diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json index 459ef62f161..12af4ff5c32 100644 --- a/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json +++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0686", "sourceIdentifier": "cna@vuldb.com", "published": "2023-02-06T20:15:14.367", - "lastModified": "2023-11-07T04:01:13.040", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T20:22:59.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,8 +81,8 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", - "type": "Primary", + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2439.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2439.json index c98a7b8bbaf..bd8839cbbe4 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2439.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2439", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-31T03:15:07.973", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:03:34.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:userproplugin:userpro:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.1.6", + "matchCriteriaId": "5E193ACD-B994-430D-B61D-94B63CC92ECB" + } + ] + } + ] + } + ], "references": [ { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/21cb424c-4efd-4c12-a08a-6d574f118c28?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json index 6fae6f2e244..aaafc0aaae0 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31505.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31505", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T03:15:08.160", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:06:30.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una vulnerabilidad de carga de archivos arbitrarios en Schlix CMS v2.2.8-1 permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un archivo .phtml manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:schlix:cms:2.2.8-1:*:*:*:*:*:*:*", + "matchCriteriaId": "FD764599-E245-4AC9-A9EE-004CB7BA676C" + } + ] + } + ] + } + ], "references": [ { "url": "https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31505", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39302.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39302.json index 84a2d00887b..d62083473de 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39302.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39302.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39302", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:47.120", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:54:10.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,105 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-33", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39303.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39303.json index 16f0ddd031a..3476b1c7316 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39303.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39303.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39303", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:47.323", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:57:03.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de autenticaci\u00f3n incorrecta afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios comprometer la seguridad del sistema a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,105 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-33", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41273.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41273.json index 11eda5f1a51..b620e9c69c7 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41273.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41273.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41273", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:47.527", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:53:21.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +84,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41274.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41274.json index e915fda2fbe..39b6517b154 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41274.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41274.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41274", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:47.730", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:57:39.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de desreferencia de puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41275.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41275.json index f2731910f0d..c7429c7b6ba 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41275.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41275.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41275", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:47.923", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:53:40.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores " } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41276.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41276.json index 08ee6fb0ee8..87f1b05715c 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41276.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41276.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41276", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:48.143", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:33:15.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41277.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41277.json index 58942ef6f34..86c7e08982a 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41277.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41277.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41277", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:48.337", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:38:17.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41278.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41278.json index 2eb5ff785e6..d8f20bc6e07 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41278.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41278.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41278", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:48.527", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:38:30.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41279.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41279.json index 05c56e9ecc6..48acfaed314 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41279.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41279.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41279", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:48.730", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:10:17.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41280.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41280.json index 06294ac5d0a..1ea74e163df 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41280.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41280.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41280", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:48.940", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:10:07.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.2.2533 build 20230926 and later\nQuTS hero h5.1.2.2534 build 20230927 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.2.2533 build 20230926 y posteriores QuTS hero h5.1.2.2534 build 20230927 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,95 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:-:*:*:*:*:*:*", + "matchCriteriaId": "68A99623-CAF5-404E-84E5-73B75F5C0651" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:-:*:*:*:*:*:*", + "matchCriteriaId": "8F7CBA06-2712-4BF8-81AD-EE7B0B0DB46A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-38", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41281.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41281.json index 2e3a8d2d6c4..70cd177c997 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41281.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41281.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41281", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:49.137", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:09:50.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security@qnapsecurity.com.tw", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +84,115 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:*:*:*:*:*:*:*", + "matchCriteriaId": "F860CFD5-3B84-46F2-8596-9CF3D3305DB1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*", + "matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-53", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41282.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41282.json index 831d6815b77..fc01bd177bd 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41282.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41282.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41282", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:49.327", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:09:20.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +84,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-53", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41283.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41283.json index 082f3757a5d..4e052199602 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41283.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41283.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41283", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:49.523", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:08:43.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +74,115 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:-:*:*:*:*:*:*", + "matchCriteriaId": "632DA602-2920-4418-B6E3-1AA9EA671FD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*", + "matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-53", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-412xx/CVE-2023-41292.json b/CVE-2023/CVE-2023-412xx/CVE-2023-41292.json index af99a521eb0..5b77916a209 100644 --- a/CVE-2023/CVE-2023-412xx/CVE-2023-41292.json +++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41292.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41292", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:49.713", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:05:45.