-
Notifications
You must be signed in to change notification settings - Fork 187
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into clarify_alias_modtime
- Loading branch information
Showing
23 changed files
with
2,849 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,130 @@ | ||
{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2024-03-25T05:17:38.960","vulnerabilities":[{"cve":{"id":"CVE-2018-1000500","sourceIdentifier":"cve@mitre.org","published":"2018-06-26T16:29:00.353","lastModified":"2020-09-24T20:15:12.350","vulnStatus":"Modified","descriptions":[{"lang":"en","value":"Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https:\/\/compromised-domain.com\/important-file\"."},{"lang":"es","value":"Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet \"busybox wget\" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante \"busybox wget https:\/\/compromised-domain.com\/important-file\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*","versionEndExcluding":"1.32.0","matchCriteriaId":"8E01D2F2-60BE-4135-B94B-76D34EC75060"}]}]}],"references":[{"url":"http:\/\/lists.busybox.net\/pipermail\/busybox\/2018-May\/086462.html","source":"cve@mitre.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https:\/\/git.busybox.net\/busybox\/commit\/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https:\/\/usn.ubuntu.com\/4531-1\/","source":"cve@mitre.org"}]}}]} | ||
{ | ||
"resultsPerPage": 1, | ||
"startIndex": 0, | ||
"totalResults": 1, | ||
"format": "NVD_CVE", | ||
"version": "2.0", | ||
"timestamp": "2024-03-25T05:17:38.960", | ||
"vulnerabilities": [ | ||
{ | ||
"cve": { | ||
"id": "CVE-2018-1000500", | ||
"sourceIdentifier": "cve@mitre.org", | ||
"published": "2018-06-26T16:29:00.353", | ||
"lastModified": "2020-09-24T20:15:12.350", | ||
"vulnStatus": "Modified", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https:\/\/compromised-domain.com\/important-file\"." | ||
}, | ||
{ | ||
"lang": "es", | ||
"value": "Busybox contiene una vulnerabilidad de falta de validación de certificados SSL en el applet \"busybox wget\" que puede resultar en la ejecución de código arbitrario. El ataque parece ser explotable mediante la descarga de cualquier archivo por HTTPS mediante \"busybox wget https:\/\/compromised-domain.com\/important-file\"." | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H", | ||
"attackVector": "NETWORK", | ||
"attackComplexity": "HIGH", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "HIGH", | ||
"integrityImpact": "HIGH", | ||
"availabilityImpact": "HIGH", | ||
"baseScore": 8.1, | ||
"baseSeverity": "HIGH" | ||
}, | ||
"exploitabilityScore": 2.2, | ||
"impactScore": 5.9 | ||
} | ||
], | ||
"cvssMetricV2": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "2.0", | ||
"vectorString": "AV:N\/AC:M\/Au:N\/C:P\/I:P\/A:P", | ||
"accessVector": "NETWORK", | ||
"accessComplexity": "MEDIUM", | ||
"authentication": "NONE", | ||
"confidentialityImpact": "PARTIAL", | ||
"integrityImpact": "PARTIAL", | ||
"availabilityImpact": "PARTIAL", | ||
"baseScore": 6.8 | ||
}, | ||
"baseSeverity": "MEDIUM", | ||
"exploitabilityScore": 8.6, | ||
"impactScore": 6.4, | ||
"acInsufInfo": false, | ||
"obtainAllPrivilege": false, | ||
"obtainUserPrivilege": false, | ||
"obtainOtherPrivilege": false, | ||
"userInteractionRequired": false | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-295" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", | ||
"versionEndExcluding": "1.32.0", | ||
"matchCriteriaId": "8E01D2F2-60BE-4135-B94B-76D34EC75060" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "http:\/\/lists.busybox.net\/pipermail\/busybox\/2018-May\/086462.html", | ||
"source": "cve@mitre.org", | ||
"tags": [ | ||
"Mailing List", | ||
"Vendor Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https:\/\/git.busybox.net\/busybox\/commit\/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91", | ||
"source": "cve@mitre.org", | ||
"tags": [ | ||
"Patch", | ||
"Vendor Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https:\/\/usn.ubuntu.com\/4531-1\/", | ||
"source": "cve@mitre.org" | ||
} | ||
] | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,144 @@ | ||
