 +345,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/",
"source": "security-advisories@github.com",

10
CVE-2022/CVE-2022-232xx/CVE-2022-23223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-23223",
"sourceIdentifier": "security@apache.org",
"published": "2022-01-25T13:15:08.137",
"lastModified": "2023-10-04T09:15:31.480",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T18:22:38.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -65,7 +65,7 @@
},
"weaknesses": [
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -75,12 +75,12 @@
]
},
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
"value": "CWE-522"
}
]
}

28
CVE-2022/CVE-2022-305xx/CVE-2022-30527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30527",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:10.603",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:51:21.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0",
"matchCriteriaId": "A7F0A543-38E1-48B9-A984-259081E49EAA"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20198",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-16T16:15:10.023",
"lastModified": "2023-10-16T16:15:10.023",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

165
CVE-2023/CVE-2023-202xx/CVE-2023-20235.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20235",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.917",
"lastModified": "2023-10-04T18:14:55.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:07:12.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de flujo de trabajo de desarrollo de aplicaciones en el dispositivo para la infraestructura de alojamiento de aplicaciones Cisco IOx en el software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado acceda al sistema operativo subyacente como usuario root. Esta vulnerabilidad existe porque los contenedores Docker con la opci\u00f3n de tiempo de ejecuci\u00f3n privilegiado no se bloquean cuando est\u00e1n en modo de desarrollo de aplicaciones. Un atacante podr\u00eda aprovechar esta vulnerabilidad utilizando la CLI de Docker para acceder a un dispositivo afectado. El flujo de trabajo de desarrollo de aplicaciones est\u00e1 destinado a usarse \u00fanicamente en sistemas de desarrollo y no en sistemas de producci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,145 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3.1",
"matchCriteriaId": "100403F0-0796-4993-A2AF-6A14EDC84478"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86879AC0-890E-42F4-9561-6851F38FE0AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19017B10-F630-42CD-ACD2-E817FEF0E7F1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CCC02-113E-4EA1-B0CA-9FDF1108BB71"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir1101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68D183A4-2B4D-4DFB-B7F3-2B7AEC0E759E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir1821-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "564DB1E0-7FDA-4E6B-8ABF-4A7BDB07BABE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir1831-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E218F9E1-8CB9-472D-815D-EAC68D1F5F9D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir1833-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31498808-5603-43A2-B7F1-D6111F824F9B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir1835-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B112725-CB72-48FC-8C73-3FCFF7DADF4F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir8140h-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA64916D-3743-4A5F-9021-07EB0B352FF9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir8140h-p-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6129CB-2C8F-4786-AE76-89C4866BE0E3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:catalyst_ir8340-k9:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9D37A1-D1AA-45B7-861B-046863A67727"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-24t-con-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4C98B90-69B3-4BDF-A569-4C102498BFAD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-24t-con-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7646B0A1-FDF5-4A60-A451-E84CE355302E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-24t-ncp-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA889066-14A8-4D88-9EFF-582FE1E65108"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-24t-ncp-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0C09AE-CD2A-486A-82D4-2F26AA6B6B95"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-con-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF81CC0-AEED-42DE-B423-8F4E118680BA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-con-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAAFDF1-7A3C-475F-AE82-B3194939D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-ncp-a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9566FC8C-0357-4780-976F-8A68E6A7D24A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:ess-3300-ncp-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07503D21-965B-49F0-B8F2-B5ECD656F277"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rdocker-uATbukKn",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-208xx/CVE-2023-20867.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20867",
"sourceIdentifier": "security@vmware.com",
"published": "2023-06-13T17:15:14.070",
"lastModified": "2023-10-16T06:15:08.633",
"lastModified": "2023-10-16T18:15:15.577",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
@ -104,6 +104,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/11",
"source": "security@vmware.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/16/2",
"source": "security@vmware.com"

69
CVE-2023/CVE-2023-263xx/CVE-2023-26318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26318",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:09.890",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:00:41.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949"
}
]
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=539",
"source": "security@xiaomi.com"
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-263xx/CVE-2023-26319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26319",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:10.103",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:02:59.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949"
}
]
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=536",
"source": "security@xiaomi.com"
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-263xx/CVE-2023-26320.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-26320",
"sourceIdentifier": "security@xiaomi.com",
"published": "2023-10-11T07:15:10.257",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:04:10.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "security@xiaomi.com",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mi:xiaomi_router_ax3200_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.2",
"matchCriteriaId": "B83DBDCF-18F3-4653-AFFB-1674EFB12520"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mi:xiaomi_router_ax3200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E84167F-E0B9-465F-ACD8-2202FDA73949"
}
]
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=540",
"source": "security@xiaomi.com"
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-27xx/CVE-2023-2744.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2744",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.433",
"lastModified": "2023-06-30T17:41:02.260",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:15.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731",
"source": "contact@wpscan.com",

8
CVE-2023/CVE-2023-298xx/CVE-2023-29842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T03:15:09.600",
"lastModified": "2023-05-10T03:58:32.817",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:15.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -64,6 +64,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175105/ChurchCRM-4.5.4-SQL-Injection.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ChurchCRM/CRM",
"source": "cve@mitre.org",

27
CVE-2023/CVE-2023-309xx/CVE-2023-30900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30900",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:11.640",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:20:19.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:xpedition_layout_browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "vx.2.14",
"matchCriteriaId": "E99C4608-324C-45BC-B3BA-13D6D47B735A"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-829656.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-34xx/CVE-2023-3440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3440",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-10-03T02:15:09.537",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:06:06.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:jp1\\/performance_management:-:*:*:*:*:*:*:*",
"matchCriteriaId": "989A2943-7EA0-4940-9430-CC71547E5144"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-145/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2023/CVE-2023-364xx/CVE-2023-36479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36479",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T19:15:08.387",
"lastModified": "2023-09-30T15:15:09.973",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:20:18.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -126,6 +126,31 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
@ -161,11 +186,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5507",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-368xx/CVE-2023-36803.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36803",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:15.717",
"lastModified": "2023-09-14T20:13:48.670",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:15.903",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n del Kernel de Windows"
}
],
"metrics": {
@ -110,6 +114,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175109/Microsoft-Windows-Kernel-Out-Of-Bounds-Reads-Memory-Disclosure.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36803",
"source": "secure@microsoft.com",