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 build 20231128 y posteriores QuTS hero h5.1.4.2596 build 20231128 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,115 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:-:*:*:*:*:*:*", + "matchCriteriaId": "632DA602-2920-4418-B6E3-1AA9EA671FD4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:-:*:*:*:*:*:*", + "matchCriteriaId": "4A2A0A37-D0A4-4801-BED4-D367188EFF00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-46", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43756.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43756.json index d01423d796f..fc361f81f67 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43756.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43756.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43756", "sourceIdentifier": "scy@openharmony.io", "published": "2024-02-02T07:15:08.890", - "lastModified": "2024-02-02T13:36:31.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:58:28.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "scy@openharmony.io", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openharmony:openharmony:*:*:*:*:-:*:*:*", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "86CDAE84-BD14-434C-8CAC-1262E5E4B7CE" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md", - "source": "scy@openharmony.io" + "source": "scy@openharmony.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45026.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45026.json index 0bdf765efec..70e3b4ed961 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45026.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45026.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45026", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:50.110", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:04:57.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de path traversal afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-02", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45027.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45027.json index 1af18128ae2..86873cb1bae 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45027.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45027.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45027", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:50.303", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:19:44.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de path traversal afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-02", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45028.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45028.json index 7b5bbaf3088..39a7635e761 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45028.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45028.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45028", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:50.500", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:19:17.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de consumo de recursos incontrolado afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security@qnapsecurity.com.tw", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + }, + { + "source": "security@qnapsecurity.com.tw", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,10 +84,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-02", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45036.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45036.json index fab3699308e..79ac9a213e0 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45036.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45036.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45036", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:51.103", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:18:45.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,105 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-46", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-450xx/CVE-2023-45037.json b/CVE-2023/CVE-2023-450xx/CVE-2023-45037.json index ff4c8565892..d24a348627a 100644 --- a/CVE-2023/CVE-2023-450xx/CVE-2023-45037.json +++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45037.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45037", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:51.493", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:18:34.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 build 20231110 y posteriores QuTS hero h5.1.3.2578 build 20231110 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,105 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "34ACC24E-E1E8-4014-8DF7-9A85F3D45FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*", + "matchCriteriaId": "53222633-E4D8-453D-9A0E-E170CC163D0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-46", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47566.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47566.json index 3ad1bf7bfbc..eade5d625bc 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47566.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47566.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47566", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:52.473", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:18:26.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\nQuTScloud c5.1.5.2651 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores QuTScloud c5.1.5.2651 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-04", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50359.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50359.json index 120bac2cbdb..49b29ae7df8 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50359.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50359.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50359", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2024-02-02T16:15:53.073", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:18:14.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An unchecked return value vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated administrators to place the system in a state that could lead to a crash or other unintended behaviors via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.5.2645 build 20240116 and later\nQuTS hero h5.1.5.2647 build 20240118 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de valor de retorno no verificada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados colocar el sistema en un estado que podr\u00eda provocar una falla u otros comportamientos no deseados a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.5.2645 compilaci\u00f3n 20240116 y posteriores QuTS hero h5.1.5.2647 compilaci\u00f3n 20240118 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +80,125 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*", + "matchCriteriaId": "39382CBA-EA68-426A-AC07-A9A26E722CAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*", + "matchCriteriaId": "BCB37C08-1DF7-4AF4-9BB1-C562E5643B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*", + "matchCriteriaId": "8368130C-F26D-41FE-8D78-B103A23B5327" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*", + "matchCriteriaId": "3E0EE181-78AF-4C3C-90A4-C69A2DE6E176" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "56E3AE06-78DA-4844-ADC1-09A35F1C5B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*", + "matchCriteriaId": "D2AA7A32-0DA8-4417-A23E-C4F563BC7819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*", + "matchCriteriaId": "80E7C17C-ED6D-439D-A1F3-1870A3ADA926" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "636C2D9C-C837-4FAC-B79D-1CA7A7C1FF3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "866B455B-0266-4990-920B-A06756ED5A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.1.5.2645:-:*:*:*:*:*:*", + "matchCriteriaId": "F39AD4D1-B99D-4724-AF31-A04209C43D1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*", + "matchCriteriaId": "6CA398A8-EBDF-4D41-B15E-7B763F885021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*", + "matchCriteriaId": "F63A5ED2-ECC2-49A0-BFA9-548E35ACD6C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*", + "matchCriteriaId": "53387FAC-7BE0-47D7-99BF-2B1F03C17CC3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*", + "matchCriteriaId": "D4226394-0023-4CD2-BB89-77251BF92FF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*", + "matchCriteriaId": "646257F7-D4A4-43B0-91F2-7850338B3CA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*", + "matchCriteriaId": "88825AE1-B006-4F7F-BD90-D4B1CF1251A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*", + "matchCriteriaId": "3F471666-4919-4770-956E-ACE4C55D29DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*", + "matchCriteriaId": "9573F671-D49E-438A-B72C-DFC390A79093" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:-:*:*:*:*:*:*", + "matchCriteriaId": "4A99570F-1F53-4E24-A3B0-F8BA3C5A4363" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*", + "matchCriteriaId": "C50B05E2-8F25-4CA7-84FE-F5C510C83FE1" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-24-07", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51520.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51520.json index a8bf64a5fd8..cdbaf0c413e 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51520.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51520.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51520", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T12:15:54.100", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:20:11.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPdevelop / Oplugins WP Booking Calendar allows Stored XSS.This issue affects WP Booking Calendar: from n/a before 9.7.4.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WPdevelop/Oplugins WP Booking Calendar permite XSS almacenado. Este problema afecta a WP Booking Calendar: desde n/a antes de 9.7.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpbookingcalendar:booking_calendar:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "9.7.4", + "matchCriteriaId": "67AD9C8A-BEB3-49B3-8B3F-E656F2563CD1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/booking/wordpress-booking-calendar-plugin-9-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52175.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52175.json index 65216db6b97..1d5e0511708 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52175.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52175.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52175", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:08.580", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:46:18.