-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-02-09T19:00:24.636728+00:00
- Loading branch information
1 parent
37205c4
commit 9e61a57
Showing
37 changed files
with
1,120 additions
and
130 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,7 +2,7 @@ | |
"id": "CVE-2022-26531", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2022-05-24T06:15:09.297", | ||
"lastModified": "2022-06-19T19:15:07.993", | ||
"lastModified": "2024-02-09T18:15:07.930", | ||
"vulnStatus": "Modified", | ||
"descriptions": [ | ||
{ | ||
|
@@ -2042,6 +2042,10 @@ | |
"url": "http://packetstormsecurity.com/files/167464/Zyxel-Buffer-Overflow-Format-String-Command-Injection.html", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "http://packetstormsecurity.com/files/177036/Zyxel-zysh-Format-String-Proof-Of-Concept.html", | ||
"source": "[email protected]" | ||
}, | ||
{ | ||
"url": "http://seclists.org/fulldisclosure/2022/Jun/15", | ||
"source": "[email protected]" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,19 +2,79 @@ | |
"id": "CVE-2022-47072", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-01-31T21:15:08.440", | ||
"lastModified": "2024-02-01T03:18:21.737", | ||
"vulnStatus": "Awaiting Analysis", | ||
"lastModified": "2024-02-09T17:30:53.813", | ||
"vulnStatus": "Analyzed", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.." | ||
}, | ||
{ | ||
"lang": "es", | ||
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Enterprise Architect 16.0.1605 de 32 bits permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro Find en el cuadro de di\u00e1logo Select Classifier." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "HIGH", | ||
"baseScore": 9.8, | ||
"baseSeverity": "CRITICAL" | ||
}, | ||
"exploitabilityScore": 3.9, | ||
"impactScore": 5.9 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-89" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:sparxsystems:enterprise_architect:16.0.1605:*:*:*:*:*:x86:*", | ||
"matchCriteriaId": "70FFDA85-667E-44CE-97E3-9DC10792F118" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"metrics": {}, | ||
"references": [ | ||
{ | ||
"url": "https://github.com/DojoSecurity/Enterprise-Architect-SQL-Injection", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"Exploit", | ||
"Third Party Advisory" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,16 +2,40 @@ | |
"id": "CVE-2023-38020", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-02-02T04:15:08.147", | ||
"lastModified": "2024-02-02T04:58:55.817", | ||
"vulnStatus": "Awaiting Analysis", | ||
"lastModified": "2024-02-09T18:44:32.197", | ||
"vulnStatus": "Analyzed", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to manipulate output written to log files. IBM X-Force ID: 260576." | ||
}, | ||
{ | ||
"lang": "es", | ||
"value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir a un usuario autenticado manipular la salida escrita en archivos de registro. ID de IBM X-Force: 260576." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "LOW", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "LOW", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 4.3, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 1.4 | ||
}, | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
|
@@ -46,14 +70,41 @@ | |
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*", | ||
"versionStartIncluding": "1.0", | ||
"versionEndExcluding": "5.0.3", | ||
"matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260576", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"VDB Entry", | ||
"Vendor Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https://www.ibm.com/support/pages/node/7111679", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"Patch", | ||
"Vendor Advisory" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,16 +2,40 @@ | |
"id": "CVE-2023-38263", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-02-02T04:15:08.360", | ||
"lastModified": "2024-02-02T04:58:55.817", | ||
"vulnStatus": "Awaiting Analysis", | ||
"lastModified": "2024-02-09T18:50:58.027", | ||
"vulnStatus": "Analyzed", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "IBM SOAR QRadar Plugin App 1.0 through 5.0.3 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 260577." | ||
}, | ||
{ | ||
"lang": "es", | ||
"value": "IBM SOAR QRadar Plugin App 1.0 a 5.0.3 podr\u00eda permitir que un usuario autenticado realice acciones no autorizadas debido a controles de acceso inadecuados. ID de IBM X-Force: 260577." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "LOW", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "HIGH", | ||
"baseScore": 8.8, | ||
"baseSeverity": "HIGH" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 5.9 | ||
}, | ||
{ | ||
"source": "[email protected]", | ||
"type": "Secondary", | ||
|
@@ -46,14 +70,40 @@ | |
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:ibm:soar_qradar_plugin_app:*:*:*:*:*:*:*:*", | ||
"versionStartIncluding": "1.0", | ||
"versionEndExcluding": "5.0.3", | ||
"matchCriteriaId": "9AFCF0C1-F204-412B-803A-941397E4F2FA" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260577", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"VDB Entry", | ||
"Vendor Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https://www.ibm.com/support/pages/node/7111679", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"Vendor Advisory" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,8 +2,8 @@ | |
"id": "CVE-2023-39611", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-02-02T10:15:08.153", | ||
"lastModified": "2024-02-02T13:36:23.853", | ||
"vulnStatus": "Awaiting Analysis", | ||
"lastModified": "2024-02-09T18:21:06.240", | ||
"vulnStatus": "Analyzed", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
|
@@ -14,11 +14,67 @@ | |
"value": "Un problema en Software FX Chart FX 7 versi\u00f3n 7.0.4962.20829 permite a los atacantes enumerar y leer archivos del sistema de archivos local mediante el env\u00edo de solicitudes web manipuladas." | ||
} | ||
], | ||
"metrics": {}, | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "NONE", | ||
"availabilityImpact": "NONE", | ||
"baseScore": 7.5, | ||
"baseSeverity": "HIGH" | ||
}, | ||
"exploitabilityScore": 3.9, | ||
"impactScore": 3.6 | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-22" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:softwarefx:chart_fx:7.0.4962.20829:*:*:*:*:*:*:*", | ||
"matchCriteriaId": "8F2FF298-DE83-430D-918E-242568BC19B0" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://medium.com/%40arielbreisacher/my-chart-fx-7-software-investigation-journey-leading-to-a-directory-traversal-vulnerability-067cdcd3f2e9", | ||
"source": "[email protected]" | ||
"source": "[email protected]", | ||
"tags": [ | ||
"Exploit", | ||
"Third Party Advisory" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
{ | ||
"id": "CVE-2023-50291", | ||
"sourceIdentifier": "[email protected]", | ||
"published": "2024-02-09T18:15:08.240", | ||
"lastModified": "2024-02-09T18:15:08.240", | ||
"vulnStatus": "Received", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "Insufficiently Protected Credentials vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.\nOne of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had \"password\" contained in the name.\nThere are a number of sensitive system properties, such as \"basicauth\" and \"aws.secretKey\" do not contain \"password\", thus their values were published via the \"/admin/info/properties\" endpoint.\nThis endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.\n\nThis /admin/info/properties endpoint is protected under the \"config-read\" permission.\nTherefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the \"config-read\" permission.\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.\nA single option now controls hiding Java system property for all endpoints, \"-Dsolr.hiddenSysProps\".\nBy default all known sensitive properties are hidden (including \"-Dbasicauth\"), as well as any property with a name containing \"secret\" or \"password\".\n\nUsers who cannot upgrade can also use the following Java system property to fix the issue:\n\u00a0 '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'\n\n" | ||
} | ||
], | ||
"metrics": {}, | ||
"weaknesses": [ | ||
{ | ||
"source": "[email protected]", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-522" | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://solr.apache.org/security.html#cve-2023-50291-apache-solr-can-leak-certain-passwords-due-to-system-property-redaction-logic-inconsistencies", | ||
"source": "[email protected]" | ||
} | ||
] | ||
} |
Oops, something went wrong.