842
CVE-2023/CVE-2023-368xx/CVE-2023-36839.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-36839",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-12T23:15:10.883",
"lastModified": "2023-10-13T12:47:48.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:27:00.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).\n\nThis issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 version 21.1R1-EVO and later versions;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S3-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R1-S1-EVO;\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n inadecuada de la vulnerabilidad de cantidad especificada en la entrada en Layer-2 control protocols daemon (l2cpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado que env\u00eda paquetes LLDP espec\u00edficos provoque una Denegaci\u00f3n de Servicio (DoS). Este problema ocurre cuando se reciben paquetes LLDP espec\u00edficos y se realiza un sondeo de telemetr\u00eda en el dispositivo. El impacto del fallo de l2cpd es la reinicializaci\u00f3n de los protocolos STP (RSTP, MSTP o VSTP) y MVRP y ERP. Adem\u00e1s, si alg\u00fan servicio depende del estado de LLDP (como PoE o reconocimiento de dispositivo VoIP), tambi\u00e9n se ver\u00e1 afectado. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S8; * 21.1 versi\u00f3n 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S5; * Versiones 21.3 anteriores a 21.3R3-S4; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R3-S2; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2-S2; * Versiones 22.4 anteriores a 22.4R2; Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 20.4R3-S8-EVO; * 21.1 versi\u00f3n 21.1R1-EVO y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S5-EVO; * Versiones 21.3 anteriores a 21.3R3-S4-EVO; * Versiones 21.4 anteriores a 21.4R3-S3-EVO; * Versiones 22.1 anteriores a 22.1R3-S2-EVO; * Versiones 22.2 anteriores a 22.2R3-EVO; * Versiones 22.3 anteriores a 22.3R2-S2-EVO; * Versiones 22.4 anteriores a 22.4R1-S1-EVO;"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "sirt@juniper.net",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
},
{
"source": "sirt@juniper.net",
"type": "Secondary",
@ -46,10 +80,812 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.4",
"matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.4",
"matchCriteriaId": "0F41A7DF-2B27-4E2E-ABFC-E0510A028199"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:-:*:*:*:*:*:*",
"matchCriteriaId": "247FB9DF-7EC0-4298-B27C-3235D141C1D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "C9C8866D-162F-4C9B-8167-2FBA25410368"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "F85E5BC7-8607-4330-AA72-2273D32F8604"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "878C81C9-A418-4A21-8FDB-2116A992679C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "7451A671-A3CC-4904-8D45-947B1D3783C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "0108AD20-EAE6-41D1-AE48-254C46B5388A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "44FBCA6F-EB05-4EE4-85FD-944BDAF7D81B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r2-s3:*:*:*:*:*:*",
"matchCriteriaId": "E554FD12-FE69-44D1-B2C9-4382F8CA4456"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "E0C1D53E-70BE-4246-89ED-1074C8C70747"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "B39DDCF8-BB68-49F4-8AAF-AE25C9C13AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "B38A90A9-B739-49BE-8845-9ABF846CCC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "AAE56A7C-BA26-405F-A640-C43AF78B0A3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "683D8EED-9F26-41E7-B69C-FE198225A8F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s5:*:*:*:*:*:*",
"matchCriteriaId": "8979C85C-87DD-42B1-9CCC-BC3F7007C600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s6:*:*:*:*:*:*",
"matchCriteriaId": "5BDD5111-1BC2-456B-8A31-F2D252DF613C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:20.4:r3-s7:*:*:*:*:*:*",
"matchCriteriaId": "89B9BF7C-525C-4819-B80D-9B5F240F9878"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "AE674DD3-3590-4434-B144-5AD7EB5F039D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "0099BDA9-9D4B-4D6C-8234-EFD9E8C63476"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "D8729BC1-FB09-4E6D-A5D5-8BDC589555B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "9D72C3DF-4513-48AC-AAED-C1AADF0794E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8C583289-96C4-4451-A320-14CA1C390819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "FA43782E-0719-496E-9237-E1ABD3C4C664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.1:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "78897DD2-E161-4191-94FF-7400FB612DF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:*",
"matchCriteriaId": "620B0CDD-5566-472E-B96A-31D2C12E3120"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "3EA3DC63-B290-4D15-BEF9-21DEF36CA2EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "7E1E57AF-979B-4022-8AD6-B3558E06B718"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "144730FB-7622-4B3D-9C47-D1B7A7FB7EB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "7BA246F0-154E-4F44-A97B-690D22FA73DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "25D6C07C-F96E-4523-BB54-7FEABFE1D1ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "2B70C784-534B-4FAA-A5ED-3709656E2B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "60448FFB-568E-4280-9261-ADD65244F31A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "2B770C52-7E3E-4B92-9138-85DEC56F3B22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "E88AC378-461C-4EFA-A04B-5786FF21FE03"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "3B0AFB30-81DC-465C-9F63-D1B15EA4809A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.2:r3-s4:*:*:*:*:*:*",
"matchCriteriaId": "2035F0AC-29E7-478A-A9D0-BAA3A88B3413"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:-:*:*:*:*:*:*",
"matchCriteriaId": "4EC38173-44AB-43D5-8C27-CB43AD5E0B2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "5A4DD04A-DE52-46BE-8C34-8DB47F7500F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "FEE0E145-8E1C-446E-90ED-237E3B9CAF47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "0F26369D-21B2-4C6A-98C1-492692A61283"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "24003819-1A6B-4BDF-B3DF-34751C137788"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "BF8D332E-9133-45B9-BB07-B33C790F737A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "3E2A4377-D044-4E43-B6CC-B753D7F6ABD4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "8DAEC4F4-5748-4D36-A72B-4C62A0A30E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "C76DA7A5-9320-4E21-96A2-ACE70803A1CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.3:r3-s3:*:*:*:*:*:*",
"matchCriteriaId": "703C73EB-2D63-4D4F-8129-239AE1E96B2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:*",
"matchCriteriaId": "2E907193-075E-45BC-9257-9607DB790D71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "8B73A41D-3FF5-4E53-83FF-74DF58E0D6C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "CEDF46A8-FC3A-4779-B695-2CA11D045AEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "39809219-9F87-4583-9DAD-9415DD320B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "DB299492-A919-4EBA-A62A-B3CF02FC0A95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "74ED0939-D5F8-4334-9838-40F29DE3597F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "C6937069-8C19-4B01-8415-ED7E9EAE2CE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "97DB6DD5-F5DD-4AE1-AF2F-8DB9E18FF882"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "21DF05B8-EF7E-422F-8831-06904160714C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:*",
"matchCriteriaId": "492FCE45-68A1-4378-85D4-C4034FE0D836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "750FE748-82E7-4419-A061-2DEA26E35309"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "236E23E5-8B04-4081-9D97-7300DF284000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "5FC96EA7-90A7-4838-B95D-60DBC88C7BC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "97541867-C52F-40BB-9AAE-7E87ED23D789"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "85CF6664-E35A-4E9B-95C0-CDC91F7F331A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "E048A05D-882F-4B1C-BA32-3BBA3FEA31A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.1:r3-s1:*:*:*:*:*:*",
"matchCriteriaId": "47E8D51D-1424-4B07-B036-E3E195F21AC2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "D77A072D-350A-42F2-8324-7D3AC1711BF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "83AE395C-A651-4568-88E3-3600544BF799"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "B3BE1FD4-DAD9-4357-A2E9-20E5826B0D5C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "81CC3480-4B65-4588-8D46-FA80A8F6D143"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.2:r2-s2:*:*:*:*:*:*",
"matchCriteriaId": "F7E76F5F-DB37-4B7F-9247-3CEB4EBD7696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "433631CA-3AC4-4D66-9B46-AEA4209347F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s1:*:*:*:*:*:*",
"matchCriteriaId": "6E4CD8AD-277A-4FC5-A102-3E151060C216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r1-s2:*:*:*:*:*:*",
"matchCriteriaId": "4BC09BAC-83E7-48CE-B571-ED49277B2987"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2:*:*:*:*:*:*",
"matchCriteriaId": "FA4481D2-F693-48A5-8DBC-E86430987A25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.3:r2-s1:*:*:*:*:*:*",
"matchCriteriaId": "136CA584-2475-4A14-9771-F367180201D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "93887799-F62C-4A4A-BCF5-004D0B4D4154"
}
]
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73171",
"source": "sirt@juniper.net"
"source": "sirt@juniper.net",
"tags": [
"Vendor Advisory"
]
}
]
}

