admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-10-04T22:00:25.343486+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-10-04 22:00:28 +00:00
parent a0c8260649
commit ff2ef30003
41 changed files with 2890 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
CVE-2023/CVE-2023-212xx/CVE-2023-21235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21235",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:12.537",
"lastModified": "2023-08-21T13:37:06.693",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-04T21:15:09.760",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -70,11 +70,8 @@
],
"references": [
{
"url": "https://source.android.com/security/bulletin/wear/2023-08-01",
"source": "security@android.com",
"tags": [
"Broken Link"
]
"url": "https://source.android.com/docs/security/bulletin/wear/2023/2023-08-01",
"source": "security@android.com"
}
]
}

51
CVE-2023/CVE-2023-28xx/CVE-2023-2830.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-2830",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.327",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T20:00:32.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <=\u00a01.4.2 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Trustindex.Io WP Testimonials en versiones &lt;= 1.4.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trustindex:wp_testimonials:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.2",
"matchCriteriaId": "808FB6A3-4428-4690-81BB-B58B5207CD0D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/testimonial-widgets/wordpress-wp-testimonials-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-326xx/CVE-2023-32669.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32669",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T13:15:10.077",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:07:05.703",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id)."
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n en la versi\u00f3n BuddyBoss 2.2.9, cuya explotaci\u00f3n podr\u00eda permitir a un usuario autenticado acceder y cambiar el nombre de los \u00e1lbumes de otros usuarios. Esta vulnerabilidad se puede aprovechar cambiando la identificaci\u00f3n del \u00e1lbum (id)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1793CDB5-4DF1-4C79-B52F-66E2EE09C8DB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-326xx/CVE-2023-32670.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32670",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T13:15:10.147",
"lastModified": "2023-10-03T13:52:20.283",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:06:20.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Scripting vulnerability \n\nin BuddyBoss 2.2.9 version\n\n, which could allow a local attacker with basic privileges to execute a malicious payload through the \"[name]=image.jpg\" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en BuddyBoss versi\u00f3n 2.2.9, que podr\u00eda permitir a un atacante local con privilegios b\u00e1sicos ejecutar un payload malicioso a trav\u00e9s del par\u00e1metro \"[name]=imagen.jpg\", permitiendo asignar un payload de JavaScript persistente que se activar\u00eda cuando se carga la imagen asociada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "1793CDB5-4DF1-4C79-B52F-66E2EE09C8DB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

610
CVE-2023/CVE-2023-330xx/CVE-2023-33039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33039",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2023-10-03T06:15:27.877",
"lastModified": "2023-10-03T12:51:44.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:18:51.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
@ -38,10 +58,594 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D9E281-B382-41AC-84CB-5B1063E5AC51"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qam8295p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44EBEBD5-98C3-493B-A108-FD4DE6FFBE97"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qam8650p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "295E75BD-2A6C-4A76-A376-A9977DDB17FF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qam8650p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD37AA1A-B911-45BF-9BCC-C772FA83E657"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8673334-5E11-4E95-B33D-3029499F71DF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0B32F6-5EF0-4591-99D7-D0E9B09DEC5A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "828CFB37-76A6-4927-9D00-AF9A1C432DD6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11405993-5903-4716-B452-370281034B42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "288F637F-22F8-47CF-B67F-C798A730A1BD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0996EA3-1C92-4933-BE34-9CF625E59FE7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE207DB-9770-40ED-961D-FDA75965826F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E23922D-C37F-476F-A623-4C1458A9156F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C66671C1-AE1A-44BE-9DB2-0B09FF4417DB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "74AA3929-3F80-4D54-B13A-9B070D5C03BB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "054F77D6-FC66-4151-9005-DC7ECDB5C722"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED3F589-16D9-46A7-A539-C9862473EE0D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C40544E-B040-491C-8DF3-50225E70B50C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DAC85C-CDC9-4784-A69A-147A2CE8A8B2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A71D74B0-0963-49FD-8E97-148C8993B263"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8145p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "910CBFA4-50F7-4C7A-B9B9-B88C8A919827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69C1B02F-8D2D-42E7-B70D-41F4D9844FD1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3FEACAA9-C061-4713-9A54-37D8BFC0B00B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F33EB594-B0D3-42F2-B