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Uno (miunosoft) Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin allows Stored XSS.This issue affects Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin: from n/a through 5.1.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Michael Uno (miunosoft) Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin permite XSS almacenado. Este problema afecta Auto Amazon Links \u2013 Amazon Associates Affiliate Plugin: desde n/ a hasta 5.1.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:michaeluno:auto_amazon_links:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.1.2", + "matchCriteriaId": "11A3D66D-D5C2-4DFB-9B31-5C938EA63DE7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/amazon-auto-links/wordpress-auto-amazon-links-amazon-associates-affiliate-plugin-5-0-5-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6676.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6676.json index 7150e396c50..42c9a27d28f 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6676.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6676.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6676", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-02-02T13:15:09.497", - "lastModified": "2024-02-02T13:36:23.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:51:50.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-0080", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6909.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6909.json index f6d4c93bb9f..c6f25304f09 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6909.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6909.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6909", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-18T04:15:52.367", - "lastModified": "2023-12-20T04:07:34.867", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T20:16:01.753", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -43,20 +43,20 @@ "type": "Secondary", "cvssData": { "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "LOW", + "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 9.3, - "baseSeverity": "CRITICAL" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 4.7 + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json index f59d61a97e7..ee6993e1395 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6915", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-15T10:15:26.627", - "lastModified": "2024-02-06T15:15:08.610", - "vulnStatus": "Modified", + "lastModified": "2024-02-06T19:58:45.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 5.5, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 1.8, "impactScore": 3.6 }, { diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6975.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6975.json index f9a61fe774c..0f332a7e3b8 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6975.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6975.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6975", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-20T06:15:45.553", - "lastModified": "2023-12-29T16:39:54.763", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-06T20:16:02.677", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -43,20 +43,20 @@ "type": "Secondary", "cvssData": { "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 10.0, + "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, - "impactScore": 6.0 + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json index b11e2165cbd..36ce0529b87 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7225.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7225", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-30T08:15:40.090", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:12:27.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mappresspro:mappress_maps_for_wordpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.88.16", + "matchCriteriaId": "BE254911-09FD-4E7D-BA0F-A0EDE608C52E" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisory.abay.sh/cve-2023-7225/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3023266%40mappress-google-maps-for-wordpress%2Ftrunk&old=3022439%40mappress-google-maps-for-wordpress%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fce76126-0cfd-464f-b644-45d4301e958d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json index d2f8ec4db29..75eb72ee080 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1048", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-06T18:15:59.250", - "lastModified": "2024-02-06T18:15:59.250", + "lastModified": "2024-02-06T19:15:09.083", "vulnStatus": "Received", "descriptions": [ { @@ -17,23 +17,35 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", - "userInteraction": "REQUIRED", - "scope": "CHANGED", + "userInteraction": "NONE", + "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", - "baseScore": 3.2, + "baseScore": 3.3, "baseSeverity": "LOW" }, - "exploitabilityScore": 1.5, + "exploitabilityScore": 1.8, "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/02/06/3", diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1069.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1069.json index 52ff69e33cc..f83b76b437c 100644 --- a/CVE-2024/CVE-2024-10xx/CVE-2024-1069.json +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1069.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1069", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-31T03:15:08.573", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:11:52.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,18 +58,58 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:crmperks:database_for_contact_form_7\\,_wpforms\\,_elementor_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "E570814A-D626-40C4-8F04-8E9953B0A622" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json index f290dd9dedf..2a14768a2bf 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1196.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1196", "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-02T22:15:25.997", - "lastModified": "2024-02-03T00:07:59.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:57:49.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester Testimonial Page Manager 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo add-testimonial.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento nombre/descripci\u00f3n/testimonio conduce a Cross-Site Scripting. El ataque se puede iniciar de forma remota. VDB-252694 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,14 +95,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:testimonial_page_manager:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6031C8F3-826A-4CD4-A296-FEC8EC9E2883" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.252694", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.252694", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1254.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1254.json new file mode 100644 index 00000000000..3d77fadce8f --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1254.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1254", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T19:15:09.747", + "lastModified": "2024-02-06T19:15:09.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252993", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252993", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1255.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1255.json new file mode 100644 index 00000000000..49ef5afe6bb --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1255.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2024-1255", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T19:15:10.270", + "lastModified": "2024-02-06T19:15:10.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.252994", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252994", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1256.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1256.json new file mode 100644 index 00000000000..e6ba6cac384 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1256.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1256", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T20:16:02.943", + "lastModified": "2024-02-06T20:16:02.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252995", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252995", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1257.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1257.json new file mode 100644 index 00000000000..3016eb19c3a --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1257.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1257", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T20:16:03.213", + "lastModified": "2024-02-06T20:16:03.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252996", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252996", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20263.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20263.json index c1459c42920..9292355f696 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20263.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20263.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20263", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-01-26T18:15:11.163", - "lastModified": "2024-02-02T16:15:54.033", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T19:23:20.