From 00f963b99440885ff20abcb518083024026ad8d4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 13 Oct 2023 16:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-13T16:00:24.418019+00:00 --- CVE-2020/CVE-2020-276xx/CVE-2020-27630.json | 78 ++++++++++++- CVE-2020/CVE-2020-276xx/CVE-2020-27631.json | 78 ++++++++++++- CVE-2020/CVE-2020-276xx/CVE-2020-27633.json | 78 ++++++++++++- CVE-2020/CVE-2020-276xx/CVE-2020-27634.json | 78 ++++++++++++- CVE-2020/CVE-2020-276xx/CVE-2020-27636.json | 78 ++++++++++++- CVE-2021/CVE-2021-278xx/CVE-2021-27852.json | 14 +-- CVE-2023/CVE-2023-258xx/CVE-2023-25822.json | 64 +++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30802.json | 71 ++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30803.json | 71 ++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30804.json | 71 ++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30805.json | 71 ++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30806.json | 71 ++++++++++- CVE-2023/CVE-2023-333xx/CVE-2023-33301.json | 69 ++++++++++- CVE-2023/CVE-2023-333xx/CVE-2023-33303.json | 43 +++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3470.json | 5 +- CVE-2023/CVE-2023-365xx/CVE-2023-36567.json | 109 ++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36568.json | 53 ++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36569.json | 53 ++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36572.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36573.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36574.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36575.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36576.json | 89 +++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36577.json | 109 ++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36578.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-365xx/CVE-2023-36579.json | 115 +++++++++++++++++- CVE-2023/CVE-2023-393xx/CVE-2023-39323.json | 92 +++++++++++++-- CVE-2023/CVE-2023-416xx/CVE-2023-41680.json | 43 +++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41681.json | 43 +++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41682.json | 43 +++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41836.json | 43 +++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41843.json | 43 +++++++ CVE-2023/CVE-2023-427xx/CVE-2023-42787.json | 123 +++++++++++++++++++- CVE-2023/CVE-2023-427xx/CVE-2023-42788.json | 123 +++++++++++++++++++- CVE-2023/CVE-2023-432xx/CVE-2023-43269.json | 68 ++++++++++- CVE-2023/CVE-2023-451xx/CVE-2023-45109.json | 55 +++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45267.json | 55 +++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45268.json | 55 +++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45282.json | 73 +++++++++++- CVE-2023/CVE-2023-453xx/CVE-2023-45391.json | 20 ++++ CVE-2023/CVE-2023-453xx/CVE-2023-45393.json | 20 ++++ CVE-2023/CVE-2023-52xx/CVE-2023-5232.json | 70 ++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5520.json | 60 +++++++++- README.md | 89 +++++++------- 44 files changed, 2969 insertions(+), 192 deletions(-) create mode 100644 CVE-2023/CVE-2023-333xx/CVE-2023-33303.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41680.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41681.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41682.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41836.json create mode 100644 CVE-2023/CVE-2023-418xx/CVE-2023-41843.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45109.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45267.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45268.json create mode 100644 CVE-2023/CVE-2023-453xx/CVE-2023-45391.json create mode 100644 CVE-2023/CVE-2023-453xx/CVE-2023-45393.json diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27630.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27630.json index 40a733f46ed..e37a40a4262 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27630.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27630.json @@ -2,27 +2,93 @@ "id": "CVE-2020-27630", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T17:15:10.403", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:12:41.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random." + }, + { + "lang": "es", + "value": "En Silicon Labs uC/TCP-IP 3.6.0, los ISN de TCP son incorrectamente aleatorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:uc\\/tcp-ip:3.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EB14A30E-C539-49BE-98BB-4CDA95746BDC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.forescout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27631.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27631.json index de3af9ecb11..0592af1da1a 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27631.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27631.json @@ -2,27 +2,93 @@ "id": "CVE-2020-27631", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T17:15:10.453", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:12:44.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random." + }, + { + "lang": "es", + "value": "En Oryx CycloneTCP 1.9.6, los ISN de TCP son incorrectamente aleatorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oryx-embedded:cyclonetcp:1.9.6:*:*:*:*:*:*:*", + "matchCriteriaId": "27B25BA9-7220-47EA-98F0-128A5462815A" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.forescout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27633.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27633.json index 9d8ea5dc321..f893d5091a6 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27633.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27633.json @@ -2,27 +2,93 @@ "id": "CVE-2020-27633", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T17:15:10.607", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:12:35.