1CA-B0E6C9D82C6B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF47E5-2875-412F-815D-44804BB3A739"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51BC0A66-493B-43BE-B51F-640BDF2FF32E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8DA4D12-7ABF-4A04-B44E-E1D68C8E58AB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A19659B-A0C3-44B7-8D54-BA21729873A4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8295p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F978041A-CE28-4BDF-A7DB-F0360F1A5F14"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8540p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE8B62D-83B4-4326-8A53-FED5947D5FFE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8540p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6F8899-136A-4A57-9F02-BD428E1663DA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa8650p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E807AA-5646-48AD-9A5C-B0B13E222AA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa8650p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "45FBB72B-B850-4E3F-ACBB-9392157FF131"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A024AB04-B213-4018-A4C1-FA467C7BA775"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A8AB7C-5D34-4794-8C06-2193075B323F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CD199F5-DA68-4BEB-AA99-11572DA26B4F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACA2D4D-FC77-4C1A-8278-1C27B3EA3303"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33268.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33268",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:09.953",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:34:09.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. El puerto de par\u00e1metros dentro de la funci\u00f3n de verificaci\u00f3n del certificado SSL es vulnerable a la inyecci\u00f3n de comandos del sistema operativo (ciego)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33268.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33269.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33269",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.003",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:34:26.603",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. Las opciones de par\u00e1metros dentro de la funci\u00f3n de verificaci\u00f3n WGET son vulnerables a la inyecci\u00f3n de comandos del sistema operativo (ciega)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33269.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33270.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33270",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.050",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:34:36.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. La URL del par\u00e1metro dentro de la funci\u00f3n de verificaci\u00f3n de Curl es vulnerable a la inyecci\u00f3n de comandos del sistema operativo (ciega)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33270.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33271.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33271",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.097",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:04:35.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. El par\u00e1metro common_name dentro de la funci\u00f3n de verificaci\u00f3n del Certificado SSL es vulnerable a la inyecci\u00f3n de comandos del sistema operativo (ciega)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33271.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33272.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33272",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.143",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:05:08.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. El par\u00e1metro ip dentro de la funci\u00f3n de verificaci\u00f3n del Ping es vulnerable a la inyecci\u00f3n de comandos del sistema operativo (ciega)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33272.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-332xx/CVE-2023-33273.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-33273",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-03T21:15:10.193",
"lastModified": "2023-10-03T23:55:59.983",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:05:16.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en DTS Monitoring 3.57.0. La URL del par\u00e1metro dentro de la funci\u00f3n de verificaci\u00f3n WGET es vulnerable a la inyecci\u00f3n de comandos del sistema operativo (ciega)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dts:monitoring:3.57.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4BA715B-4273-4076-AE2D-A58255615679"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/l4rRyxz/CVE-Disclosures/blob/main/CVE-2023-33273.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-33xx/CVE-2023-3335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3335",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-10-03T02:15:09.377",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:01:47.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:ops_center_administrator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.9.3-00",
"matchCriteriaId": "F3349062-9852-4AFE-8E0C-2F024FD862F6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-140/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-366xx/CVE-2023-36618.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36618",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T21:15:09.857",
"lastModified": "2023-10-04T21:15:09.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users."
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-366xx/CVE-2023-36619.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36619",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T21:15:09.907",
"lastModified": "2023-10-04T21:15:09.907",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users."