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -50,10 +80,4162 @@ ] } ], - "references": [ + "configurations": [ { - "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk", - "source": "ykramarz@cisco.com" + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8t-d_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "5A659AD5-78B5-462B-B27C-C87AF833C211" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8t-d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "787FE6D6-FB71-4EE7-BAA3-B257E0EB0607" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8pp-d_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "FCDFB8FF-0A49-4119-AFB2-BD1BE557F1F5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8pp-d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "467DA378-DC53-41A3-82E3-5F523288E975" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "4682CC3A-E07A-4926-9300-4DA146B91D75" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "078F6384-2A21-478E-B76C-D9AE2D4C06A2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8pp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "43906251-317F-4E0A-B39D-169E51D37B82" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8pp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29E83FE7-D299-4F10-9E33-4EB4B0567E86" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "1F226B0B-0493-4FE9-AC97-6B65CF7F6137" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C5CAD52-9DDF-4E74-9C74-24DD02BB62E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8fp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "BE54EE7F-DE85-4D1C-A56A-8DE0E69CD992" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8fp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF2792C-01F4-46E4-9A5E-2A04E591B43C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-16t-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "FE305262-6204-4337-A267-8ED645AD1829" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-16t-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FB071D-C328-42D0-8E35-E8DA3069752B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-16p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "5617767C-6628-4EB4-9277-8766FBDE97C5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-16p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD72FB3C-0811-4430-B41A-6BBBA7B4CCA5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "482313C7-1A5F-48B3-BC16-5424C3D863FD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9238C5D0-3669-43B2-B607-438DF91D59AC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24pp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "2947E625-B9B3-4CDC-8490-5F276D672506" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24pp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10104319-849F-4222-89B0-EB156501BD78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C7E57BDA-B38B-41F0-B7C8-A18FEF1373CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53F23B36-32EA-4098-900F-2D301E74B347" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "5D55FBBE-68D0-473D-A18B-71BB373706FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFFDD736-5FD6-4F3D-863F-65E702341047" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C34E0D6A-EF82-406E-A131-D232FB8B123F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7A1AF4C4-8D03-49B6-96D3-18B00BD7ED8C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48pp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "CB348CB7-242D-4594-B8D5-7D296B8942D7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48pp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CCC8EEA-5EC5-4681-9204-89E5EDA8EA40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "637B5337-14C2-428E-AF54-E0C18D7CE1F8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "928CD92D-90D3-4829-BB6D-DF303ABE1DAD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C731291A-CA83-44A8-A25E-728AD7CA8666" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "773700CE-6952-437E-AA77-AA0E32EB1F62" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "6E0EB978-158C-49A4-A7D1-4A8DAEA96FD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AEF792-BC15-4799-8496-0FE9220A25A6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "3E87CA26-69CB-499D-BCA8-57FAC37B15C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E20CD1AA-E7EF-403A-AC6E-C5B750019D5E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "8FF3ABDD-FEC5-4AEA-9A3B-48083A720B3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8077ED8C-BD4B-468F-A3C6-BC300E1C9646" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "DB1E3EE9-30F5-4F0B-8C2C-81BFFAEC6D28" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7ABC4E71-4943-4B6F-BAC6-603F91E41674" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "5BA4CF2B-E0B9-4AC8-AAD4-01F29D61AF30" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42D91C60-E72B-4C86-A19E-443184EDBE8E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "6E313A59-8682-4A35-B437-DFF5F98E71B9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A429AEC-5692-428D-8DC7-47EC9081825C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "B9B9D2F7-7587-432F-9AE4-D99FBE37F228" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7ACDE44-E156-4B20-82C0-8AA86EAF9947" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8fp-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "F88ED7FA-D218-4C01-BB36-B21E5E5E381A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8fp-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E473B29F-001A-4697-B22C-16B1C519B117" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8fp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "EE17F0C0-C160-49E5-B056-F9566C8688B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8fp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "061925BB-B740-4CDD-97D9-52A24B5E7F77" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8s-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "45827BDE-A779-434D-BFF6-D64EC2FCA567" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8s-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAF2A0B8-CF29-4033-B365-DC3802630A0E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16t-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "86574B6D-08A6-4C4A-A5C3-1BC8CF7DA323" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16t-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD62CB7E-A9D1-435C-AC1F-5878346A2474" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "0596D387-D9AE-46C1-ABDF-0CA04752EE94" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27C4F998-F84A-43AC-BD8A-E9370DA959B1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "1745C77C-D1A8-4826-8736-B356FF315FA8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F796947E-079C-4CA9-821A-D8E3139CF064" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "ED3C2F09-8C78-4F6D-B6EC-BAAD4149D48B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D517CD55-7100-4BBC-A361-61C7118D2F8A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16fp-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "9851D14B-7759-4683-BDAC-CFEEEFC73BE1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16fp-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "570B5694-B948-4689-BB37-E4428F396E2B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "6436BBDD-9356-44F6-8156-4764AABC83A1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8D3F59C-1F94-466C-A901-E4EF3E1D51BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "80CED0A9-EF9D-4ABF-9D58-0C92E6D42F65" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFB9E0B8-BD07-499C-8E39-1E21666CAE4F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "39737747-349D-4091-9D19-2011B8D0EA30" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A1A0BBD-D02D-49BA-99CA-BE2F92C6BBA8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24s-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "374E2084-D020-4122-B84B-026F583E779F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24s-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7EDFA3F-5AE1-4602-AC1C-26AB78256A9B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "86BDAE91-41D0-4769-8708-FFEDB6650EB7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE5689D5-2EE2-41A6-97C2-D1D684C19DCB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "1B9D456B-500A-414A-A51E-1D8531BFB7B7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A248F084-EF8E-4703-914C-D62CECF64C83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "45F74831-8BB5-4E18-91CD-F870EE74B09E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9780CC5B-8357-4983-BA77-6DA3A10BE17E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "849511DF-DA9D-4846-AEE5-69D02D36214E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92907A6F-6ECF-427F-A1C5-F8FD161E4925" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C5445BC6-58DD-4AE1-8736-A61F8C4C0BFD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8B5771C-ED94-40DD-BEDF-EC64782644D8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "4D13B47D-984A-49AD-95F5-8C1320DEA6AD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "32F6219A-7241-47A5-8933-FA9E57EEA3DE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "3AB76B67-9267-407E-B97B-F77E2577499A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E69FF5C-991F-4EBD-B291-3E9A8D00B290" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "747BEC37-BA06-4341-82E2-EB89CD8E2754" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C5AA9C3F-EC1B-476D-9342-E71E6F893D0B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "987B15F1-5CAD-4902-9AFF-B86E9414FE56" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E252BF3-445A-4BCD-A48E-C7196C401074" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8mgp-2x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "45A87294-0B16-450A-A526-12DF07449D9D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8mgp-2x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "432D6474-3F30-4DD1-8762-8B9968105BBD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8mp-2x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C39F9882-2867-4F00-A932-2C8BA443A552" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8mp-2x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "50C1887E-EA16-4FC0-A8F7-602DCA8E4928" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24mgp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "A0426497-E3BE-4F78-9D5C-C8059D3636A7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24mgp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A32C9F0-4138-4C28-B817-5F7507ED0811" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12np-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "51A80326-8DB7-4DD5-993B-246010B19B83" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12np-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8233545-9562-4ABC-BBE3-01B48DCBAC6F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24ngp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "C7ED5466-A5FF-482F-A660-BECA4BA2EDBD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24ngp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C99BEA9-45C9-4E69-A3E4-24E0D9109C1C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48ngp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "819C9127-0A3E-451E-A761-45650020978B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48ngp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C08767A1-BE20-4522-9290-427C0E132013" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "B3EB14E8-4C67-4990-84B6-84EBB52814A2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76D8689B-2E1B-4AF4-8540-60615D28F846" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12xs_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "B9D5AE7B-EC03-4432-BD79-4E12E896B5C