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In FNET 4.6.3, TCP ISNs are improperly random." + }, + { + "lang": "es", + "value": "En FNET 4.6.3, los ISN de TCP son incorrectamente aleatorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:butok:fnet:4.6.3:*:*:*:*:*:*:*", + "matchCriteriaId": "94C5BC14-6C70-4847-AE23-D6417CD2C3A2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.forescout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27634.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27634.json index 1b0399fd767..0b3baf07444 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27634.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27634.json @@ -2,27 +2,93 @@ "id": "CVE-2020-27634", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T17:15:10.657", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:12:30.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Contiki 4.5, TCP ISNs are improperly random." + }, + { + "lang": "es", + "value": "En Contiki 4.5, los ISN de TCP son incorrectamente aleatorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:contiki-ng:contiki-ng:4.5:*:*:*:*:*:*:*", + "matchCriteriaId": "93EA8725-2367-4899-96B6-5B4419C9B3DB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.forescout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-276xx/CVE-2020-27636.json b/CVE-2020/CVE-2020-276xx/CVE-2020-27636.json index f9be453c0a4..b42dc39fb92 100644 --- a/CVE-2020/CVE-2020-276xx/CVE-2020-27636.json +++ b/CVE-2020/CVE-2020-276xx/CVE-2020-27636.json @@ -2,27 +2,93 @@ "id": "CVE-2020-27636", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T17:15:10.753", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:12:19.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random." + }, + { + "lang": "es", + "value": "En Microchip MPLAB Net 3.6.1, los ISN de TCP son incorrectamente aleatorios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microchip:mplab_network_creator:3.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D5638620-DB79-4F31-AE15-F0F23382D658" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.forescout.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-278xx/CVE-2021-27852.json b/CVE-2021/CVE-2021-278xx/CVE-2021-27852.json index 23136ad361b..3306af962a6 100644 --- a/CVE-2021/CVE-2021-278xx/CVE-2021-27852.json +++ b/CVE-2021/CVE-2021-278xx/CVE-2021-27852.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27852", "sourceIdentifier": "cret@cert.org", "published": "2021-05-27T21:15:20.567", - "lastModified": "2021-06-08T02:17:22.947", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-13T15:15:43.783", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-04-11", "cisaActionDue": "2022-05-02", "cisaRequiredAction": "Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.", @@ -97,16 +97,6 @@ "value": "CWE-502" } ] - }, - { - "source": "cret@cert.org", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-502" - } - ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-258xx/CVE-2023-25822.json b/CVE-2023/CVE-2023-258xx/CVE-2023-25822.json index 88ce232c970..d90baf35a96 100644 --- a/CVE-2023/CVE-2023-258xx/CVE-2023-25822.json +++ b/CVE-2023/CVE-2023-258xx/CVE-2023-25822.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25822", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-09T14:15:10.547", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:01:57.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reportportal:reportportal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.2", + "matchCriteriaId": "FA457CC7-2162-45F4-9242-627E4834CB40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reportportal:service-api:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.0", + "matchCriteriaId": "F2404BAD-E6F4-4CC7-BCD6-4F9FB004CA68" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/reportportal/reportportal/releases/tag/v23.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/reportportal/reportportal/security/advisories/GHSA-mj24-gpw7-23m9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://reportportal.io/docs/releases/Version23.2/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json index 52f71b11008..53ca7652d6b 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30802", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2023-10-10T15:15:09.880", - "lastModified": "2023-10-10T15:47:36.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:00:09.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall es vulnerable a una vulnerabilidad de divulgaci\u00f3n del c\u00f3digo fuente. Un atacante remoto y no autenticado puede obtener el c\u00f3digo fuente PHP enviando una solicitud HTTP con un campo Content-Length no v\u00e1lido." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*", + "matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Product" + ] }, { "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/sangfor-ngaf-source", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json index e22a0307593..1fbd1d3c993 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30803", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2023-10-10T15:15:09.957", - "lastModified": "2023-10-10T15:47:36.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T14:59:30.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un atacante remoto y no autenticado puede omitir la autenticaci\u00f3n y acceder a la funcionalidad administrativa enviando solicitudes HTTP utilizando un encabezado Y-forward-for manipulado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*", + "matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Product" + ] }, { "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json index 19a28699734..9a5251ff3c6 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30804", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2023-10-10T15:15:10.033", - "lastModified": "2023-10-10T15:47:36.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T14:58:48.