{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2023-11-26T23:14:57.970","vulnerabilities":[{"cve":{"id":"CVE-2020-13595","sourceIdentifier":"cve@mitre.org","published":"2020-08-31T15:15:10.680","lastModified":"2020-09-08T21:09:33.517","vulnStatus":"Analyzed","descriptions":[{"lang":"en","value":"The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets."},{"lang":"es","value":"La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 hasta 4.2 (para dispositivos ESP32) devuelve el número errado de paquetes BLE completados y desencadena una aserción alcanzable en la pila del host cuando está recibiendo un paquete con un fallo de MIC. Un atacante dentro del radio de alcance puede desencadenar silenciosamente la aserción (que deshabilita la pila BLE del objetivo) al enviar una secuencia de paquetes BLE diseñada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A\/AC:L\/Au:N\/C:N\/I:N\/A:P","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":3.3},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.2","matchCriteriaId":"F8034F36-3371-4111-AE71-573B85934B20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*","matchCriteriaId":"D1024B06-380B-4116-B7F9-A21A03534B0C"}]}]}],"references":[{"url":"https:\/\/asset-group.github.io\/cves.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https:\/\/asset-group.github.io\/disclosures\/sweyntooth\/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https:\/\/github.com\/espressif\/esp32-bt-lib","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]} | ||
{ | ||
"resultsPerPage": 1, | ||
"startIndex": 0, | ||
"totalResults": 1, | ||
"format": "NVD_CVE", | ||
"version": "2.0", | ||
"timestamp": "2023-11-26T23:14:57.970", | ||
"vulnerabilities": [ | ||
{ | ||
"cve": { | ||
"id": "CVE-2020-13595", | ||
"sourceIdentifier": "cve@mitre.org", | ||
"published": "2020-08-31T15:15:10.680", | ||
"lastModified": "2020-09-08T21:09:33.517", | ||
"vulnStatus": "Analyzed", | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets." | ||
}, | ||
{ | ||
"lang": "es", | ||
"value": "La implementación del controlador Bluetooth Low Energy (BLE) en Espressif ESP-IDF versiones 4.0 hasta 4.2 (para dispositivos ESP32) devuelve el número errado de paquetes BLE completados y desencadena una aserción alcanzable en la pila del host cuando está recibiendo un paquete con un fallo de MIC. Un atacante dentro del radio de alcance puede desencadenar silenciosamente la aserción (que deshabilita la pila BLE del objetivo) al enviar una secuencia de paquetes BLE diseñada" | ||
} | ||
], | ||
"metrics": { | ||
"cvssMetricV31": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "3.1", | ||
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H", | ||
"attackVector": "ADJACENT_NETWORK", | ||
"attackComplexity": "LOW", | ||
"privilegesRequired": "NONE", | ||
"userInteraction": "NONE", | ||
"scope": "UNCHANGED", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "NONE", | ||
"availabilityImpact": "HIGH", | ||
"baseScore": 6.5, | ||
"baseSeverity": "MEDIUM" | ||
}, | ||
"exploitabilityScore": 2.8, | ||
"impactScore": 3.6 | ||
} | ||
], | ||
"cvssMetricV2": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"cvssData": { | ||
"version": "2.0", | ||
"vectorString": "AV:A\/AC:L\/Au:N\/C:N\/I:N\/A:P", | ||
"accessVector": "ADJACENT_NETWORK", | ||
"accessComplexity": "LOW", | ||
"authentication": "NONE", | ||
"confidentialityImpact": "NONE", | ||
"integrityImpact": "NONE", | ||
"availabilityImpact": "PARTIAL", | ||
"baseScore": 3.3 | ||
}, | ||
"baseSeverity": "LOW", | ||
"exploitabilityScore": 6.5, | ||
"impactScore": 2.9, | ||
"acInsufInfo": false, | ||
"obtainAllPrivilege": false, | ||
"obtainUserPrivilege": false, | ||
"obtainOtherPrivilege": false, | ||
"userInteractionRequired": false | ||
} | ||
] | ||
}, | ||
"weaknesses": [ | ||
{ | ||
"source": "nvd@nist.gov", | ||
"type": "Primary", | ||
"description": [ | ||
{ | ||
"lang": "en", | ||
"value": "CWE-617" | ||
} | ||
] | ||
} | ||
], | ||
"configurations": [ | ||
{ | ||
"operator": "AND", | ||
"nodes": [ | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": true, | ||
"criteria": "cpe:2.3:a:espressif:esp-idf:*:*:*:*:*:*:*:*", | ||
"versionStartIncluding": "4.0.0", | ||
"versionEndIncluding": "4.2", | ||
"matchCriteriaId": "F8034F36-3371-4111-AE71-573B85934B20" | ||
} | ||
] | ||
}, | ||
{ | ||
"operator": "OR", | ||
"negate": false, | ||
"cpeMatch": [ | ||
{ | ||
"vulnerable": false, | ||
"criteria": "cpe:2.3:h:espressif:esp32:-:*:*:*:*:*:*:*", | ||
"matchCriteriaId": "D1024B06-380B-4116-B7F9-A21A03534B0C" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https:\/\/asset-group.github.io\/cves.html", | ||
"source": "cve@mitre.org", | ||
"tags": [ | ||
"Third Party Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https:\/\/asset-group.github.io\/disclosures\/sweyntooth\/", | ||
"source": "cve@mitre.org", | ||
"tags": [ | ||
"Third Party Advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https:\/\/github.com\/espressif\/esp32-bt-lib", | ||
"source": "cve@mitre.org", | ||
"tags": [ | ||
"Third Party Advisory" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
] | ||
} |
Oops, something went wrong.