146
CVE-2023/CVE-2023-371xx/CVE-2023-37194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37194",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:11.903",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:28:22.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,150 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152B002C-C7B0-4891-9D78-0E2464D33B92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D249133-0B8A-4587-B453-44852E3EAFC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23579942-1BD9-4D73-9AD7-0FA68E5FDFDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B56820D-3842-4810-A9A9-F7F051C81374"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B55E584-06BA-4E1C-93B0-004B506FCBF3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*",
"matchCriteriaId": "581EA284-EDD6-4EA5-96B2-67904D1D9DC7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A397C5DD-6495-463D-8EEF-9F1325A0B6CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*",
"matchCriteriaId": "597593D3-BCFD-40DF-A83C-18F9D134863B"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

146
CVE-2023/CVE-2023-371xx/CVE-2023-37195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37195",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:11.983",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:31:17.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,150 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152B002C-C7B0-4891-9D78-0E2464D33B92"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6304FA24-F194-4EE2-95F5-35D086F82C01"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D249133-0B8A-4587-B453-44852E3EAFC6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA074FBE-1C3E-4441-8C51-52B555B85D9F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1623_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23579942-1BD9-4D73-9AD7-0FA68E5FDFDA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1623:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B56820D-3842-4810-A9A9-F7F051C81374"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B55E584-06BA-4E1C-93B0-004B506FCBF3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*",
"matchCriteriaId": "581EA284-EDD6-4EA5-96B2-67904D1D9DC7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:simatic_cp_1628_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A397C5DD-6495-463D-8EEF-9F1325A0B6CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:simatic_cp_1628:-:*:*:*:*:*:*:*",
"matchCriteriaId": "597593D3-BCFD-40DF-A83C-18F9D134863B"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784849.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

12
CVE-2023/CVE-2023-381xx/CVE-2023-38140.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38140",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.547",
"lastModified": "2023-09-14T20:14:42.167",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:16.030",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n del Kernel de Windows"
}
],
"metrics": {
@ -104,6 +108,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175108/Microsoft-Windows-Kernel-Paged-Pool-Memory-Disclosure.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38140",
"source": "secure@microsoft.com",

12
CVE-2023/CVE-2023-381xx/CVE-2023-38141.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38141",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-09-12T17:15:16.723",
"lastModified": "2023-09-14T20:14:59.463",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-16T18:15:16.163",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios del Kernel de Windows"
}
],
"metrics": {
@ -146,6 +150,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175096/Microsoft-Windows-Kernel-Race-Condition-Memory-Corruption.html",
"source": "secure@microsoft.com"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38141",
"source": "secure@microsoft.com",

61
CVE-2023/CVE-2023-394xx/CVE-2023-39447.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39447",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-10-10T13:15:20.613",
"lastModified": "2023-10-10T13:41:53.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:40:24.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.\u00a0\u00a0\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n"
},
{
"lang": "es",
"value": "Cuando se configura BIG-IP APM Guided Configurations, es posible que se registre informaci\u00f3n confidencial no divulgada en restnoded log. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."
}
],
"metrics": {
@ -46,10 +50,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.8",
"matchCriteriaId": "48743FD4-1E72-4550-92D6-F06D6D0AF142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD637AF5-F7D1-428F-955E-16756B7476E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0",
"versionEndIncluding": "7.7",
"matchCriteriaId": "C36042F8-9B48-4E0D-ABC1-F10BE2A49CB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E1215D-2724-4249-B0FD-16C32480A11D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_guided_configuration:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AED33D2-594D-4057-A7D5-041665AA6E07"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K47756555",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-401xx/CVE-2023-40180.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-40180",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:10.567",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": " silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://docs.silverstripe.org/en/developer_guides/graphql/security_and_best_practices/recursive_or_complex_queries",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/silverstripe/silverstripe-graphql/commit/f6d5976ec4608e51184b0db1ee5b9e9a99d2501c",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-v23w-pppm-jh66",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/silverstripe/silverstripe-graphql/tree/3.8#recursive-or-complex-queries",
"source": "security-advisories@github.com"
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-40180",
"source": "security-advisories@github.com"
}
]
}

69
CVE-2023/CVE-2023-412xx/CVE-2023-41261.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-41261",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T23:15:11.137",
"lastModified": "2023-10-13T12:47:48.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:25:05.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acci\u00f3n de endpoint csvExportReport generateCSV no requiere autenticaci\u00f3n y permite a un usuario no autenticado exportar un informe y acceder a los resultados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.1",
"matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-412xx/CVE-2023-41262.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-41262",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T23:15:11.190",
"lastModified": "2023-10-13T12:47:48.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:17:04.240",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en /fcgi/scrut_fcgi.fcgi en Plixer Scrutinizer antes de 19.3.1. La acci\u00f3n de endpoint csvExportReport generateCSV es vulnerable a la inyecci\u00f3n de SQL a trav\u00e9s del par\u00e1metro de clasificaci\u00f3n, lo que permite a un usuario no autenticado ejecutar declaraciones SQL arbitrarias en el contexto del servidor de base de datos backend de la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.1",
"matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-412xx/CVE-2023-41263.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-41263",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T23:15:11.243",
"lastModified": "2023-10-13T12:47:48.873",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:24:04.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Plixer Scrutinizer antes de la versi\u00f3n 19.3.1. Expone registros de depuraci\u00f3n a usuarios no autenticados en la ruta URL /debug/. Con conocimiento de las direcciones IP v\u00e1lidas y los tipos de fuentes, un atacante no autenticado puede descargar registros de depuraci\u00f3n que contengan informaci\u00f3n relacionada con la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.1",
"matchCriteriaId": "390C6B6A-DED5-42CC-84D4-E4A208560B74"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