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n NGAF8.0.17 del Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de divulgaci\u00f3n de archivos autenticados. Un atacante remoto y autenticado puede leer archivos arbitrarios del sistema utilizando el endpoint svpn_html/loadfile.php. Este problema puede ser aprovechado por un atacante remoto y no autenticado cuando se combina con CVE-2023-30803." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*", + "matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Product" + ] }, { "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json index d01193112b2..da4f6cf4ecc 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30805", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2023-10-10T15:15:10.107", - "lastModified": "2023-10-10T15:47:36.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T14:57:34.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the \"un\" parameter.\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n NGAF8.0.17 de Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios enviando una solicitud HTTP POST manipulada al endpoint /LogInOut.php. Esto se debe a un mal manejo de los metacaracteres del shell en el par\u00e1metro \"un\"." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:8.0.17:*:*:*:*:*:*:*", + "matchCriteriaId": "CBC7AFA9-F1A0-42C2-AC34-DB6465E81A7F" + } + ] + } + ] + } + ], "references": [ { "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Product" + ] }, { "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/sangfor-ngaf-username-rce", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json index 19d88eb7fd9..718f68c36cf 100644 --- a/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json @@ -2,16 +2,40 @@ "id": "CVE-2023-30806", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2023-10-10T15:15:10.170", - "lastModified": "2023-10-10T15:47:36.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:00:30.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\n" + }, + { + "lang": "es", + "value": "La versi\u00f3n NGAF8.0.17 de Sangfor Next-Gen Application Firewall est\u00e1 afectada por una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo. Un atacante remoto y no autenticado puede ejecutar comandos arbitrarios enviando una solicitud HTTP POST manipulada al endpoint /cgi-bin/login.cgi. Esto se debe a un mal manejo de los metacaracteres del shell en la cookie PHPSESSID." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -46,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sangfor:next-gen_application_firewall:ngaf8.0.17:*:*:*:*:*:*:*", + "matchCriteriaId": "EDCE7CFB-D534-49FC-BAA2-C64A4A6F4630" + } + ] + } + ] + } + ], "references": [ { "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Product" + ] }, { "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33301.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33301.json index fa4affd8de6..ba197750720 100644 --- a/CVE-2023/CVE-2023-333xx/CVE-2023-33301.json +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33301.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33301", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-10-10T17:15:11.217", - "lastModified": "2023-10-10T17:52:17.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:44:04.660", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de control de acceso inadecuado en Fortinet FortiOS 7.2.0 - 7.2.4 y 7.4.0 permite a un atacante acceder a un recurso restringido desde un host no confiable." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +58,49 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.4", + "matchCriteriaId": "4AB643A8-B52F-4D54-B816-28A6401BAA25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "61540F5B-080A-4D44-8BE0-75D7A0DCCB53" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-139", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-333xx/CVE-2023-33303.json b/CVE-2023/CVE-2023-333xx/CVE-2023-33303.json new file mode 100644 index 00000000000..fb413d50a0b --- /dev/null +++ b/CVE-2023/CVE-2023-333xx/CVE-2023-33303.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-33303", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:43.930", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-007", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3470.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3470.json index 57818dedad7..d3c9bbee3ad 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3470.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3470.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3470", "sourceIdentifier": "f5sirt@f5.com", "published": "2023-08-02T16:15:10.837", - "lastModified": "2023-08-07T19:48:56.370", + "lastModified": "2023-10-13T14:14:59.110", "vulnStatus": "Analyzed", "descriptions": [ { @@ -61,7 +61,7 @@ "description": [ { "lang": "en", - "value": "CWE-521" + "value": "CWE-287" } ] }, @@ -78,7 +78,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json index 65af10429ce..1176354bd1a 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36567", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.260", - "lastModified": "2023-10-10T18:21:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:15:32.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Deployment Services Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en Windows Deployment Services" } ], "metrics": { @@ -34,10 +38,109 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json index 53a9fa523fc..87e66a88358 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36568", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.323", - "lastModified": "2023-10-10T18:21:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:10:58.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Office Click-To-Run" } ], "metrics": { @@ -34,10 +38,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json index 2faa9059845..e160d82cd14 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36569", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.387", - "lastModified": "2023-10-10T18:21:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:10:30.