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AAFA53-D006-4F3F-A8EB-7EF371851666" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "D6AD488F-56A2-4A2E-B49A-C2A78AAA7DF1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6100B6A-C4A3-4AC2-B256-650A8A68FEAF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16xts_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "8933FA24-8A1B-4BC6-B0AA-15AE148FD8DB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16xts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C6E96F5-6E46-4CDC-8AC6-2293054ECA52" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xs_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "F1195B9B-FC94-4845-9954-41C50219C9FC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F7C7939-E2DB-4213-8805-0DC32B3A414D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "49C55A4C-AB28-4017-8694-32118A77D25F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C12A0F6E-506C-4DA8-8036-F3E0807D70E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xts_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "A9E32448-23E1-4DDA-8A2E-2774A38A5BC2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E94BC84-0054-4E8D-BC36-0567F29A8FC0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48xt-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.4", + "versionEndExcluding": "3.4.0.17", + "matchCriteriaId": "5B703E54-51B2-48B0-A1CB-F2935D02CE96" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48xt-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A2EF516-F859-4B9F-8CC7-4FE6CBB4906F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8t-d_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "D728A354-5C84-45FD-B397-311104716094" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8t-d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "787FE6D6-FB71-4EE7-BAA3-B257E0EB0607" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8pp-d_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "0261CD8C-9143-419B-ABB2-AF774D63C2B3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8pp-d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "467DA378-DC53-41A3-82E3-5F523288E975" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "36010DCE-9047-4807-989B-51C0FBE3C115" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "078F6384-2A21-478E-B76C-D9AE2D4C06A2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8pp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "B9F003C0-86D9-4FA7-B7F3-71351E2EC689" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8pp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29E83FE7-D299-4F10-9E33-4EB4B0567E86" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "25C56553-F222-410C-9EA8-62721DF9B08A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C5CAD52-9DDF-4E74-9C74-24DD02BB62E0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-8fp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "2B40383C-0506-44C3-A27C-66AD35087F17" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-8fp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CCF2792C-01F4-46E4-9A5E-2A04E591B43C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-16t-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndIncluding": "2.5.9.54", + "matchCriteriaId": "85E449E5-F7A4-46ED-83F8-180F52969DC5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-16t-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FB071D-C328-42D0-8E35-E8DA3069752B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-16p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "DF736522-6048-4946-ADE7-BB1411127E83" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-16p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD72FB3C-0811-4430-B41A-6BBBA7B4CCA5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5D94E4F9-1D01-458F-B05E-372E70AB6CE3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9238C5D0-3669-43B2-B607-438DF91D59AC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24pp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "4A642F42-D874-455B-A6E6-0A75E5B7D90B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24pp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10104319-849F-4222-89B0-EB156501BD78" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "883A44C8-64C5-47A2-98EA-D7A9A132EEE0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53F23B36-32EA-4098-900F-2D301E74B347" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "39276E13-8780-445A-9A29-D11808C06730" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DFFDD736-5FD6-4F3D-863F-65E702341047" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "9B286E9C-B4B5-48F1-9218-672CE4B3DC51" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7A1AF4C4-8D03-49B6-96D3-18B00BD7ED8C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48pp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "FE56475D-6731-4CC4-B037-7AF1223B05A7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48pp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CCC8EEA-5EC5-4681-9204-89E5EDA8EA40" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "348AC691-CF22-4491-9394-9EA7F80D12B9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "928CD92D-90D3-4829-BB6D-DF303ABE1DAD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "E804145C-4593-43FC-9124-C0BE00591D1D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "773700CE-6952-437E-AA77-AA0E32EB1F62" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "B9C7E412-8B53-4058-93E6-24438060835B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AEF792-BC15-4799-8496-0FE9220A25A6" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-24fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "D275C9B5-CE26-4BD1-82B4-767100EA943E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-24fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E20CD1AA-E7EF-403A-AC6E-C5B750019D5E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5D2ED9D6-D4B0-46F5-8001-F942FD6FA45E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8077ED8C-BD4B-468F-A3C6-BC300E1C9646" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs250-48p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "947B5681-B1D8-4780-B568-2AB48E7D2515" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs250-48p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7ABC4E71-4943-4B6F-BAC6-603F91E41674" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "849D6DAB-6AB6-464E-AE6A-361C5AD7CA70" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "42D91C60-E72B-4C86-A19E-443184EDBE8E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "CC6645E0-9DDB-4565-9F1D-DB6224BF66C8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A429AEC-5692-428D-8DC7-47EC9081825C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "BCF80B45-17B9-4F5C-800E-C0672E254C54" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7ACDE44-E156-4B20-82C0-8AA86EAF9947" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8fp-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "56AADBD3-26C6-4391-9FFC-BBDE700AED84" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8fp-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E473B29F-001A-4697-B22C-16B1C519B117" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8fp-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "099960E8-F712-4055-9016-885626E55366" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8fp-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "061925BB-B740-4CDD-97D9-52A24B5E7F77" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8s-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "B723E90C-97D0-4B2A-A5C9-F3B7669C1C2A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8s-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EAF2A0B8-CF29-4033-B365-DC3802630A0E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16t-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "B0B04E4A-F172-4CD1-B4F9-73702CA60CE7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16t-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD62CB7E-A9D1-435C-AC1F-5878346A2474" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16t-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "DE3BB1F3-3CB2-43B9-B4A2-95101DDB2942" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16t-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "27C4F998-F84A-43AC-BD8A-E9370DA959B1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16p-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "BC896DAE-0772-4AE4-BCA1-5653CCDEA11C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16p-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F796947E-079C-4CA9-821A-D8E3139CF064" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16p-e-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "E63BE9E0-4455-4C7A-ABF1-D0690C5124AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16p-e-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D517CD55-7100-4BBC-A361-61C7118D2F8A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16fp-2g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "6CABD70C-1B2A-4449-830F-5FE95726583F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16fp-2g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "570B5694-B948-4689-BB37-E4428F396E2B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "7662F12B-7409-4739-9BA4-B81C32C22256" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8D3F59C-1F94-466C-A901-E4EF3E1D51BB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "EB722856-7B3E-40EC-AB38-8A2E01A7701F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFB9E0B8-BD07-499C-8E39-1E21666CAE4F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "E9098FA6-612F-4717-8865-36B359F860D1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A1A0BBD-D02D-49BA-99CA-BE2F92C6BBA8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24s-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "61D0FBA7-4EB9-44BF-AA60-FD5717CA7AD1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24s-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7EDFA3F-5AE1-4602-AC1C-26AB78256A9B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48t-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "94C83557-2BCA-4BED-AEBE-465B1CBA26CC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48t-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE5689D5-2EE2-41A6-97C2-D1D684C19DCB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48p-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "6DFFE2D6-41DF-4BCC-ABC1-5413165C455E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48p-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A248F084