29
CVE-2023/CVE-2023-419xx/CVE-2023-41900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41900",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.600",
"lastModified": "2023-09-29T12:15:12.980",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:20:23.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -101,6 +101,26 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
@ -129,7 +149,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5507",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

303
CVE-2023/CVE-2023-421xx/CVE-2023-42189.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42189",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T03:15:09.530",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:36:13.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,310 @@
"value": "Vulnerabilidad de permisos inseguros en Connectivity Standards Alliance Matter Official SDK v.1.1.0.0, Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030 y yeelight smart lamp v.1.12.69 permite que un atacante remoto provoque una denegaci\u00f3n de servicio mediante un script manipulado para la funci\u00f3n KeySetRemove."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tapo:mini_smart_wi-fi_plug_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD30F53-CE65-4DB3-8A0B-B26367A58462"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tapo:mini_smart_wi-fi_plug:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E838B3-4294-427A-A1F1-34838A9B0577"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nanoleaf:lightstrip_firmware:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "989DFDCB-4FA9-414F-9338-A8252FEFDF57"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:nanoleaf:lightstrip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D083D2-C5A4-4819-BFE0-37B3C083BCFB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:govee:led_strip_firmware:3.00.42:*:*:*:*:*:*:*",
"matchCriteriaId": "0C2C7970-79DD-4A3B-A7B4-14B8F2DF8D7D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:govee:led_strip:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B1C4EC-749F-483D-BEE5-4BA2CCCAF5A6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:switchbot:hub2_firmware:1.0-0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "780404E5-F030-4926-A6EE-D2A2801F3C78"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:switchbot:hub2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C758966A-6044-47AC-8E98-8CFB372C100C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:phillips:hue_hub_firmware:1.59.1959097030:*:*:*:*:*:*:*",
"matchCriteriaId": "65E03870-C822-4E62-86FA-010F9C72519E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:phillips:hue_hub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47D414B-811A-4E11-9280-43C615C3F3E1"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:yeelight:smart_lamp_firmware:1.12.69:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECB5733-DB50-45DC-ADC1-DBC38862FDE0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:yeelight:smart_lamp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35BF7DF6-A135-4475-BC40-F112801F29C3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:smart_plug_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15183145-06A4-4581-8139-DDE5F739BD60"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:smart_plug:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F365908-059D-4672-A763-73371DA99E67"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:orein:smart_bulb_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59542003-A1FE-4A28-B0FC-01120FD3C82A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:orein:smart_bulb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB5483F-2334-4283-9F84-E81D038B001C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:eve:eve_door_and_window_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60DD5C35-880E-4488-8758-0DA9545F481C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:eve:eve_door_and_window:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2873C9-86D3-462A-B362-24F2CAE0FC2E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/IoT-Fuzz/IoT-Fuzz/blob/main/Remove%20Key%20Set%20Vulnerability%20Report.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/project-chip/connectedhomeip/issues/28518",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/project-chip/connectedhomeip/issues/28679",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-424xx/CVE-2023-42477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42477",
"sourceIdentifier": "cna@sap.com",
"published": "2023-10-10T02:15:11.103",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:14:29.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -50,14 +70,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "9C506445-3787-4BFF-A98B-7502A0F7CF80"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3333426",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

15
CVE-2023/CVE-2023-427xx/CVE-2023-42753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T21:15:15.923",
"lastModified": "2023-09-27T15:19:33.057",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:41:01.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -80,8 +80,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.5",
"matchCriteriaId": "9E3BCCDE-3830-434C-9D47-F8B46B03DEFA"
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
}
]
}
@ -130,7 +130,12 @@
},
{
"url": "https://seclists.org/oss-sec/2023/q3/216",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/09/22/10",

90
CVE-2023/CVE-2023-427xx/CVE-2023-42796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42796",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:12.150",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:36:54.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -50,10 +70,72 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*",
"versionEndExcluding": "05.11",
"matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*",
"matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*",
"versionEndExcluding": "05.11",
"matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-431xx/CVE-2023-43115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43115",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T08:15:07.380",
"lastModified": "2023-10-15T04:15:12.167",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T18:15:16.290",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -94,6 +94,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IK3UXJ5HKMPAL5EQELJAWSRPA2AUOJJO/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PG5AQV7JOL5TAU76FWPJCMSKO5DREKV5/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-431xx/CVE-2023-43120.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-43120",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T19:15:10.680",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request."
}
],
"metrics": {},
"references": [
{
"url": "https://extreme-networks.my.site.com/ExtrArticleDetail?an=000114377",
"source": "cve@mitre.org"
}
]
}

81
CVE-2023/CVE-2023-432xx/CVE-2023-43271.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-09T21:15:10.173",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:09:54.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,86 @@
"value": "El control de acceso incorrecto en 70mai a500s v1.2.119 permite a los atacantes acceder y eliminar directamente los archivos de v\u00eddeo de la grabadora de conducci\u00f3n a trav\u00e9s de ftp y otros protocolos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:70mai:a500s_firmware:1.2.119:*:*:*:*:*:*:*",
"matchCriteriaId": "B2121501-D225-45EE-90EC-E949D26E2820"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:70mai:a500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C401CE32-74F5-4E1E-BB81-D286F0AE26E5"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Question-h/vuln/blob/master/70mai_a500s_backdoor.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Question-h/vuln/blob/master/CVE-2023-43271.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

41
CVE-2023/CVE-2023-436xx/CVE-2023-43623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43623",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:12.240",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:01:01.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.7.3",
"matchCriteriaId": "A4841C81-BDB6-4D19-9399-25E106AF654B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.1.3",
"matchCriteriaId": "4D6E5A35-E9FB-4F42-8022-605EE691C0B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mendix:forgot_password:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.4.0",
"matchCriteriaId": "B5D68BE8-7D5E-4FFF-A1B6-E9ECA060BCEC"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-295483.pdf",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-436xx/CVE-2023-43633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43633",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.330",
"lastModified": "2023-09-28T06:15:12.217",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:30:32.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -112,7 +112,10 @@
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-43633/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