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Office Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Office" } ], "metrics": { @@ -34,10 +38,53 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "FF177984-A906-43FA-BF60-298133FBBD6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", + "matchCriteriaId": "0B3EF1E5-4757-4CFA-AE72-6BA876D3C9FD" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json index a4977bd6c7e..7bd05a727a5 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36572", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.573", - "lastModified": "2023-10-10T18:21:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:09:29.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json index d383218fd3d..3dd513d9654 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36573", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.637", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:09:02.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json index f42ab2e0cee..c7603249dfe 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36574", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.697", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:19:55.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json index 5ddb3bc4b5a..9fa0aa4ecd7 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36575", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.757", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:19:13.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json index 56bee6f1593..6018a5f8e83 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36576", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.823", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:18:36.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Windows Kernel Information Disclosure Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del kernel de Windows" } ], "metrics": { @@ -34,10 +38,89 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json index 24c977fa8b9..ed38332fd9b 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36577", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.887", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:17:39.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Proveedor Microsoft WDAC OLE DB para la vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de SQL Server" } ], "metrics": { @@ -34,10 +38,109 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "5B5FFA9D-5BA5-484B-9DC9-5BC048166C70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "A55291EE-DD3D-4C87-87A5-EE7D81046E30" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json index 0c0c21070a3..6ed4430c546 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36578", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:13.950", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:16:40.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json index 0dcf2cfecdf..33c7c96a681 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json @@ -2,12 +2,16 @@ "id": "CVE-2023-36579", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:14.027", - "lastModified": "2023-10-10T18:21:10.523", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:16:06.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Message Queuing Denial of Service Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de denegaci\u00f3n de servicio en Microsoft Message Queuing" } ], "metrics": { @@ -34,10 +38,115 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.10240.20232", + "matchCriteriaId": "656B3DC8-9A4A-4386-A1F0-367E6B05C728" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6351", + "matchCriteriaId": "2D523568-3488-439B-B008-025E99213147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.4974", + "matchCriteriaId": "E500D59C-6597-45E9-A57B-BE26C0C231D3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19041.3570", + "matchCriteriaId": "80F408E5-E550-44B4-88E3-BE11359C07CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.3570", + "matchCriteriaId": "1814619C-ED07-49E0-A50A-E28D824D43BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.2538", + "matchCriteriaId": "100A27D3-87B0-4E72-83F6-7605E3F35E63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.2428", + "matchCriteriaId": "C6A36795-0238-45C9-ABE6-3DCCF751915B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json index 42259f613e1..999ca9b5388 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json @@ -2,31 +2,109 @@ "id": "CVE-2023-39323", "sourceIdentifier": "security@golang.org", "published": "2023-10-05T21:15:11.283", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:03:42.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex." + }, + { + "lang": "es", + "value": "Las directivas de l\u00ednea (\"//line\") se pueden utilizar para evitar las restricciones de las directivas \"//go:cgo_\", permitiendo que se pasen indicadores bloqueados del enlazador y del compilador durante la compilaci\u00f3n. Esto puede provocar la ejecuci\u00f3n inesperada de c\u00f3digo arbitrario al ejecutar \"go build\". La directiva de l\u00ednea requiere la ruta absoluta del archivo en el que se encuentra la directiva, lo que hace que explotar este problema sea significativamente m\u00e1s complejo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.20.9", + "matchCriteriaId": "84851C3D-3035-457E-96D9-48E219817D58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.21.0", + "versionEndExcluding": "1.21.2", + "matchCriteriaId": "7381A279-81EB-48D9-8065-C733FA8736B8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://go.dev/cl/533215", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Patch" + ] }, { "url": "https://go.dev/issue/63211", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Mailing List", + "Release Notes" + ] }, { "url": "https://pkg.go.dev/vuln/GO-2023-2095", - "source": "security@golang.org" + "source": "security@golang.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41680.