Skip to content

Commit

Permalink
Auto-Update: 2024-01-03T21:00:24.516862+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Jan 3, 2024
1 parent 1bb9d33 commit 9dbc8a9
Show file tree
Hide file tree
Showing 30 changed files with 1,894 additions and 181 deletions.
71 changes: 64 additions & 7 deletions CVE-2016/CVE-2016-150xx/CVE-2016-15036.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,40 @@
"id": "CVE-2016-15036",
"sourceIdentifier": "[email protected]",
"published": "2023-12-23T20:15:37.930",
"lastModified": "2023-12-25T03:08:09.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T20:48:43.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en Deis Workflow Manager hasta 2.3.2. Ha sido clasificada como problem\u00e1tica. Esto afecta a una parte desconocida. La manipulaci\u00f3n conduce a la condici\u00f3n de ejecuci\u00f3n. La complejidad del ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. La actualizaci\u00f3n a la versi\u00f3n 2.3.3 puede solucionar este problema. El parche se llama 31fe3bccbdde134a185752e53380330d16053f7f. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248847. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "[email protected]",
"type": "Secondary",
Expand Down Expand Up @@ -71,26 +95,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:deis:workflow_manager:*:*:*:*:*:go:*:*",
"versionEndIncluding": "2.3.2",
"matchCriteriaId": "A82C2086-3CC8-4669-B3E1-8453CD63A459"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/deis/workflow-manager/pull/94",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/deis/workflow-manager/releases/tag/v2.3.3",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.248847",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248847",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2022/CVE-2022-436xx/CVE-2022-43675.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2022-43675",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T06:15:08.253",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T20:57:31.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "Se descubri\u00f3 un problema en NOKIA NFM-T R19.9. El XSS reflejado en Network Element Manager existe a trav\u00e9s de /oms1350/pages/otn/cpbLogDisplay a trav\u00e9s del par\u00e1metro filename, en /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay a trav\u00e9s del par\u00e1metro id y en /oms1350/pages/otn/mainOtn a trav\u00e9s de todos los par\u00e1metros."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nokia:network_functions_manager_for_transport:19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1A66D4-19DC-4734-B3C4-5775FB1B1A2D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.gruppotim.it/redteam",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
86 changes: 81 additions & 5 deletions CVE-2023/CVE-2023-246xx/CVE-2023-24609.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-24609",
"sourceIdentifier": "[email protected]",
"published": "2023-12-22T04:15:08.673",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T20:34:37.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,15 +14,91 @@
"value": "Matrix SSL 4.x a 4.6.0 y Rambus TLS Toolkit tienen un desbordamiento de enteros de sustracci\u00f3n de longitud para el an\u00e1lisis de la extensi\u00f3n Client Hello Pre-Shared Key en el servidor TLS 1.3. Un dispositivo atacado calcula un hash SHA-2 en al menos 65 KB (en RAM). Con una gran cantidad de mensajes TLS manipulados, la CPU se carga mucho. Esto ocurre en tls13VerifyBinder y tls13TranscriptHashUpdate."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndIncluding": "4.6.0",
"matchCriteriaId": "69E7A834-680C-47E3-AC27-90C26E8C607F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rambus:tls_toolkit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4ECD2764-A6E2-4A74-9783-779F05DAAE3F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rambus.com/security/software-protocols/tls-toolkit/",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Product"
]
},
{
"url": "https://www.telekom.com/en/company/data-privacy-and-security/news/advisories-504842",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2023/CVE-2023-288xx/CVE-2023-28872.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-28872",
"sourceIdentifier": "[email protected]",
"published": "2023-12-25T07:15:07.893",
"lastModified": "2023-12-26T20:34:16.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T20:35:33.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "Support Assistant en NCP Secure Enterprise Client anterior a 13.10 permite a los atacantes ejecutar archivos DLL con privilegios de SYSTEM creando un enlace simb\u00f3lico desde una ubicaci\u00f3n %LOCALAPPDATA%\\Temp\\NcpSupport*."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ncp-e:secure_enterprise_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.10",
"matchCriteriaId": "D12849E5-A134-4341-9F0D-D005A664C68C"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/en/security-advisories/usd-2022-0006/",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit"
]
}
]
}
Loading

0 comments on commit 9dbc8a9

Please sign in to comment.