-EF8E-4703-914C-D62CECF64C83" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48fp-4g_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "C4E7F1A8-BADB-4277-AA5A-F22FD6021A0A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48fp-4g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9780CC5B-8357-4983-BA77-6DA3A10BE17E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "6F48C293-D370-47A6-8E84-62430F8F807B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "92907A6F-6ECF-427F-A1C5-F8FD161E4925" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "1ADEF1FA-092A-4B14-8C87-1791CA86A0D5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8B5771C-ED94-40DD-BEDF-EC64782644D8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "3C71803B-8B9B-4882-B753-A8430F6A1993" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "32F6219A-7241-47A5-8933-FA9E57EEA3DE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48t-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "4A3A625A-536D-4806-BC08-CEF644CAB802" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48t-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E69FF5C-991F-4EBD-B291-3E9A8D00B290" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48p-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "A294A513-6ED3-47C8-B5B7-ADC13C17F0AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48p-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C5AA9C3F-EC1B-476D-9342-E71E6F893D0B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48fp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5098BFE6-4780-485D-9C8C-90717E3817E4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48fp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E252BF3-445A-4BCD-A48E-C7196C401074" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8mgp-2x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "AE086E32-AC52-460E-98BD-C8F0D706FF02" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8mgp-2x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "432D6474-3F30-4DD1-8762-8B9968105BBD" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8mp-2x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "74657C7A-F2B7-48E7-A350-9B0F2ACA3151" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8mp-2x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "50C1887E-EA16-4FC0-A8F7-602DCA8E4928" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24mgp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "92A3DB88-AB7B-4361-89B2-3FB650DC1190" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24mgp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A32C9F0-4138-4C28-B817-5F7507ED0811" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12np-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5A0F561F-EB9A-425F-8698-B5BC21C2224D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12np-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A8233545-9562-4ABC-BBE3-01B48DCBAC6F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24ngp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "54114DF6-150C-4CB2-AC53-052B59CF15F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24ngp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C99BEA9-45C9-4E69-A3E4-24E0D9109C1C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48ngp-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5789F625-3FC2-4F7D-932A-8D701276D411" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48ngp-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C08767A1-BE20-4522-9290-427C0E132013" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-8xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "1B2D1D6A-B52A-42C7-8A4E-E95F6A221056" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-8xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76D8689B-2E1B-4AF4-8540-60615D28F846" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12xs_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "07809E2E-0928-4C9A-8FDF-96FE2CA34A6D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AAFA53-D006-4F3F-A8EB-7EF371851666" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-12xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "81695883-0907-47AD-8DD4-D477B8502DD4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-12xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B6100B6A-C4A3-4AC2-B256-650A8A68FEAF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-16xts_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "70B32D3D-5913-4EA8-9BDF-F702881426FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-16xts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C6E96F5-6E46-4CDC-8AC6-2293054ECA52" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xs_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "CC671FC7-AC1C-44A9-884C-CC09FBD3CB8E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F7C7939-E2DB-4213-8805-0DC32B3A414D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xt_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "DD52161D-3FC0-4CFC-90A3-EF932B73486C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xt:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C12A0F6E-506C-4DA8-8036-F3E0807D70E1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-24xts_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "46BE25C7-CD06-42D5-A06C-F6146702F38B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-24xts:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E94BC84-0054-4E8D-BC36-0567F29A8FC0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:cbs350-48xt-4x_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "EE6660C0-934D-429A-B7E1-78A1D306D257" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:cbs350-48xt-4x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3A2EF516-F859-4B9F-8CC7-4FE6CBB4906F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350xg-2f10_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "8F7FFBA1-43EA-4499-8C04-2B37C0DC340D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350xg-2f10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3C65522C-E250-408C-8A89-AFE4909804D4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350xg-24f_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "5D44145D-C118-4D8E-8416-6EB4182AF147" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350xg-24f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F9620FE5-567B-4B78-910D-14819E2CDE3B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350xg-24t_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "4C49BABE-96AF-424B-A19F-8DCC0DF9FBD0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350xg-24t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2EEA8A38-C545-49AA-812F-8668EED9B23D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350xg-48t_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "87FAC1D3-75D0-4BB2-9C6F-79E6E56D3EC4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350xg-48t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4F986FD6-A139-43CA-9D83-40CAA8D62B32" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-24_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "27178CD5-5586-4151-8156-BE2D99C4603E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB21D371-D443-40FE-8DFF-3DD4A9655471" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-24p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "F2DBFDE5-7FE1-4D50-A3CE-5C08B779FD5B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06FC4FC7-5DF4-4FE5-87A5-3B897FAFD72E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-24mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "CF1E3C4E-62C5-49CE-A940-CEC5BC311F95" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9879BE9-D4FA-4EEA-8852-B972299220E3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-48_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "64432860-91E1-4147-8B73-C6EA8063852F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "613300D2-A079-415A-B9F7-178B8048AA61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-48p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "4B80976A-3143-4BA5-8538-3A6F697B738C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8CA11905-1953-4EEB-95CE-3BDB619D0F72" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg350x-48mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "99175C34-FB08-4E78-85F4-7AAAE8A40943" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg350x-48mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76D1DE6B-6E09-40CF-9507-867ECB183A30" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550xg-8f8t_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "A7215D68-7C95-4351-9E00-80E8C9D95E1F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550xg-8f8t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "768205F9-D999-4A61-BF35-C1018B9F4148" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550xg-24f_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "9CB4A7BD-DAEA-4964-8328-A66DA2B09CC1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550xg-24f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7B5282B1-BC6C-4816-98EA-D8C6A1F1028D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550xg-24t_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "26B6E962-F735-4C51-A5E6-E990F0B23888" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550xg-24t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D45D462A-CD9B-4AF6-8B5F-95A7629B7A30" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-48t_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "E3AE32B0-C7B7-4E20-B0C8-F12C9658F824" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-48t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FB8907AC-A093-4DC4-BA03-770DEDD2991A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-24_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "2D0843A8-0CF2-44C4-AEE0-90264FBDDD47" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7ADB1D69-CBDC-4045-A806-087878560EF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-24p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "32E46B4E-E250-4AC8-B4B6-C5E590E8336A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "81B88075-F579-492C-B87C-5E4291D269B2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-24mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "E45C3468-6AA8-4E1B-B53C-D49F1850324A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "605B8DE5-56EB-4FFF-BC04-1B3A38762727" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-24mpp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "92FD9ECE-C768-47D6-85F1-7D5D6A10C485" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-24mpp