11
CVE-2023/CVE-2023-436xx/CVE-2023-43634.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43634",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.477",
"lastModified": "2023-09-28T06:15:12.620",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:29:48.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "Al sellar/abrir la clave de \u201cvault\u201d, se utiliza una lista de PCRs, que define qu\u00e9 PCRs se utilizan. En un proyecto anterior, CYMOTIVE descubri\u00f3 que la configuraci\u00f3n no est\u00e1 protegida por el arranque seguro y, en respuesta, Zededa implement\u00f3 medidas en la partici\u00f3n de configuraci\u00f3n que estaba asignada a PCR 13. En ese proceso, PCR 13 se agreg\u00f3 a la lista de PCRs que sellan /abrir la llave. En la confirmaci\u00f3n \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n pas\u00f3 de PCR 13 a PCR 14, pero PCR 14 no se agreg\u00f3 a la lista de PCR que sellan/abren la clave. Este cambio hace que la medici\u00f3n de PCR 14 sea efectivamente redundante ya que no afectar\u00eda el sellado/abrir de la llave. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada.\n"
"value": "Al sellar/abrir la clave de \u201cvault\u201d, se utiliza una lista de PCRs, que define qu\u00e9 PCRs se utilizan. En un proyecto anterior, CYMOTIVE descubri\u00f3 que la configuraci\u00f3n no est\u00e1 protegida por el arranque seguro y, en respuesta, Zededa implement\u00f3 medidas en la partici\u00f3n de configuraci\u00f3n que estaba asignada a PCR 13. En ese proceso, PCR 13 se agreg\u00f3 a la lista de PCRs que sellan /abrir la llave. En el commit \u201c56e589749c6ff58ded862d39535d43253b249acf\u201d, la medici\u00f3n de la partici\u00f3n de configuraci\u00f3n pas\u00f3 de PCR 13 a PCR 14, pero PCR 14 no se agreg\u00f3 a la lista de PCR que sellan/abren la clave. Este cambio hace que la medici\u00f3n de PCR 14 sea efectivamente redundante ya que no afectar\u00eda el sellado/abrir de la llave. Un atacante podr\u00eda modificar la partici\u00f3n de configuraci\u00f3n sin activar el arranque medido, lo que podr\u00eda dar como resultado que el atacante obtenga control total sobre el dispositivo con acceso completo al contenido de la \"vault\" cifrada."
}
],
"metrics": {
@ -112,7 +112,10 @@
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-43634/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

9
CVE-2023/CVE-2023-436xx/CVE-2023-43637.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43637",
"sourceIdentifier": "cve@asrg.io",
"published": "2023-09-21T14:15:11.643",
"lastModified": "2023-09-28T06:15:13.797",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:30:36.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -101,7 +101,10 @@
"references": [
{
"url": "https://asrg.io/security-advisories/cve-2023-43637/",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Third Party Advisory"
]
}
]
}

170
CVE-2023/CVE-2023-437xx/CVE-2023-43746.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43746",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2023-10-10T13:15:21.783",
"lastModified": "2023-10-10T13:41:53.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:53:30.110",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nWhen running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.\u00a0 A successful exploit can allow the attacker to cross a security boundary.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "Cuando se ejecuta en modo Appliance, un usuario autenticado al que se le haya asignado la funci\u00f3n de Administrator puede evitar las restricciones del modo Appliance, utilizando el monitor externo BIG-IP en un sistema BIG-IP. Un exploit exitoso puede permitir al atacante cruzar un l\u00edmite de seguridad. Nota: Las versiones de software que han llegado al End of Technical Support (EoTS) no se eval\u00faan."
}
],
"metrics": {
@ -46,10 +50,170 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "14.1.5",
"matchCriteriaId": "94E0B611-902C-46BC-A099-881398828F0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.9",
"matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "14.1.5",
"matchCriteriaId": "4AF2DF45-D15E-4239-A66C-9F8A924E383A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.9",
"matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "14.1.5",
"matchCriteriaId": "34A88673-CDD5-48FC-9491-6852324E26EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.9",
"matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "14.1.5",
"matchCriteriaId": "F53FFE68-BE06-4F16-8C33-58711E86E254"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.9",
"matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "14.1.5",
"matchCriteriaId": "E9BB7368-B6F8-462F-B17F-02CFBB0EE310"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "15.1.9",
"matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K41072952",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
}
]
}

122
CVE-2023/CVE-2023-440xx/CVE-2023-44093.json
View File

@ -2,23 +2,135 @@
"id": "CVE-2023-44093",
"sourceIdentifier": "psirt@huawei.com",
"published": "2023-10-11T11:15:13.423",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:18:41.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality."
},
{
"lang": "es",
"value": "Vulnerabilidad en las claves p\u00fablicas de los nombres de los paquetes que no se verifican en el m\u00f3dulo de seguridad. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD62E8B-CB4B-43A6-98E8-09A8A1A3505B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2023/10/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-443xx/CVE-2023-44392.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44392",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-09T20:15:10.393",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:08:49.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -54,14 +74,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*",
"versionEndExcluding": "0.12.65",
"matchCriteriaId": "578BA987-86CC-4306-BDD9-8FD8DAB4D424"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:garden:garden:*:*:*:*:*:kubernetes:*:*",
"versionStartIncluding": "0.13.0",
"versionEndExcluding": "0.13.17",
"matchCriteriaId": "5D5D4DD6-0B6E-4321-B3FB-C237DCB73390"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/garden-io/garden/commit/3117964da40d3114f129a6131b4ada89eaa4eb8c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/garden-io/garden/security/advisories/GHSA-hm75-6vc9-8rpr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

10
CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-44487",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T14:15:10.883",
"lastModified": "2023-10-15T19:15:09.450",
"lastModified": "2023-10-16T19:15:10.740",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-10-10",
"cisaActionDue": "2023-10-31",
@ -589,6 +589,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/",
"source": "cve@mitre.org"
@ -682,6 +686,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231016-0001/",
"source": "cve@mitre.org"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-44487",
"source": "cve@mitre.org",

69
CVE-2023/CVE-2023-449xx/CVE-2023-44961.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-44961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.883",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:20:59.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Koha Library Software 23.0.5.04 y anteriores permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente intranet/cgi bin/cataloging/ysearch.pl."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.05.04",
"matchCriteriaId": "1340F420-5CF2-44A7-85AB-96B84AD7A5F8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ggb0n/CVE-2023-44961",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-449xx/CVE-2023-44962.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-44962",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.943",
"lastModified": "2023-10-11T21:04:47.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:21:28.193",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component."
},
{
"lang": "es",
"value": "Vulnerabilidad de carga de archivos en Koha Library Software 23.05.04 y anteriores permite a un atacante remoto leer archivos arbitrarios a trav\u00e9s del componente upload-cover-image.pl."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:koha-community:koha_library_software:*:*:*:*:*:*:*:*",
"versionEndIncluding": "23.05.04",
"matchCriteriaId": "1340F420-5CF2-44A7-85AB-96B84AD7A5F8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ggb0n/CVE-2023-44962",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-449xx/CVE-2023-44997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44997",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-11T08:15:08.883",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:04:19.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nitinrathod:wp_forms_puzzle_captcha:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.1",
"matchCriteriaId": "2155FC90-E248-4182-806D-B4DC285F281D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45148.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45148",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:10.860",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\\OC\\Memcache\\Redis` and install Redis instead of Memcached."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/40293",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2110945",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-451xx/CVE-2023-45151.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45151",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:10.957",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hhgv-jcg9-p4m9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/38398",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1994324",
"source": "security-advisories@github.com"
}
]
}