}
],
"metrics": {},
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2307-01.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/174704/Atos-Unify-OpenScape-Code-Execution-Missing-Authentication.html",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-385xx/CVE-2023-38537.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38537",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-10-04T20:15:09.927",
"lastModified": "2023-10-04T20:15:09.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-assign@fb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-assign@fb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-366"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www.whatsapp.com/security/advisories/2023/",
"source": "cve-assign@fb.com"
}
]
}

59
CVE-2023/CVE-2023-385xx/CVE-2023-38538.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-38538",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2023-10-04T20:15:10.020",
"lastModified": "2023-10-04T20:15:10.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-assign@fb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "cve-assign@fb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-366"
},
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www.whatsapp.com/security/advisories/2023/",
"source": "cve-assign@fb.com"
}
]
}

51
CVE-2023/CVE-2023-391xx/CVE-2023-39165.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39165",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.407",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T20:00:28.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <=\u00a02.2.8 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Fetch Designs Sign-up Sheets en versiones &lt;= 2.2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fetchdesigns:sign-up_sheets:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2.8",
"matchCriteriaId": "104A33A1-A30F-4CDF-86D1-06CADC0B1935"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sign-up-sheets/wordpress-sign-up-sheets-plugin-2-2-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-399xx/CVE-2023-39917.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-39917",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-03T12:15:10.480",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:08:21.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays \u2013 Responsive Image Gallery plugin <=\u00a05.2.6 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Gallery Team Photo Gallery by Ays \u2013 Responsive Image Gallery en versiones &lt;= 5.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ays-pro:photo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.2.6",
"matchCriteriaId": "946C405B-18C4-4632-8092-6515336AAA4D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/gallery-photo-gallery/wordpress-photo-gallery-by-ays-responsive-image-gallery-plugin-5-2-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-39xx/CVE-2023-3967.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3967",
"sourceIdentifier": "hirt@hitachi.co.jp",
"published": "2023-10-03T02:15:09.710",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T20:59:13.480",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "hirt@hitachi.co.jp",
"type": "Secondary",
@ -50,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hitachi:ops_center_common_services:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.9.3-00",
"matchCriteriaId": "1D9CAD64-949C-402C-BF5E-9F9C725C8AF4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-142/index.html",
"source": "hirt@hitachi.co.jp"
"source": "hirt@hitachi.co.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-40xx/CVE-2023-4098.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4098",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T12:15:10.780",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:11:07.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application."
},
{
"lang": "es",
"value": "Se ha identificado que la aplicaci\u00f3n web no filtra correctamente los par\u00e1metros de entrada, permitiendo inyecciones SQL, DoS o divulgaci\u00f3n de informaci\u00f3n. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-40xx/CVE-2023-4099.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4099",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T12:15:10.843",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:16:25.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n QSige Monitor no cuenta con un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-410xx/CVE-2023-41094.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41094",
"sourceIdentifier": "product-security@silabs.com",
"published": "2023-10-04T21:15:09.963",
