Skip to content

Commit

Permalink
Auto-Update: 2023-12-19T21:00:24.455304+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Dec 19, 2023
1 parent f5d8924 commit 3cfdbc4
Show file tree
Hide file tree
Showing 51 changed files with 3,212 additions and 200 deletions.
73 changes: 70 additions & 3 deletions CVE-2023/CVE-2023-256xx/CVE-2023-25648.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,40 @@
"id": "CVE-2023-25648",
"sourceIdentifier": "[email protected]",
"published": "2023-12-14T07:15:07.180",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:25:23.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThere is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL\u00a0to execute command to escalate local privileges.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de permiso de carpeta d\u00e9bil en el producto ZXCLOUD iRAI de ZTE. Debido a un permiso de carpeta d\u00e9bil, un atacante con privilegios de usuario normales podr\u00eda construir una DLL falsa para ejecutar un comando para escalar los privilegios locales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23.21",
"matchCriteriaId": "7D77687B-1273-46FC-8753-F7D351F3A9A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
}
]
}
73 changes: 70 additions & 3 deletions CVE-2023/CVE-2023-256xx/CVE-2023-25650.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,40 @@
"id": "CVE-2023-25650",
"sourceIdentifier": "[email protected]",
"published": "2023-12-14T07:15:07.783",
"lastModified": "2023-12-14T13:52:06.780",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T19:24:52.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nThere is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de descarga de archivos arbitrarios en ZXCLOUD iRAI. Dado que el backend no escapa a cadenas especiales ni restringe rutas, un atacante con permiso del usuario podr\u00eda acceder a la interfaz de descarga modificando el par\u00e1metro de solicitud, provocando descargas de archivos arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -46,10 +80,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:zte:zxcloud_irai_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.23.30",
"matchCriteriaId": "07F5720E-BB8D-4E13-B24B-A5C61E435BDC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:zte:zxcloud_irai:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D48BE8C-7C78-41D7-87F1-22BFB91E3A5C"
}
]
}
]
}
],
"references": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
}
]
}
70 changes: 67 additions & 3 deletions CVE-2023/CVE-2023-273xx/CVE-2023-27317.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,40 @@
"id": "CVE-2023-27317",
"sourceIdentifier": "[email protected]",
"published": "2023-12-15T23:15:07.140",
"lastModified": "2023-12-18T14:05:33.523",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-19T20:00:14.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a \nvulnerability which will cause all SAS-attached FIPS 140-2 drives to \nbecome unlocked after a system reboot or power cycle or a single \nSAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This\n could lead to disclosure of sensitive information to an attacker with \nphysical access to the unlocked drives. \n\n"
},
{
"lang": "es",
"value": "ONTAP 9 versiones 9.12.1P8, 9.13.1P4 y 9.13.1P5 son susceptibles a una vulnerabilidad que har\u00e1 que todas las unidades FIPS 140-2 conectadas a SAS se desbloqueen despu\u00e9s de reiniciar el sistema o reiniciar el sistema o un \u00fanico FIPS 140 conectado a SAS. -2 unidad para desbloquearse despu\u00e9s de la reinserci\u00f3n. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial a un atacante con acceso f\u00edsico a las unidades desbloqueadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -46,10 +80,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.12.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "2D9A4188-F120-4A47-BF32-5114D2782225"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.13.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "0FD66569-CEF3-480B-9234-DB0A32F20667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap:9.13.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "54AABC18-1136-438F-AA7E-4D408347224D"
}
]
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20231215-0001/",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
}
]
}
55 changes: 55 additions & 0 deletions CVE-2023/CVE-2023-340xx/CVE-2023-34027.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
{
"id": "CVE-2023-34027",
"sourceIdentifier": "[email protected]",
"published": "2023-12-19T20:15:07.140",
"lastModified": "2023-12-19T20:15:07.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve",
"source": "[email protected]"
}
]
}
Loading

0 comments on commit 3cfdbc4

Please sign in to comment.