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41680.json new file mode 100644 index 00000000000..c80d8e1ffb7 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41680.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41680", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:44.000", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-311", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41681.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41681.json new file mode 100644 index 00000000000..90ddd6cee60 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41681.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41681", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:44.060", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-311", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41682.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41682.json new file mode 100644 index 00000000000..6d9cbaf17b7 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41682.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41682", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:44.123", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-280", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41836.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41836.json new file mode 100644 index 00000000000..2a844364b0d --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41836.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41836", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:44.183", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-215", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json new file mode 100644 index 00000000000..32830d948b0 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41843", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2023-10-13T15:15:44.243", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-273", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42787.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42787.json index ed70feb7a57..90e72f8b5ca 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42787.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42787.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42787", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-10-10T17:15:12.930", - "lastModified": "2023-10-10T17:52:09.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:04:19.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A client-side enforcement of server-side security [CWE-602] vulnerability\u00a0in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de aplicaci\u00f3n de seguridad del lado del servidor [CWE-602] en Fortinet FortiManager versi\u00f3n 7.4.0 y anteriores a 7.2.3 y FortiAnalyzer versi\u00f3n 7.4.0 y anteriores a 7.2.3 puede permitir que un atacante remoto con privilegios bajos acceda a una consola web privilegiada a trav\u00e9s de la ejecuci\u00f3n de c\u00f3digo del lado del cliente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +58,103 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.12", + "matchCriteriaId": "285EC81A-34F0-4153-82DE-6A49C05EB240" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.13", + "matchCriteriaId": "56D6A507-5B18-4F62-9B08-98122FB2F23B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.9", + "matchCriteriaId": "CCE23C15-B42C-48DF-9435-27D5143F0B5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.12", + "matchCriteriaId": "09105C5B-378F-4E1A-B395-F43573983A26" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.13", + "matchCriteriaId": "B632AF2E-739B-4EBA-8780-8AE999C62F3E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.9", + "matchCriteriaId": "FA1523A4-BC32-4618-897D-9B5709512FBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-187", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json index 9598783c699..360f9372179 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42788.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42788", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-10-10T17:15:12.987", - "lastModified": "2023-10-10T17:52:09.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:22:01.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command" + }, + { + "lang": "es", + "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') [CWE-78] en FortiManager y FortiAnalyzer versi\u00f3n 7.4.0, versi\u00f3n 7.2.0 a 7.2.3, versi\u00f3n 7.0.0 a 7.0.8 , las versiones 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 pueden permitir que un atacante local con privilegios bajos ejecute c\u00f3digo no autorizado a trav\u00e9s de argumentos espec\u00edficamente manipulados para un comando CLI" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +58,103 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.11", + "matchCriteriaId": "AB37EC26-3458-4AB4-91E5-58B75E587F64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.12", + "matchCriteriaId": "041E0C3F-E9B6-46E3-87D4-718FAC0C024E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.8", + "matchCriteriaId": "8B74F415-4705-4923-945F-CB393326F78D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "B31BB84A-E622-4911-AAB4-41E57F661A8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "91A9AF01-72FD-4942-A95E-71A7609B6977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.11", + "matchCriteriaId": "67777F42-09E1-4651-807C-325A5F0D8A66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.12", + "matchCriteriaId": "0FC51DD4-5232-41CD-B85A-8AF8DB74A322" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.0.8", + "matchCriteriaId": "7AEFC8D4-6358-4A81-BCF3-D162871F59F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "7C7C73B7-2AE1-4FC2-A37A-89A085796D19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DBBF7219-D15F-43C9-9A90-1A4B062431E4" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-167", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43269.