Advisory Database Sync

advisories/unreviewed/2022/05/GHSA-xrx4-vq84-23w6/GHSA-xrx4-vq84-23w6.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-xrx4-vq84-23w6",
-  "modified": "2022-05-24T19:03:34Z",
+  "modified": "2023-10-13T15:30:17Z",
   "published": "2022-05-24T19:03:34Z",
   "aliases": [
     "CVE-2021-27852"
   ],
   "details": "Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/08/GHSA-jfqg-q3jr-w9mv/GHSA-jfqg-q3jr-w9mv.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jfqg-q3jr-w9mv",
-  "modified": "2023-08-07T21:31:00Z",
+  "modified": "2023-10-13T15:30:17Z",
   "published": "2023-08-02T18:30:26Z",
   "aliases": [
     "CVE-2023-3470"
@@ -29,6 +29,7 @@
   "database_specific": {
     "cwe_ids": [
       "CWE-1391",
+      "CWE-287",
       "CWE-521"
     ],
     "severity": null,

advisories/unreviewed/2023/10/GHSA-2w9p-mqx6-cvqc/GHSA-2w9p-mqx6-cvqc.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w9p-mqx6-cvqc",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-33303"
+  ],
+  "details": "A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33303"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fortiguard.com/psirt/FG-IR-23-007"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-373p-j926-5m9h/GHSA-373p-j926-5m9h.json

@@ -28,7 +28,7 @@
   ],
   "database_specific": {
     "cwe_ids": [
-
+      "CWE-78"
     ],
     "severity": null,
     "github_reviewed": false,

advisories/unreviewed/2023/10/GHSA-3956-3637-r7rj/GHSA-3956-3637-r7rj.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3956-3637-r7rj",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-45463"
+  ],
+  "details": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45463"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20hostname%20parameter%20leads%20to%20DOS.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-4v9x-wfx7-57r9/GHSA-4v9x-wfx7-57r9.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4v9x-wfx7-57r9",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-29464"
+  ],
+  "details": "\nFactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.\n\n",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29464"
+    },
+    {
+      "type": "WEB",
+      "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141040"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-20"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-542f-549f-58vm/GHSA-542f-549f-58vm.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-542f-549f-58vm",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-45391"
+  ],
+  "details": "A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45391"
+    },
+    {
+      "type": "WEB",
+      "url": "https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-stored-xss.html"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-5cg5-8chj-3gqc/GHSA-5cg5-8chj-3gqc.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5cg5-8chj-3gqc",
+  "modified": "2023-10-13T15:30:20Z",
+  "published": "2023-10-13T15:30:20Z",
+  "aliases": [
+    "CVE-2023-41843"
+  ],
+  "details": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41843"
+    },
+    {
+      "type": "WEB",
+      "url": "https://fortiguard.com/psirt/FG-IR-23-273"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-624m-p552-xj26/GHSA-624m-p552-xj26.json

@@ -0,0 +1,35 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-624m-p552-xj26",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-45464"
+  ],
+  "details": "Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45464"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/adhikara13/CVE/blob/main/netis_N3/buffer%20overflow%20in%20servDomain%20parameter%20leads%20to%20DOS.md"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-679v-hh23-h5jh/GHSA-679v-hh23-h5jh.json

@@ -1,14 +1,17 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-679v-hh23-h5jh",
-  "modified": "2023-10-05T21:30:46Z",
+  "modified": "2023-10-13T15:30:17Z",
   "published": "2023-10-05T21:30:46Z",
   "aliases": [
     "CVE-2023-39323"
   ],
   "details": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.",
   "severity": [
-
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    }
   ],
   "affected": [
 

advisories/unreviewed/2023/10/GHSA-68c3-2gxf-hpcv/GHSA-68c3-2gxf-hpcv.json

@@ -0,0 +1,38 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68c3-2gxf-hpcv",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-45162"
+  ],
+  "details": "Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. \n\nApplication of the relevant hotfix remediates this issue.\n\nfor v8.1.2 apply hotfix Q23166\nfor v8.4.1 apply hotfix Q23164\nfor v9.0.1 apply hotfix Q23173\n\nSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45162"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.1e.com/trust-security-compliance/cve-info/"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}

advisories/unreviewed/2023/10/GHSA-7w44-2mwh-vhjr/GHSA-7w44-2mwh-vhjr.json

@@ -0,0 +1,42 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7w44-2mwh-vhjr",
+  "modified": "2023-10-13T15:30:19Z",
+  "published": "2023-10-13T15:30:19Z",
+  "aliases": [
+    "CVE-2023-4517"
+  ],
+  "details": "Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4517"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/hestiacp/hestiacp/commit/d30e3edbca5915235643e46ab222cb7aed9b319a"
+    },
+    {
+      "type": "WEB",
+      "url": "https://huntr.dev/bounties/508d1d21-c45d-47ff-833f-50c671882e51"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "LOW",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": null
+  }
+}