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C940275E-41A8-470D-AD97-AB6EC5A75CEF" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-48_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "674FCA4F-9120-47C3-A991-7C2DF776652F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "235AAB5A-9D0A-4864-89E2-D69D1D8A79D1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-48p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "21617438-0612-4FDE-800E-2746A84215C1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "967DCE55-B7D5-4D63-9693-B42FAA9243B1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sg550x-48mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "F1DA00AC-BFD6-4C63-A26F-0B5CA23C5210" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sg550x-48mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9AA6BED3-2564-4A7C-91DC-F843E301A35E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-24_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "FC60491F-FBFD-4A03-93E8-1E1DFD5D0789" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-24:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F53C2EAA-CD47-4D76-BBC6-C59D531AB1D4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-24p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "0BE26641-CC6A-4BB0-AD98-C130FE03B605" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-24p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4BDF26D7-B3B5-47CA-94E9-B14BEFE02318" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-24mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "22C41C89-D8E6-4BD5-A12D-909C275C2294" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-24mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3AC0655-0F02-4397-881F-CFB6DAC3AA3B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-48_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "CA4CEEC6-74EE-4B8C-B00D-FEF2DB802C55" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-48:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C374EB87-A4C6-43FB-B42E-DEA973375EC2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-48p_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "AD41FAE4-E8AE-44FC-9043-C9570265B039" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-48p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "903E59DA-DE59-4CD4-BE32-B91DDA1DA07D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cisco:sf550x-48mp_firmware:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5", + "versionEndExcluding": "2.5.9.54", + "matchCriteriaId": "F51911EF-023D-4B86-9F36-9C85DCCAD36F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:sf550x-48mp:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0A6AFC45-9ECC-4D4A-80BF-20F49C83A57A" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk", + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22237.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22237.json new file mode 100644 index 00000000000..e817d129e7a --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22237.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22237", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-06T20:16:03.430", + "lastModified": "2024-02-06T20:16:03.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22238.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22238.json new file mode 100644 index 00000000000..2a61ba3fe99 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22238.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22238", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-06T20:16:03.590", + "lastModified": "2024-02-06T20:16:03.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22239.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22239.json new file mode 100644 index 00000000000..216a2e5c8c2 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22239.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22239", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-06T20:16:03.750", + "lastModified": "2024-02-06T20:16:03.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Aria Operations for Networks contains a local privilege escalation vulnerability.\u00a0A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22240.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22240.json new file mode 100644 index 00000000000..b56540abf11 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22240.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22240", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-06T20:16:03.917", + "lastModified": "2024-02-06T20:16:03.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Aria Operations for Networks contains a local file read vulnerability.\u00a0A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22241.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22241.json new file mode 100644 index 00000000000..30f3926f298 --- /dev/null +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22241.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-22241", + "sourceIdentifier": "security@vmware.com", + "published": "2024-02-06T20:16:04.080", + "lastModified": "2024-02-06T20:16:04.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Aria Operations for Networks contains a cross site scripting vulnerability.\u00a0A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. \u00a0 " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22319.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22319.json index a92f1bc6d25..e317f9bdb89 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22319.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22319.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22319", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-02T03:15:10.573", - "lastModified": "2024-02-06T01:15:09.500", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T19:52:31.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -41,7 +61,7 @@ "weaknesses": [ { "source": "psirt@us.ibm.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,14 +70,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*", + "matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*", + "matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*", + "matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279145", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7112382", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22320.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22320.json index e28e4996036..805e8d80151 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22320.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22320.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22320", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-02T03:15:10.780", - "lastModified": "2024-02-02T04:58:55.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:54:23.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146." + }, + { + "lang": "es", + "value": "IBM Operational Decision Manager versiones 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1 y 8.12.0.1 podr\u00edan permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario en el sistema, causado por una deserializaci\u00f3n insegura. Al enviar una solicitud especialmente manipulada, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto de SYSTEM. ID de IBM X-Force: 279146." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.3:*:*:*:*:*:*:*", + "matchCriteriaId": "CF279017-9ADC-4249-9956-BF63FD9EBD30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.4:*:*:*:*:*:*:*", + "matchCriteriaId": "48771A1F-9BCC-44E2-A34C-F5A7F2D73E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.10.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E64BDD7B-4A90-4026-A1F3-EEFE5D10DB62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11:*:*:*:*:*:*:*", + "matchCriteriaId": "A246453D-AAB0-4BF0-AE62-CFCBAECC2C6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "354E0F39-CA38-4A27-973B-7415C7A40FC2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:operational_decision_manager:8.12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "60B60CD2-D71D-43FE-B9AD-A11FE5FC132E" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279146", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7112382", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23745.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23745.json index f69d844b1c1..250ac6a259c 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23745.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23745.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23745", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T02:15:54.520", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:42:12.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "En Notion Web Clipper 1.0.3(7), un archivo .nib es susceptible al ataque Dirty NIB. Los archivos NIB se pueden manipular para ejecutar comandos arbitrarios. Adem\u00e1s, incluso si un archivo NIB se modifica dentro de una aplicaci\u00f3n, Gatekeeper a\u00fan puede permitir la ejecuci\u00f3n de la aplicaci\u00f3n, permitiendo la ejecuci\u00f3n de comandos arbitrarios dentro del contexto de la aplicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notion:web_clipper:1.0.3\\(7\\):*:*:*:*:*:*:*", + "matchCriteriaId": "576F54DE-EF87-494A-B7DF-8FCC28062CBD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/louiselalanne/CVE-2024-23745", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json index cff9e6e11a3..8e04103b517 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23940.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23940", "sourceIdentifier": "security@trendmicro.com", "published": "2024-01-29T19:15:08.887", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:19:33.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,119 @@ "value": "Trend Micro uiAirSupport, incluido en la familia de productos de consumo Trend Micro Security 2023, versi\u00f3n 6.0.2092 y anteriores, es vulnerable a una vulnerabilidad de secuestro/proxy de DLL que, si se explota, podr\u00eda permitir a un atacante hacerse pasar por una librer\u00eda y modificarla para ejecutar c\u00f3digo en el sistema y, en \u00faltima instancia, escalar privilegios en un sistema afectado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:air_support:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.2103", + "matchCriteriaId": "71C8D540-28F7-4DEC-8126-C51469277DB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:antivirus_\\+_security:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.2103", + "matchCriteriaId": "1F1C4167-F289-4215-A96F-24303D201442" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:internet_security:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.2103", + "matchCriteriaId": "B3A9AD3B-56F3-4D9E-841D-274E5B31AFD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:maximum_security:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.2103", + "matchCriteriaId": "1FD0AABD-3118-4B89-A9F6-61CEFAA1099B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trendmicro:premium_security:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.0.2103", + "matchCriteriaId": "314702FF-25AD-44BE-B984-4E57FE5A02D6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-12134", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1", - "source": "security@trendmicro.com" + "source": "security@trendmicro.com", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24160.