-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
7415b77
commit 19fd7c4
Showing
20 changed files
with
20 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2023-45727", "sourceIdentifier": "[email protected]", "published": "2023-10-18T10:15:08.643", "lastModified": "2024-12-02T19:15:08.390", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."}, {"lang": "es", "value": "Proself Enterprise/Standard Edition Ver5.62 y anteriores, Proself Gateway Edition Ver1.65 y anteriores, y Proself Mail Sanitize Edition Ver1.08 y anteriores permiten a un atacante remoto no autenticado realizar ataques de entidad externa XML (XXE). Al procesar una solicitud especialmente manipulada que contiene datos XML con formato incorrecto, el atacante puede leer archivos arbitrarios en el servidor que contienen informaci\u00f3n de la cuenta."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-611"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:*", "versionEndExcluding": "1.09", "matchCriteriaId": "6D6F51B5-6B83-41C4-A1F6-9D10CB601DB5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:*", "versionEndExcluding": "1.66", "matchCriteriaId": "F1BB1954-50C1-40A8-9F47-415ECBB6259F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:*", "versionEndExcluding": "5.63", "matchCriteriaId": "66942ECC-2DB7-4B63-9364-FC7D71722355"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:*", "versionEndExcluding": "5.63", "matchCriteriaId": "1ED1659B-802E-4F0F-9CF3-BD1BBED1A27F"}]}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN95981460/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.proself.jp/information/153/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://jvn.jp/en/jp/JVN95981460/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.proself.jp/information/153/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}} | ||
| {"cve": {"id": "CVE-2023-45727", "sourceIdentifier": "[email protected]", "published": "2023-10-18T10:15:08.643", "lastModified": "2024-12-04T02:00:02.410", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker."}, {"lang": "es", "value": "Proself Enterprise/Standard Edition Ver5.62 y anteriores, Proself Gateway Edition Ver1.65 y anteriores, y Proself Mail Sanitize Edition Ver1.08 y anteriores permiten a un atacante remoto no autenticado realizar ataques de entidad externa XML (XXE). Al procesar una solicitud especialmente manipulada que contiene datos XML con formato incorrecto, el atacante puede leer archivos arbitrarios en el servidor que contienen informaci\u00f3n de la cuenta."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "cisaExploitAdd": "2024-12-03", "cisaActionDue": "2024-12-24", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability", "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-611"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:mail_sanitize:*:*:*", "versionEndExcluding": "1.09", "matchCriteriaId": "6D6F51B5-6B83-41C4-A1F6-9D10CB601DB5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:gateway:*:*:*", "versionEndExcluding": "1.66", "matchCriteriaId": "F1BB1954-50C1-40A8-9F47-415ECBB6259F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:enterprise:*:*:*", "versionEndExcluding": "5.63", "matchCriteriaId": "66942ECC-2DB7-4B63-9364-FC7D71722355"}, {"vulnerable": true, "criteria": "cpe:2.3:a:northgrid:proself:*:*:*:*:standard:*:*:*", "versionEndExcluding": "5.63", "matchCriteriaId": "1ED1659B-802E-4F0F-9CF3-BD1BBED1A27F"}]}]}], "references": [{"url": "https://jvn.jp/en/jp/JVN95981460/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.proself.jp/information/153/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://jvn.jp/en/jp/JVN95981460/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://www.proself.jp/information/153/", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"]}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-11079", "sourceIdentifier": "[email protected]", "published": "2024-11-12T00:15:15.543", "lastModified": "2024-11-12T13:55:21.227", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Ansible-Core. Esta vulnerabilidad permite a los atacantes eludir las protecciones de contenido inseguro mediante el objeto hostvars para hacer referencia y ejecutar contenido con plantilla. Este problema puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si los datos remotos o las salidas de m\u00f3dulos tienen plantillas incorrectas dentro de los playbooks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2024-11079", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325171", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-11079", "sourceIdentifier": "[email protected]", "published": "2024-11-12T00:15:15.543", "lastModified": "2024-12-04T02:15:04.100", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en Ansible-Core. Esta vulnerabilidad permite a los atacantes eludir las protecciones de contenido inseguro mediante el objeto hostvars para hacer referencia y ejecutar contenido con plantilla. Este problema puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si los datos remotos o las salidas de m\u00f3dulos tienen plantillas incorrectas dentro de los playbooks."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:10770", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2024-11079", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2325171", "source": "[email protected]"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"cve": {"id": "CVE-2024-11479", "sourceIdentifier": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "published": "2024-12-04T01:15:04.650", "lastModified": "2024-12-04T01:15:04.650", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the \nemails sent to all users on that ticket."}], "metrics": {"cvssMetricV40": [{"source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "subsequentSystemAvailability": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "safety": "NOT_DEFINED", "automatable": "NOT_DEFINED", "recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}]}, "weaknesses": [{"source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}]}], "references": [{"url": "https://helpcenter.issuetrak.com/home/2340-issuetrak-release-notes", "source": "b7efe717-a805-47cf-8e9a-921fca0ce0ce"}]}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"cve": {"id": "CVE-2024-11667", "sourceIdentifier": "[email protected]", "published": "2024-11-27T10:15:04.210", "lastModified": "2024-11-28T03:15:14.943", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u00a0versions V5.00 through V5.38,\u00a0USG FLEX 50(W) series firmware\u00a0versions V5.10 through V5.38, and\u00a0USG20(W)-VPN series firmware\u00a0versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."}, {"lang": "es", "value": "Una vulnerabilidad de directory traversal en la interfaz de administraci\u00f3n web de las versiones de firmware de la serie Zyxel ATP V5.00 a V5.38, las versiones de firmware de la serie USG FLEX V5.00 a V5.38, las versiones de firmware de la serie USG FLEX 50(W) V5.10 a V5.38 y las versiones de firmware de la serie USG20(W)-VPN V5.10 a V5.38 podr\u00eda permitir que un atacante descargue o cargue archivos a trav\u00e9s de una URL manipulada espec\u00edficamente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024", "source": "[email protected]"}]}} | ||
| {"cve": {"id": "CVE-2024-11667", "sourceIdentifier": "[email protected]", "published": "2024-11-27T10:15:04.210", "lastModified": "2024-12-04T02:00:02.410", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u00a0versions V5.00 through V5.38,\u00a0USG FLEX 50(W) series firmware\u00a0versions V5.10 through V5.38, and\u00a0USG20(W)-VPN series firmware\u00a0versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."}, {"lang": "es", "value": "Una vulnerabilidad de directory traversal en la interfaz de administraci\u00f3n web de las versiones de firmware de la serie Zyxel ATP V5.00 a V5.38, las versiones de firmware de la serie USG FLEX V5.00 a V5.38, las versiones de firmware de la serie USG FLEX 50(W) V5.10 a V5.38 y las versiones de firmware de la serie USG20(W)-VPN V5.10 a V5.38 podr\u00eda permitir que un atacante descargue o cargue archivos a trav\u00e9s de una URL manipulada espec\u00edficamente."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "cisaExploitAdd": "2024-12-03", "cisaActionDue": "2024-12-24", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Zyxel Multiple Firewalls Path Traversal Vulnerability", "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024", "source": "[email protected]"}]}} |
Oops, something went wrong.