Skip to content

Commit

Permalink
Auto-Update: 2024-02-06T21:00:24.562759+00:00
Browse files Browse the repository at this point in the history
  • Loading branch information
@cad-safe-bot
cad-safe-bot committed Feb 6, 2024
1 parent 744a570 commit acd534a
Show file tree
Hide file tree
Showing 54 changed files with 8,532 additions and 217 deletions.
12 changes: 6 additions & 6 deletions CVE-2023/CVE-2023-06xx/CVE-2023-0686.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-0686",
"sourceIdentifier": "[email protected]",
"published": "2023-02-06T20:15:14.367",
"lastModified": "2023-11-07T04:01:13.040",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-06T20:22:59.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand Down Expand Up @@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "3.1",
Expand All @@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "[email protected]",
"type": "Secondary",
"cvssData": {
"version": "2.0",
Expand All @@ -81,8 +81,8 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"type": "Primary",
"source": "[email protected]",
"type": "Secondary",
"description": [
{
"lang": "en",
Expand Down
64 changes: 60 additions & 4 deletions CVE-2023/CVE-2023-24xx/CVE-2023-2439.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-2439",
"sourceIdentifier": "[email protected]",
"published": "2024-01-31T03:15:07.973",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:03:34.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "[email protected]",
"type": "Secondary",
Expand All @@ -38,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.1.6",
"matchCriteriaId": "5E193ACD-B994-430D-B61D-94B63CC92ECB"
}
]
}
]
}
],
"references": [
{
"url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21cb424c-4efd-4c12-a08a-6d574f118c28?source=cve",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Third Party Advisory"
]
}
]
}
64 changes: 60 additions & 4 deletions CVE-2023/CVE-2023-315xx/CVE-2023-31505.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
"id": "CVE-2023-31505",
"sourceIdentifier": "[email protected]",
"published": "2024-01-31T03:15:08.160",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T20:06:30.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
Expand All @@ -14,11 +14,67 @@
"value": "Una vulnerabilidad de carga de archivos arbitrarios en Schlix CMS v2.2.8-1 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un archivo .phtml manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "[email protected]",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schlix:cms:2.2.8-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD764599-E245-4AC9-A9EE-004CB7BA676C"
}
]
}
]
}
],
"references": [
{
"url": "https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31505",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
125 changes: 122 additions & 3 deletions CVE-2023/CVE-2023-393xx/CVE-2023-39302.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,40 @@
"id": "CVE-2023-39302",
"sourceIdentifier": "[email protected]",
"published": "2024-02-02T16:15:47.120",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T19:54:10.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n"
},
{
"lang": "es",
"value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "[email protected]",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "[email protected]",
"type": "Secondary",
Expand Down Expand Up @@ -46,10 +70,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*",
"matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*",
"matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*",
"matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*",
"matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*",
"matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*",
"matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*",
"matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*",
"matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*",
"matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*",
"matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*",
"matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*",
"matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*",
"matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*",
"matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-33",
"source": "[email protected]"
"source": "[email protected]",
"tags": [
"Vendor Advisory"
]
}
]
}
Loading

0 comments on commit acd534a

Please sign in to comment.