"lastModified": "2023-10-04T21:15:09.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nTouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "product-security@silabs.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-672"
},
{
"lang": "en",
"value": "CWE-772"
}
]
}
],
"references": [
{
"url": "https://community.silabs.com/0688Y00000aIPzL",
"source": "product-security@silabs.com"
}
]
}

60
CVE-2023/CVE-2023-41xx/CVE-2023-4100.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-4100",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T12:15:10.910",
"lastModified": "2023-10-03T12:51:39.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:27:54.943",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions."
},
{
"lang": "es",
"value": "Permite a un atacante realizar ataques XSS almacenados en ciertos recursos. La explotaci\u00f3n de esta vulnerabilidad puede provocar una condici\u00f3n DoS, entre otras acciones."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.3
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
@ -46,10 +80,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377"
}
]
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige",
"source": "cve-coordination@incibe.es"
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2023/CVE-2023-424xx/CVE-2023-42449.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-42449",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T20:15:10.107",
"lastModified": "2023-10-04T20:15:10.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`.\n\nDuring the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom).\n\nThe malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT.\n\nVersion 0.13.0 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-node/src/Hydra/Chain/Direct/Tx.hs#L645-L761",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-plutus/src/Hydra/Contract/Initial.hs#L84-L91",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0130---2023-10-03",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/HeadTokens.hs#L76-L136",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-9m8q-7wxv-v65p",
"source": "security-advisories@github.com"
}
]
}

109
CVE-2023/CVE-2023-427xx/CVE-2023-42771.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42771",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-03T01:15:56.967",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:05:00.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,114 @@
"value": "Vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el firmware ACERA 1320 versi\u00f3n 01.26 y anteriores, y en el firmware ACERA 1310 versi\u00f3n 01.26 y anteriores, permite que un atacante no autenticado adyacente a la red que puede acceder al producto afectado descargue archivos de configuraci\u00f3n y/o archivos de registro, y cargue archivos de configuraci\u00f3n y /o firmware. Se ven afectados cuando se ejecutan en modo ST (independiente)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "5FFEB8A0-F2DE-4C34-8C93-BDC2D903BE64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D14B5-1763-44C0-8EED-A3F787A97A8C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "4F94D3C1-940A-4A09-B99B-9BB79B73EA63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09DD97A0-77E2-4BC6-A8EC-7BEF65B75E0C"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU94497038/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-428xx/CVE-2023-42808.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42808",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T20:15:10.187",
"lastModified": "2023-10-04T20:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice\u2019s server origin. As of time of publication, it is unknown whether any patches or workarounds exist."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/fetch-legal-document.ts#LL21-L62C2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/server.ts#L214",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-026_Common_Voice/",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-428xx/CVE-2023-42809.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T20:15:10.263",
"lastModified": "2023-10-04T20:15:10.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue.\n\nSome post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/redisson/redisson/commit/fe6a2571801656ff1599ef87bdee20f519a5d1fe",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-053_Redisson/",
"source": "security-advisories@github.com"
}
]
}

84
CVE-2023/CVE-2023-42xx/CVE-2023-4211.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4211",
"sourceIdentifier": "arm-security@arm.com",
"published": "2023-10-01T18:15:09.927",
"lastModified": "2023-10-04T17:15:10.337",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-10-04T20:51:36.240",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-10-03",