87
CVE-2023/CVE-2023-452xx/CVE-2023-45208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45208",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T05:15:09.260",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:48:47.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,90 @@
"value": "Una inyecci\u00f3n de comando en la funci\u00f3n parsing_xml_stasurvey dentro de libcgifunc.so del repetidor D-Link DAP-X1860 1.00 a 1.01b05-01 permite a los atacantes (dentro del alcance del repetidor) ejecutar comandos de shell como root durante el proceso de configuraci\u00f3n del repetidor, a trav\u00e9s de un SSID manipulado. Adem\u00e1s, los nombres de redes que contienen comillas simples (en el rango del repetidor) pueden provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "B77E3C38-5379-4242-A88D-A8F0309A7460"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.01b05-01:*:*:*:*:*:*:*",
"matchCriteriaId": "F568A5DD-3AD9-498F-8378-8A975499E971"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dap-1860_firmware:1.01b94:*:*:*:*:*:*:*",
"matchCriteriaId": "867EA37B-DB3B-4406-8376-D1FD238A8CED"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dap-1860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6579D66-FD76-4F30-A49A-E3CA406836B2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-006/-d-link-dap-x1860-remote-command-injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

105
CVE-2023/CVE-2023-453xx/CVE-2023-45311.json
View File

@ -2,43 +2,128 @@
"id": "CVE-2023-45311",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-06T21:15:10.940",
"lastModified": "2023-10-06T22:23:04.467",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:13:18.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary."
},
{
"lang": "es",
"value": "fsevents anterior a 1.2.11 depende de la URL https://fsevents-binaries.s3-us-west-2.amazonaws.com, lo que podr\u00eda permitir a un adversario ejecutar c\u00f3digo arbitrario si alg\u00fan proyecto JavaScript (que depende de fsevents) distribuye c\u00f3digo que se obtuvo de esa URL en un momento en que estaba controlada por un adversario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fsevents_project:fsevents:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "1.2.11",
"matchCriteriaId": "FA1FB339-2134-48A1-A7B7-8EF049BC43AE"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/atlassian/moo/blob/56ccbdd41b493332bc2cd7a4097a5802594cdb9c/package-lock.json#L1901-L1902",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/atlassian/react-immutable-proptypes/blob/ddb9fa5194b931bf7528eb4f2c0a8c3434f70edd/package-lock.json#L153",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/cloudflare/authr/blob/3f6129d97d06e61033a7f237d84e35e678db490f/ts/package-lock.json#L1512",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/cloudflare/hugo-cloudflare-docs/blob/e0f7cfa195af8ef1bfa51a487be7d34ba298ed06/package-lock.json#L494",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/cloudflare/redux-grim/blob/b652f99f95fb16812336073951adc5c5a93e2c23/package-lock.json#L266-L267",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/cloudflare/serverless-cloudflare-workers/blob/e95e1e9c9770ed9a3d9480c1fa73e64391268354/package-lock.json#L737",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/fsevents/fsevents/compare/v1.2.10...v1.2.11",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45463.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-45463",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-13T13:15:11.987",
"lastModified": "2023-10-13T13:46:47.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:33:53.557",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro hostName en la funci\u00f3n FUN_0040dabc. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20hostname%20parameter%20leads%20to%20DOS.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-454xx/CVE-2023-45466.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-45466",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-13T13:15:12.147",
"lastModified": "2023-10-13T13:46:47.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:41:36.367",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro pin_host en la configuraci\u00f3n de WPS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3mv2_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D18D01-01DD-4360-B30A-43BE90D6FCC4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20pin_host%20parameter%20in%20wps%20setting.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-454xx/CVE-2023-45468.json
View File

@ -2,19 +2,92 @@
"id": "CVE-2023-45468",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-13T13:15:12.253",
"lastModified": "2023-10-13T13:46:47.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:38:51.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Netis N3Mv2-V1.0.1.865 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s de pingWdogIp. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*",
"matchCriteriaId": "C183597B-AF8E-4019-BA83-D47FC1AA71E7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6E4234-6312-4E6B-910A-E0795AA11491"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20pingWdogIp%20parameter%20leads%20to%20DOS.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product",
"Third Party Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-456xx/CVE-2023-45660.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45660",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:11.060",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/mail/pull/8459",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8j9x-fmww-qr37",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/1895874",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-456xx/CVE-2023-45669.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-45669",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:11.167",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/webauthn4j/webauthn4j-spring-security/commit/129700d74d83f9b9a82bf88ebc63707e3cb0a725",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/webauthn4j/webauthn4j-spring-security/security/advisories/GHSA-v9hx-v6vf-g36j",
"source": "security-advisories@github.com"
},
{
"url": "https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#sctn-sign-counter",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-456xx/CVE-2023-45683.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45683",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-16T19:15:11.253",
"lastModified": "2023-10-16T19:24:26.033",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim\u2019s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-456xx/CVE-2023-45685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45685",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:09.963",
"lastModified": "2023-10-16T17:15:09.963",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45686",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:10.040",
"lastModified": "2023-10-16T17:15:10.040",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45687",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:10.107",
"lastModified": "2023-10-16T17:15:10.107",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45688.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45688",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:10.183",
"lastModified": "2023-10-16T17:15:10.183",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45689",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:10.243",
"lastModified": "2023-10-16T17:15:10.243",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-456xx/CVE-2023-45690.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45690",
"sourceIdentifier": "cve@rapid7.con",
"published": "2023-10-16T17:15:10.310",
"lastModified": "2023-10-16T17:15:10.310",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2023/CVE-2023-459xx/CVE-2023-45984.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45984",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T18:15:16.510",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setLanguageCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-459xx/CVE-2023-45985.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45985",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T18:15:16.577",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/setParentalRules.md",
"source": "cve@mitre.org"
}
]
}

79
CVE-2023/CVE-2023-45xx/CVE-2023-4504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4504",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-09-21T23:15:12.293",
"lastModified": "2023-10-07T03:15:10.747",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-16T19:32:08.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -81,6 +81,46 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -109,27 +149,50 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/",
"source": "cve@takeonme.org"
"source": "cve@takeonme.org",
"tags": [
"Mailing List",
"Release Notes"
]
},
{
"url": "https://takeonme.org/cves/CVE-2023-4504.html",

8
CVE-2023/CVE-2023-460xx/CVE-2023-46087.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46087",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-16T15:15:17.690",
"lastModified": "2023-10-16T15:15:17.690",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page \u2013 Hit Counter plugin <=\u00a01.4.14.3 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Mahlamusa Who Hit The Page \u2013 Hit Counter en versiones &lt;= 1.4.14.3."
}
],
"metrics": {

28
CVE-2023/CVE-2023-47xx/CVE-2023-4733.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4733",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-04T14:15:07.563",
"lastModified": "2023-09-18T02:15:50.907",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:13:04.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1840."
},
{
"lang": "es",
"value": "Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1840."
}
],
"metrics": {
@ -91,10 +95,20 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
@ -120,7 +134,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
@ -131,7 +148,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
}
]
}