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24160.json index 2bd12b81bcc..3fab636347c 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24160.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24160.json @@ -2,19 +2,79 @@ "id": "CVE-2024-24160", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-02T16:15:55.833", - "lastModified": "2024-02-02T16:30:16.430", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T20:59:08.493", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do." + }, + { + "lang": "es", + "value": "MRCMS 3.0 contiene una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /admin/system/saveinfo.do." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mrcms:mrcms:3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CC8B6F2A-C4B3-487F-B391-ECA5F1A2DDD9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/wy876/cve/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json index f831bfd2579..9f68b4284a8 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24556.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24556", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-30T18:15:48.507", - "lastModified": "2024-01-30T20:48:58.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:24:46.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1" + }, + { + "lang": "es", + "value": "urql es un cliente GraphQL que expone un conjunto de ayudas para varios marcos. El paquete `@urql/next` es vulnerable a XSS. Para explotar esto, un atacante deber\u00eda asegurarse de que la respuesta devuelva etiquetas \"html\" y que la aplicaci\u00f3n web utilice respuestas transmitidas (no RSC). Esta vulnerabilidad se debe a un escape inadecuado de caracteres tipo html en el flujo de respuesta. Para corregir esta vulnerabilidad, actualice a la versi\u00f3n 1.1.1" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nearform:urql:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "1.1.1", + "matchCriteriaId": "96B3F1EE-9B75-4E74-9768-96C0EEFE0080" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24558.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24558.json index 11e776fb9c9..f3504e4683a 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24558.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24558.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24558", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-30T20:15:45.690", - "lastModified": "2024-01-30T20:48:58.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:35:24.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.\n" + }, + { + "lang": "es", + "value": "TanStack Query proporciona administraci\u00f3n de estado asincr\u00f3nica, utilidades de estado de servidor y recuperaci\u00f3n de datos para la web. El paquete NPM `@tanstack/react-query-next-experimental` es afectado por una vulnerabilidad de cross site scripting. Para aprovechar esto, un atacante necesitar\u00eda inyectar entradas maliciosas o hacer arreglos para que se devuelvan entradas maliciosas desde un endpoint. Para solucionar este problema, actualice a la versi\u00f3n 5.18.0 o posterior." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tanstack:query:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.18.0", + "matchCriteriaId": "B5F96146-94D8-4FA0-9A21-80012DB0B2FB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24567.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24567.json index aac00dbcd8a..1781a5f4c82 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24567.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24567.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24567", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-30T21:15:08.607", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T19:41:58.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*", + "versionEndIncluding": "0.3.10", + "matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index cb1eaf4d775..caa59d9b037 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T19:00:33.081430+00:00 +2024-02-06T21:00:24.562759+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T18:56:43.787000+00:00 +2024-02-06T20:59:08.493000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237796 +237805 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `9` -* [CVE-2023-36498](CVE-2023/CVE-2023-364xx/CVE-2023-36498.json) (`2024-02-06T17:15:08.527`) -* [CVE-2023-40545](CVE-2023/CVE-2023-405xx/CVE-2023-40545.json) (`2024-02-06T18:15:58.470`) -* [CVE-2023-42664](CVE-2023/CVE-2023-426xx/CVE-2023-42664.json) (`2024-02-06T17:15:08.770`) -* [CVE-2023-43482](CVE-2023/CVE-2023-434xx/CVE-2023-43482.json) (`2024-02-06T17:15:08.973`) -* [CVE-2023-46683](CVE-2023/CVE-2023-466xx/CVE-2023-46683.json) (`2024-02-06T17:15:09.180`) -* [CVE-2023-47167](CVE-2023/CVE-2023-471xx/CVE-2023-47167.json) (`2024-02-06T17:15:09.380`) -* [CVE-2023-47209](CVE-2023/CVE-2023-472xx/CVE-2023-47209.json) (`2024-02-06T17:15:09.593`) -* [CVE-2023-47617](CVE-2023/CVE-2023-476xx/CVE-2023-47617.json) (`2024-02-06T17:15:09.797`) -* [CVE-2023-47618](CVE-2023/CVE-2023-476xx/CVE-2023-47618.json) (`2024-02-06T17:15:10.013`) -* [CVE-2024-1252](CVE-2024/CVE-2024-12xx/CVE-2024-1252.json) (`2024-02-06T17:15:10.280`) -* [CVE-2024-1253](CVE-2024/CVE-2024-12xx/CVE-2024-1253.json) (`2024-02-06T17:15:10.507`) -* [CVE-2024-22331](CVE-2024/CVE-2024-223xx/CVE-2024-22331.json) (`2024-02-06T17:15:10.740`) -* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T18:15:59.250`) +* [CVE-2024-1254](CVE-2024/CVE-2024-12xx/CVE-2024-1254.json) (`2024-02-06T19:15:09.747`) +* [CVE-2024-1255](CVE-2024/CVE-2024-12xx/CVE-2024-1255.json) (`2024-02-06T19:15:10.270`) +* [CVE-2024-1256](CVE-2024/CVE-2024-12xx/CVE-2024-1256.json) (`2024-02-06T20:16:02.943`) +* [CVE-2024-1257](CVE-2024/CVE-2024-12xx/CVE-2024-1257.json) (`2024-02-06T20:16:03.213`) +* [CVE-2024-22237](CVE-2024/CVE-2024-222xx/CVE-2024-22237.json) (`2024-02-06T20:16:03.430`) +* [CVE-2024-22238](CVE-2024/CVE-2024-222xx/CVE-2024-22238.json) (`2024-02-06T20:16:03.590`) +* [CVE-2024-22239](CVE-2024/CVE-2024-222xx/CVE-2024-22239.json) (`2024-02-06T20:16:03.750`) +* [CVE-2024-22240](CVE-2024/CVE-2024-222xx/CVE-2024-22240.json) (`2024-02-06T20:16:03.917`) +* [CVE-2024-22241](CVE-2024/CVE-2024-222xx/CVE-2024-22241.json) (`2024-02-06T20:16:04.080`) ### CVEs modified in the last Commit -Recently modified CVEs: `40` - -* [CVE-2023-51982](CVE-2023/CVE-2023-519xx/CVE-2023-51982.json) (`2024-02-06T18:30:13.563`) -* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-06T18:37:23.327`) -* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-02-06T18:50:48.063`) -* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2024-02-06T18:53:02.780`) -* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T17:52:56.963`) -* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T17:53:00.620`) -* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-02-06T18:07:39.733`) -* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-02-06T18:11:45.033`) -* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-02-06T18:20:46.017`) -* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-02-06T18:21:15.953`) -* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-02-06T18:22:58.250`) -* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-02-06T18:32:20.340`) -* [CVE-2024-23342](CVE-2024/CVE-2024-233xx/CVE-2024-23342.json) (`2024-02-06T18:36:47.733`) -* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-02-06T18:38:53.870`) -* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-02-06T18:56:43.787`) +Recently modified CVEs: `44` + +* [CVE-2023-41279](CVE-2023/CVE-2023-412xx/CVE-2023-41279.json) (`2024-02-06T20:10:17.043`) +* [CVE-2023-6909](CVE-2023/CVE-2023-69xx/CVE-2023-6909.json) (`2024-02-06T20:16:01.753`) +* [CVE-2023-6975](CVE-2023/CVE-2023-69xx/CVE-2023-6975.json) (`2024-02-06T20:16:02.677`) +* [CVE-2023-50359](CVE-2023/CVE-2023-503xx/CVE-2023-50359.json) (`2024-02-06T20:18:14.547`) +* [CVE-2023-47566](CVE-2023/CVE-2023-475xx/CVE-2023-47566.json) (`2024-02-06T20:18:26.263`) +* [CVE-2023-45037](CVE-2023/CVE-2023-450xx/CVE-2023-45037.json) (`2024-02-06T20:18:34.557`) +* [CVE-2023-45036](CVE-2023/CVE-2023-450xx/CVE-2023-45036.json) (`2024-02-06T20:18:45.043`) +* [CVE-2023-45028](CVE-2023/CVE-2023-450xx/CVE-2023-45028.json) (`2024-02-06T20:19:17.697`) +* [CVE-2023-45027](CVE-2023/CVE-2023-450xx/CVE-2023-45027.json) (`2024-02-06T20:19:44.367`) +* [CVE-2023-51520](CVE-2023/CVE-2023-515xx/CVE-2023-51520.json) (`2024-02-06T20:20:11.330`) +* [CVE-2023-0686](CVE-2023/CVE-2023-06xx/CVE-2023-0686.json) (`2024-02-06T20:22:59.393`) +* [CVE-2023-52175](CVE-2023/CVE-2023-521xx/CVE-2023-52175.json) (`2024-02-06T20:46:18.473`) +* [CVE-2023-6676](CVE-2023/CVE-2023-66xx/CVE-2023-6676.json) (`2024-02-06T20:51:50.407`) +* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T19:15:09.083`) +* [CVE-2024-23940](CVE-2024/CVE-2024-239xx/CVE-2024-23940.json) (`2024-02-06T19:19:33.920`) +* [CVE-2024-20263](CVE-2024/CVE-2024-202xx/CVE-2024-20263.json) (`2024-02-06T19:23:20.600`) +* [CVE-2024-24556](CVE-2024/CVE-2024-245xx/CVE-2024-24556.json) (`2024-02-06T19:24:46.810`) +* [CVE-2024-24558](CVE-2024/CVE-2024-245xx/CVE-2024-24558.json) (`2024-02-06T19:35:24.230`) +* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-02-06T19:41:58.417`) +* [CVE-2024-22319](CVE-2024/CVE-2024-223xx/CVE-2024-22319.json) (`2024-02-06T19:52:31.520`) +* [CVE-2024-22320](CVE-2024/CVE-2024-223xx/CVE-2024-22320.json) (`2024-02-06T19:54:23.043`) +* [CVE-2024-1069](CVE-2024/CVE-2024-10xx/CVE-2024-1069.json) (`2024-02-06T20:11:52.587`) +* [CVE-2024-23745](CVE-2024/CVE-2024-237xx/CVE-2024-23745.json) (`2024-02-06T20:42:12.490`) +* [CVE-2024-1196](CVE-2024/CVE-2024-11xx/CVE-2024-1196.json) (`2024-02-06T20:57:49.480`) +* [CVE-2024-24160](CVE-2024/CVE-2024-241xx/CVE-2024-24160.json) (`2024-02-06T20:59:08.493`) ## Download and Usage