"cisaActionDue": "2023-10-24",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -18,8 +18,41 @@
"value": "Un usuario local sin privilegios puede realizar operaciones inadecuadas de procesamiento de la memoria de la GPU para obtener acceso a la memoria ya liberada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -31,10 +64,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r41p0",
"versionEndIncluding": "r42p0",
"matchCriteriaId": "7D525477-F5C3-459A-B5D6-3B1C75B0069B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r0p0",
"versionEndIncluding": "r42p0",
"matchCriteriaId": "FF8078F2-C783-47EC-9C28-6DA97ECEFEEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:midgard:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r12p0",
"versionEndIncluding": "r32p0",
"matchCriteriaId": "888E7E35-B0F4-453F-8B51-B2929E504C25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r19p0",
"versionEndIncluding": "r42p0",
"matchCriteriaId": "B4071968-E656-4D71-AF92-EA3C551C5FF4"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-436xx/CVE-2023-43627.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43627",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-03T01:15:57.017",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T21:03:53.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,114 @@
"value": "Vulnerabilidad de path traversal en el firmware ACERA 1320 versi\u00f3n 01.26 y anteriores, y en el firmware ACERA 1310 versi\u00f3n 01.26 y anteriores permite que un atacante autenticado adyacente a la red altere informaci\u00f3n cr\u00edtica, como archivos del sistema, mediante el env\u00edo de una solicitud especialmente manipulada. Se ven afectados cuando se ejecutan en modo ST (Standalone)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1310_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "5FFEB8A0-F2DE-4C34-8C93-BDC2D903BE64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D97D14B5-1763-44C0-8EED-A3F787A97A8C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:furunosystems:acera_1320_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "01.26",
"matchCriteriaId": "4F94D3C1-940A-4A09-B99B-9BB79B73EA63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:furunosystems:acera_1320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "09DD97A0-77E2-4BC6-A8EC-7BEF65B75E0C"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU94497038/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2023/CVE-2023-437xx/CVE-2023-43793.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43793",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.040",
"lastModified": "2023-10-04T21:15:10.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-437xx/CVE-2023-43799.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-43799",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.127",
"lastModified": "2023-10-04T21:15:10.127",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/altair-graphql/altair/releases/tag/v5.2.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-438xx/CVE-2023-43805.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-43805",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.203",
"lastModified": "2023-10-04T21:15:10.203",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nexryai/nexkey/commit/d89575c521fd4492f5e2ba5a221c5e8f1382081d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-438xx/CVE-2023-43809.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-43809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.280",
"lastModified": "2023-10-04T21:15:10.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/charmbracelet/soft-serve/issues/389",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-440xx/CVE-2023-44075.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-44075",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-04T20:15:10.347",
"lastModified": "2023-10-04T20:15:10.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TheKongV/CVE/blob/main/CVE-2023-44075",
"source": "cve@mitre.org"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44209.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44209",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-04T20:15:10.397",
"lastModified": "2023-10-04T20:15:10.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2119",
"source": "security@acronis.com"
}
]
}

55
CVE-2023/CVE-2023-442xx/CVE-2023-44210.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-44210",
"sourceIdentifier": "security@acronis.com",
"published": "2023-10-04T20:15:10.463",
"lastModified": "2023-10-04T20:15:10.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@acronis.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2159",