28
CVE-2023/CVE-2023-47xx/CVE-2023-4750.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4750",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-04T14:15:08.263",
"lastModified": "2023-09-18T02:15:51.030",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:13:09.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository vim/vim prior to 9.0.1857."
},
{
"lang": "es",
"value": "Use After Free en el repositorio de GitHub vim/vim anterior a 9.0.1857."
}
],
"metrics": {
@ -91,10 +95,20 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
@ -120,7 +134,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
@ -131,7 +148,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
}
]
}

46
CVE-2023/CVE-2023-47xx/CVE-2023-4752.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4752",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-04T14:15:08.450",
"lastModified": "2023-09-29T17:15:47.233",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:13:58.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -95,10 +95,35 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -118,17 +143,25 @@
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/",
@ -139,7 +172,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List"
]
}
]
}

26
CVE-2023/CVE-2023-47xx/CVE-2023-4781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4781",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-09-05T19:15:49.207",
"lastModified": "2023-09-29T17:15:47.317",
"vulnStatus": "Modified",
"lastModified": "2023-10-16T19:13:49.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -99,13 +114,18 @@
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-49xx/CVE-2023-4990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4990",
"sourceIdentifier": "product-security@gg.jp.panasonic.com",
"published": "2023-10-11T08:15:09.053",
"lastModified": "2023-10-11T12:54:12.883",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:14:35.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mcl-collection:mcl-net_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.6.0.30210",
"matchCriteriaId": "E57F39C7-9824-46D4-96CD-40F927D80AE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mcl-collection:mcl-net:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7CA504-1A26-4F94-AF47-68ED6BBE42FA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.mcl-mobilityplatform.com/downloads.php",
"source": "product-security@gg.jp.panasonic.com"
"source": "product-security@gg.jp.panasonic.com",
"tags": [
"Product",
"Release Notes"
]
}
]
}

71
CVE-2023/CVE-2023-54xx/CVE-2023-5462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T22:15:12.863",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:11:33.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:xinje:xd5e-30r-e_firmware:3.5.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F2DEA6-E339-441A-A302-EB2249D29C48"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:xinje:xd5e-30r-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3817880B-19D0-4B2F-9E8D-4BD8C122677A"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.241585",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.241585",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-54xx/CVE-2023-5463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-09T22:15:12.937",
"lastModified": "2023-10-10T12:16:32.703",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T18:15:30.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -75,18 +97,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xinje:xdppro:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7.17a",
"matchCriteriaId": "D08D32C0-61AC-413D-893F-4072042CDBAF"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.241586",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.241586",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-55xx/CVE-2023-5555.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5555",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-12T11:15:23.740",
"lastModified": "2023-10-12T12:59:34.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:23:31.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) gen\u00e9rico en el repositorio de GitHub frappe/lms anterior a 5614a6203fb7d438be8e2b1e3030e4528d170ec4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -36,7 +62,7 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,16 +70,51 @@
"value": "CWE-79"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frappe:frappe_lms:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B81A1AF8-32B4-4D2D-B8DB-A2FB12178542"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/lms/commit/5614a6203fb7d438be8e2b1e3030e4528d170ec4",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/f6d688ee-b049-4f85-ac3e-f4d3e29e7b9f",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-55xx/CVE-2023-5556.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-5556",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-10-12T11:15:23.873",
"lastModified": "2023-10-12T12:59:34.797",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-16T19:23:44.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194."
},
{
"lang": "es",
"value": "Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub structurizr/onpremises anterior a 3194."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:structurizr:on-premises_installation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3194",
"matchCriteriaId": "07AE3041-EDE4-4566-8EFC-33814E884BDE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/structurizr/onpremises/commit/6cff4f792b010dfb1ff6a0b4ae1c6e398f8f8a18",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.dev/bounties/a3ee0f98-6898-41ae-b1bd-242a03a73d1b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-55xx/CVE-2023-5575.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5575",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-10-16T14:15:10.550",
"lastModified": "2023-10-16T14:15:10.550",
"vulnStatus": "Received",
"lastModified": "2023-10-16T18:33:43.730",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\nImproper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.\n\n\n"
},
{
"lang": "es",
"value": "El control de acceso inadecuado en la herencia de permisos en Devolutions Server 2022.3.13.0 y versiones anteriores permite que un atacante que comprometi\u00f3 a un usuario con pocos privilegios acceda a las entradas a trav\u00e9s de una combinaci\u00f3n espec\u00edfica de permisos en la entrada y en su nivel superior."
}
],
"metrics": {},