"source": "security@acronis.com"
}
]
}

63
CVE-2023/CVE-2023-443xx/CVE-2023-44389.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-44389",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-04T21:15:10.360",
"lastModified": "2023-10-04T21:15:10.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh",
"source": "security-advisories@github.com"
}
]
}

8
CVE-2023/CVE-2023-444xx/CVE-2023-44464.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44464",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-29T05:15:46.757",
"lastModified": "2023-10-02T12:51:18.960",
"vulnStatus": "Analyzed",
"lastModified": "2023-10-04T20:15:10.527",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -90,6 +90,10 @@
"Release Notes"
]
},
{
"url": "https://pretix.eu/about/de/blog/20230912-release-2023-7-2/",
"source": "cve@mitre.org"
},
{
"url": "https://pretix.eu/about/en/ticketing",
"source": "cve@mitre.org",

54
CVE-2023/CVE-2023-53xx/CVE-2023-5334.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5334",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-03T02:15:10.360",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T20:57:14.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -50,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wponlinesupport:wp_responsive_header_image_slider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.1",
"matchCriteriaId": "E22FFAF0-F253-497A-AD51-CE18B55AE7C8"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/responsive-header-image-slider/trunk/responsive_headerimageslider.php#L343",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-53xx/CVE-2023-5345.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5345",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-10-03T03:15:09.750",
"lastModified": "2023-10-03T12:51:52.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-10-04T20:56:10.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "cve-coordination@google.com",
"type": "Secondary",
@ -50,14 +80,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705",
"source": "cve-coordination@google.com"
"source": "cve-coordination@google.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

85
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-10-04T20:00:26.458592+00:00
2023-10-04T22:00:25.343486+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-10-04T19:59:55.817000+00:00
2023-10-04T21:27:54.943000+00:00
```
### Last Data Feed Release
@ -29,54 +29,59 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
227005
227021
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `16`
* [CVE-2023-5402](CVE-2023/CVE-2023-54xx/CVE-2023-5402.json) (`2023-10-04T18:15:12.240`)
* [CVE-2023-27121](CVE-2023/CVE-2023-271xx/CVE-2023-27121.json) (`2023-10-04T19:15:10.063`)
* [CVE-2023-38701](CVE-2023/CVE-2023-387xx/CVE-2023-38701.json) (`2023-10-04T19:15:10.127`)
* [CVE-2023-39191](CVE-2023/CVE-2023-391xx/CVE-2023-39191.json) (`2023-10-04T19:15:10.210`)
* [CVE-2023-3428](CVE-2023/CVE-2023-34xx/CVE-2023-3428.json) (`2023-10-04T19:15:10.277`)
* [CVE-2023-3576](CVE-2023/CVE-2023-35xx/CVE-2023-3576.json) (`2023-10-04T19:15:10.340`)
* [CVE-2023-42448](CVE-2023/CVE-2023-424xx/CVE-2023-42448.json) (`2023-10-04T19:15:10.407`)
* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-04T19:15:10.490`)
* [CVE-2023-5391](CVE-2023/CVE-2023-53xx/CVE-2023-5391.json) (`2023-10-04T19:15:10.777`)
* [CVE-2023-5399](CVE-2023/CVE-2023-53xx/CVE-2023-5399.json) (`2023-10-04T19:15:10.847`)
* [CVE-2023-38537](CVE-2023/CVE-2023-385xx/CVE-2023-38537.json) (`2023-10-04T20:15:09.927`)
* [CVE-2023-38538](CVE-2023/CVE-2023-385xx/CVE-2023-38538.json) (`2023-10-04T20:15:10.020`)
* [CVE-2023-42449](CVE-2023/CVE-2023-424xx/CVE-2023-42449.json) (`2023-10-04T20:15:10.107`)
* [CVE-2023-42808](CVE-2023/CVE-2023-428xx/CVE-2023-42808.json) (`2023-10-04T20:15:10.187`)
* [CVE-2023-42809](CVE-2023/CVE-2023-428xx/CVE-2023-42809.json) (`2023-10-04T20:15:10.263`)
* [CVE-2023-44075](CVE-2023/CVE-2023-440xx/CVE-2023-44075.json) (`2023-10-04T20:15:10.347`)
* [CVE-2023-44209](CVE-2023/CVE-2023-442xx/CVE-2023-44209.json) (`2023-10-04T20:15:10.397`)
* [CVE-2023-44210](CVE-2023/CVE-2023-442xx/CVE-2023-44210.json) (`2023-10-04T20:15:10.463`)
* [CVE-2023-36618](CVE-2023/CVE-2023-366xx/CVE-2023-36618.json) (`2023-10-04T21:15:09.857`)
* [CVE-2023-36619](CVE-2023/CVE-2023-366xx/CVE-2023-36619.json) (`2023-10-04T21:15:09.907`)
* [CVE-2023-41094](CVE-2023/CVE-2023-410xx/CVE-2023-41094.json) (`2023-10-04T21:15:09.963`)
* [CVE-2023-43793](CVE-2023/CVE-2023-437xx/CVE-2023-43793.json) (`2023-10-04T21:15:10.040`)
* [CVE-2023-43799](CVE-2023/CVE-2023-437xx/CVE-2023-43799.json) (`2023-10-04T21:15:10.127`)
* [CVE-2023-43805](CVE-2023/CVE-2023-438xx/CVE-2023-43805.json) (`2023-10-04T21:15:10.203`)
* [CVE-2023-43809](CVE-2023/CVE-2023-438xx/CVE-2023-43809.json) (`2023-10-04T21:15:10.280`)
* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-04T21:15:10.360`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `24`
* [CVE-2023-32302](CVE-2023/CVE-2023-323xx/CVE-2023-32302.json) (`2023-10-04T18:15:11.810`)
* [CVE-2023-5002](CVE-2023/CVE-2023-50xx/CVE-2023-5002.json) (`2023-10-04T18:15:12.097`)
* [CVE-2023-43951](CVE-2023/CVE-2023-439xx/CVE-2023-43951.json) (`2023-10-04T18:25:22.743`)
* [CVE-2023-43952](CVE-2023/CVE-2023-439xx/CVE-2023-43952.json) (`2023-10-04T18:26:33.977`)
* [CVE-2023-43953](CVE-2023/CVE-2023-439xx/CVE-2023-43953.json) (`2023-10-04T18:27:51.783`)
* [CVE-2023-5351](CVE-2023/CVE-2023-53xx/CVE-2023-5351.json) (`2023-10-04T18:51:38.577`)
* [CVE-2023-4527](CVE-2023/CVE-2023-45xx/CVE-2023-4527.json) (`2023-10-04T19:15:10.547`)
* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-10-04T19:15:10.623`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-04T19:15:10.700`)
* [CVE-2023-5350](CVE-2023/CVE-2023-53xx/CVE-2023-5350.json) (`2023-10-04T19:23:26.313`)
* [CVE-2023-38381](CVE-2023/CVE-2023-383xx/CVE-2023-38381.json) (`2023-10-04T19:53:28.377`)
* [CVE-2023-37998](CVE-2023/CVE-2023-379xx/CVE-2023-37998.json) (`2023-10-04T19:54:12.660`)
* [CVE-2023-33026](CVE-2023/CVE-2023-330xx/CVE-2023-33026.json) (`2023-10-04T19:54:35.327`)
* [CVE-2023-28571](CVE-2023/CVE-2023-285xx/CVE-2023-28571.json) (`2023-10-04T19:55:13.527`)
* [CVE-2023-28539](CVE-2023/CVE-2023-285xx/CVE-2023-28539.json) (`2023-10-04T19:55:39.053`)
* [CVE-2023-24855](CVE-2023/CVE-2023-248xx/CVE-2023-24855.json) (`2023-10-04T19:56:08.360`)
* [CVE-2023-24853](CVE-2023/CVE-2023-248xx/CVE-2023-24853.json) (`2023-10-04T19:56:41.367`)
* [CVE-2023-4097](CVE-2023/CVE-2023-40xx/CVE-2023-4097.json) (`2023-10-04T19:58:06.703`)
* [CVE-2023-38398](CVE-2023/CVE-2023-383xx/CVE-2023-38398.json) (`2023-10-04T19:58:17.107`)
* [CVE-2023-38396](CVE-2023/CVE-2023-383xx/CVE-2023-38396.json) (`2023-10-04T19:58:23.093`)
* [CVE-2023-38390](CVE-2023/CVE-2023-383xx/CVE-2023-38390.json) (`2023-10-04T19:58:33.723`)
* [CVE-2023-37990](CVE-2023/CVE-2023-379xx/CVE-2023-37990.json) (`2023-10-04T19:58:39.040`)
* [CVE-2023-25463](CVE-2023/CVE-2023-254xx/CVE-2023-25463.json) (`2023-10-04T19:58:49.127`)
* [CVE-2023-24518](CVE-2023/CVE-2023-245xx/CVE-2023-24518.json) (`2023-10-04T19:59:45.290`)
* [CVE-2023-0828](CVE-2023/CVE-2023-08xx/CVE-2023-0828.json) (`2023-10-04T19:59:55.817`)
* [CVE-2023-39165](CVE-2023/CVE-2023-391xx/CVE-2023-39165.json) (`2023-10-04T20:00:28.027`)
* [CVE-2023-2830](CVE-2023/CVE-2023-28xx/CVE-2023-2830.json) (`2023-10-04T20:00:32.557`)
* [CVE-2023-33271](CVE-2023/CVE-2023-332xx/CVE-2023-33271.json) (`2023-10-04T20:04:35.777`)
* [CVE-2023-33272](CVE-2023/CVE-2023-332xx/CVE-2023-33272.json) (`2023-10-04T20:05:08.207`)
* [CVE-2023-33273](CVE-2023/CVE-2023-332xx/CVE-2023-33273.json) (`2023-10-04T20:05:16.653`)
* [CVE-2023-44464](CVE-2023/CVE-2023-444xx/CVE-2023-44464.json) (`2023-10-04T20:15:10.527`)
* [CVE-2023-33268](CVE-2023/CVE-2023-332xx/CVE-2023-33268.json) (`2023-10-04T20:34:09.853`)
* [CVE-2023-33269](CVE-2023/CVE-2023-332xx/CVE-2023-33269.json) (`2023-10-04T20:34:26.603`)
* [CVE-2023-33270](CVE-2023/CVE-2023-332xx/CVE-2023-33270.json) (`2023-10-04T20:34:36.617`)
* [CVE-2023-4211](CVE-2023/CVE-2023-42xx/CVE-2023-4211.json) (`2023-10-04T20:51:36.240`)
* [CVE-2023-5345](CVE-2023/CVE-2023-53xx/CVE-2023-5345.json) (`2023-10-04T20:56:10.307`)
* [CVE-2023-5334](CVE-2023/CVE-2023-53xx/CVE-2023-5334.json) (`2023-10-04T20:57:14.823`)
* [CVE-2023-3967](CVE-2023/CVE-2023-39xx/CVE-2023-3967.json) (`2023-10-04T20:59:13.480`)
* [CVE-2023-3335](CVE-2023/CVE-2023-33xx/CVE-2023-3335.json) (`2023-10-04T21:01:47.887`)
* [CVE-2023-43627](CVE-2023/CVE-2023-436xx/CVE-2023-43627.json) (`2023-10-04T21:03:53.027`)
* [CVE-2023-42771](CVE-2023/CVE-2023-427xx/CVE-2023-42771.json) (`2023-10-04T21:05:00.090`)
* [CVE-2023-32670](CVE-2023/CVE-2023-326xx/CVE-2023-32670.json) (`2023-10-04T21:06:20.757`)
* [CVE-2023-32669](CVE-2023/CVE-2023-326xx/CVE-2023-32669.json) (`2023-10-04T21:07:05.703`)
* [CVE-2023-39917](CVE-2023/CVE-2023-399xx/CVE-2023-39917.json) (`2023-10-04T21:08:21.527`)
* [CVE-2023-4098](CVE-2023/CVE-2023-40xx/CVE-2023-4098.json) (`2023-10-04T21:11:07.557`)
* [CVE-2023-21235](CVE-2023/CVE-2023-212xx/CVE-2023-21235.json) (`2023-10-04T21:15:09.760`)
* [CVE-2023-4099](CVE-2023/CVE-2023-40xx/CVE-2023-4099.json) (`2023-10-04T21:16:25.047`)
* [CVE-2023-33039](CVE-2023/CVE-2023-330xx/CVE-2023-33039.json) (`2023-10-04T21:18:51.943`)
* [CVE-2023-4100](CVE-2023/CVE-2023-41xx/CVE-2023-4100.json) (`2023-10-04T21:27:54.943`)
## Download and Usage