76
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-16T18:00:24.494366+00:00
2023-10-16T20:00:24.350486+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-16T17:45:01.687000+00:00
2023-10-16T19:53:30.110000+00:00
```
### Last Data Feed Release
@ -29,51 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227910
227919
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `9`
* [CVE-2023-20198](CVE-2023/CVE-2023-201xx/CVE-2023-20198.json) (`2023-10-16T16:15:10.023`)
* [CVE-2023-45685](CVE-2023/CVE-2023-456xx/CVE-2023-45685.json) (`2023-10-16T17:15:09.963`)
* [CVE-2023-45686](CVE-2023/CVE-2023-456xx/CVE-2023-45686.json) (`2023-10-16T17:15:10.040`)
* [CVE-2023-45687](CVE-2023/CVE-2023-456xx/CVE-2023-45687.json) (`2023-10-16T17:15:10.107`)
* [CVE-2023-45688](CVE-2023/CVE-2023-456xx/CVE-2023-45688.json) (`2023-10-16T17:15:10.183`)
* [CVE-2023-45689](CVE-2023/CVE-2023-456xx/CVE-2023-45689.json) (`2023-10-16T17:15:10.243`)
* [CVE-2023-45690](CVE-2023/CVE-2023-456xx/CVE-2023-45690.json) (`2023-10-16T17:15:10.310`)
* [CVE-2023-45984](CVE-2023/CVE-2023-459xx/CVE-2023-45984.json) (`2023-10-16T18:15:16.510`)
* [CVE-2023-45985](CVE-2023/CVE-2023-459xx/CVE-2023-45985.json) (`2023-10-16T18:15:16.577`)
* [CVE-2023-40180](CVE-2023/CVE-2023-401xx/CVE-2023-40180.json) (`2023-10-16T19:15:10.567`)
* [CVE-2023-43120](CVE-2023/CVE-2023-431xx/CVE-2023-43120.json) (`2023-10-16T19:15:10.680`)
* [CVE-2023-45148](CVE-2023/CVE-2023-451xx/CVE-2023-45148.json) (`2023-10-16T19:15:10.860`)
* [CVE-2023-45151](CVE-2023/CVE-2023-451xx/CVE-2023-45151.json) (`2023-10-16T19:15:10.957`)
* [CVE-2023-45660](CVE-2023/CVE-2023-456xx/CVE-2023-45660.json) (`2023-10-16T19:15:11.060`)
* [CVE-2023-45669](CVE-2023/CVE-2023-456xx/CVE-2023-45669.json) (`2023-10-16T19:15:11.167`)
* [CVE-2023-45683](CVE-2023/CVE-2023-456xx/CVE-2023-45683.json) (`2023-10-16T19:15:11.253`)
### CVEs modified in the last Commit
Recently modified CVEs: `50`
Recently modified CVEs: `65`
* [CVE-2022-20739](CVE-2022/CVE-2022-207xx/CVE-2022-20739.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20747](CVE-2022/CVE-2022-207xx/CVE-2022-20747.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20734](CVE-2022/CVE-2022-207xx/CVE-2022-20734.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20696](CVE-2022/CVE-2022-206xx/CVE-2022-20696.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20775](CVE-2022/CVE-2022-207xx/CVE-2022-20775.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20930](CVE-2022/CVE-2022-209xx/CVE-2022-20930.json) (`2023-10-16T16:35:25.220`)
* [CVE-2022-20830](CVE-2022/CVE-2022-208xx/CVE-2022-20830.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-41680](CVE-2023/CVE-2023-416xx/CVE-2023-41680.json) (`2023-10-16T16:05:54.027`)
* [CVE-2023-41681](CVE-2023/CVE-2023-416xx/CVE-2023-41681.json) (`2023-10-16T16:06:42.963`)
* [CVE-2023-41836](CVE-2023/CVE-2023-418xx/CVE-2023-41836.json) (`2023-10-16T16:07:05.677`)
* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-10-16T16:15:53.773`)
* [CVE-2023-20098](CVE-2023/CVE-2023-200xx/CVE-2023-20098.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-20214](CVE-2023/CVE-2023-202xx/CVE-2023-20214.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-20252](CVE-2023/CVE-2023-202xx/CVE-2023-20252.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-20253](CVE-2023/CVE-2023-202xx/CVE-2023-20253.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-20262](CVE-2023/CVE-2023-202xx/CVE-2023-20262.json) (`2023-10-16T16:35:25.220`)
* [CVE-2023-44100](CVE-2023/CVE-2023-441xx/CVE-2023-44100.json) (`2023-10-16T16:35:40.230`)
* [CVE-2023-44097](CVE-2023/CVE-2023-440xx/CVE-2023-44097.json) (`2023-10-16T16:36:25.770`)
* [CVE-2023-41304](CVE-2023/CVE-2023-413xx/CVE-2023-41304.json) (`2023-10-16T16:40:32.367`)
* [CVE-2023-44109](CVE-2023/CVE-2023-441xx/CVE-2023-44109.json) (`2023-10-16T16:43:26.553`)
* [CVE-2023-44096](CVE-2023/CVE-2023-440xx/CVE-2023-44096.json) (`2023-10-16T16:44:13.867`)
* [CVE-2023-33303](CVE-2023/CVE-2023-333xx/CVE-2023-33303.json) (`2023-10-16T16:51:24.700`)
* [CVE-2023-41682](CVE-2023/CVE-2023-416xx/CVE-2023-41682.json) (`2023-10-16T16:52:58.767`)
* [CVE-2023-38000](CVE-2023/CVE-2023-380xx/CVE-2023-38000.json) (`2023-10-16T17:04:06.637`)
* [CVE-2023-25989](CVE-2023/CVE-2023-259xx/CVE-2023-25989.json) (`2023-10-16T17:45:01.687`)
* [CVE-2023-43623](CVE-2023/CVE-2023-436xx/CVE-2023-43623.json) (`2023-10-16T19:01:01.317`)
* [CVE-2023-26319](CVE-2023/CVE-2023-263xx/CVE-2023-26319.json) (`2023-10-16T19:02:59.867`)
* [CVE-2023-26320](CVE-2023/CVE-2023-263xx/CVE-2023-26320.json) (`2023-10-16T19:04:10.920`)
* [CVE-2023-44997](CVE-2023/CVE-2023-449xx/CVE-2023-44997.json) (`2023-10-16T19:04:19.087`)
* [CVE-2023-3440](CVE-2023/CVE-2023-34xx/CVE-2023-3440.json) (`2023-10-16T19:06:06.767`)
* [CVE-2023-4733](CVE-2023/CVE-2023-47xx/CVE-2023-4733.json) (`2023-10-16T19:13:04.597`)
* [CVE-2023-4750](CVE-2023/CVE-2023-47xx/CVE-2023-4750.json) (`2023-10-16T19:13:09.647`)
* [CVE-2023-4781](CVE-2023/CVE-2023-47xx/CVE-2023-4781.json) (`2023-10-16T19:13:49.960`)
* [CVE-2023-4752](CVE-2023/CVE-2023-47xx/CVE-2023-4752.json) (`2023-10-16T19:13:58.133`)
* [CVE-2023-4990](CVE-2023/CVE-2023-49xx/CVE-2023-4990.json) (`2023-10-16T19:14:35.937`)
* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-16T19:15:10.740`)
* [CVE-2023-44093](CVE-2023/CVE-2023-440xx/CVE-2023-44093.json) (`2023-10-16T19:18:41.647`)
* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-10-16T19:20:18.767`)
* [CVE-2023-41900](CVE-2023/CVE-2023-419xx/CVE-2023-41900.json) (`2023-10-16T19:20:23.917`)
* [CVE-2023-44961](CVE-2023/CVE-2023-449xx/CVE-2023-44961.json) (`2023-10-16T19:20:59.490`)
* [CVE-2023-44962](CVE-2023/CVE-2023-449xx/CVE-2023-44962.json) (`2023-10-16T19:21:28.193`)
* [CVE-2023-5555](CVE-2023/CVE-2023-55xx/CVE-2023-5555.json) (`2023-10-16T19:23:31.277`)
* [CVE-2023-5556](CVE-2023/CVE-2023-55xx/CVE-2023-5556.json) (`2023-10-16T19:23:44.070`)
* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-16T19:27:00.180`)
* [CVE-2023-43634](CVE-2023/CVE-2023-436xx/CVE-2023-43634.json) (`2023-10-16T19:29:48.237`)
* [CVE-2023-43633](CVE-2023/CVE-2023-436xx/CVE-2023-43633.json) (`2023-10-16T19:30:32.823`)
* [CVE-2023-43637](CVE-2023/CVE-2023-436xx/CVE-2023-43637.json) (`2023-10-16T19:30:36.710`)
* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-10-16T19:32:08.873`)
* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-10-16T19:41:01.563`)
* [CVE-2023-43746](CVE-2023/CVE-2023-437xx/CVE-2023-43746.json) (`2023-10-16T19:53:30.110`)
## Download and Usage