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43269.json index ed64fafe47a..1ca4b0d41a0 100644 --- a/CVE-2023/CVE-2023-432xx/CVE-2023-43269.json +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43269.json @@ -2,19 +2,79 @@ "id": "CVE-2023-43269", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-05T22:15:12.180", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:03:11.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que pigcms hasta 7.0 conten\u00eda una vulnerabilidad de carga de archivos arbitraria." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pigcms:pigcms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.0", + "matchCriteriaId": "5B166487-B720-460E-9B21-D50037AD4BE5" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pwnero/vul/issues/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45109.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45109.json new file mode 100644 index 00000000000..76912703139 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45109.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45109", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-13T14:15:10.193", + "lastModified": "2023-10-13T14:44:03.987", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <=\u00a01.1.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/white-page-publication/wordpress-whitepage-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45267.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45267.json new file mode 100644 index 00000000000..b703508f3a2 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45267.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45267", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-13T15:15:44.310", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <=\u00a02.2.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wooreviews-importer/wordpress-irivyou-add-reviews-from-aliexpress-and-amazon-to-woocommerce-plugin-2-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45268.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45268.json new file mode 100644 index 00000000000..32921c742f2 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45268.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45268", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-13T15:15:44.383", + "lastModified": "2023-10-13T15:20:17.967", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <=\u00a05.86 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/hitsteps-visitor-manager/wordpress-hitsteps-web-analytics-plugin-5-85-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45282.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45282.json index 01043039b41..6589f676d18 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45282.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45282.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45282", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-06T19:15:12.950", - "lastModified": "2023-10-12T16:15:12.167", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-13T14:42:00.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "En NASA Open MCT (tambi\u00e9n conocido como openmct) 2.2.5 anterior a 545a177, la contaminaci\u00f3n del prototipo puede ocurrir mediante una acci\u00f3n de importaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nasa:openmct:2.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "110C12F8-84AF-42E1-9D25-B34D4EECB67F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nasa/openmct/pull/7094/commits/545a1770c523ecc3410dca884c6809d5ff0f9d52", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://nasa.github.io/openmct/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.linkedin.com/pulse/prototype-pollution-nasas-open-mct-cve-2023-45282", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45391.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45391.json new file mode 100644 index 00000000000..acd44ed22de --- /dev/null +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45391.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45391", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-13T14:15:10.587", + "lastModified": "2023-10-13T14:44:03.987", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-stored-xss.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45393.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45393.json new file mode 100644 index 00000000000..64ded7942df --- /dev/null +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45393.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-45393", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-13T14:15:10.847", + "lastModified": "2023-10-13T14:44:03.987", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://the-it-wonders.blogspot.com/2023/10/granding-utime-master-idor.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5232.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5232.json index 1cc5bc0fd25..405aac8a9c6 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5232.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5232.json @@ -2,19 +2,43 @@ "id": "CVE-2023-5232", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-28T05:15:46.437", - "lastModified": "2023-09-28T12:44:04.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:07:51.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Font Awesome More Icons para WordPress es vulnerable a Cross-Site Scripting almacenado, a trav\u00e9s del c\u00f3digo abreviado de 'icon' en versiones hasta la 3.5 incluida, debido a una insuficiente sanitizaci\u00f3n de entrada y escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +68,50 @@ "value": "CWE-79" } ] + }, + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webguysaz:font_awesome_more_icons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5", + "matchCriteriaId": "B184AAE1-3B85-4EE7-9539-BAE5F7F5612C" + } + ] + } + ] } ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/font-awesome-more-icons/tags/3.5/plugin.php#L82", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5520.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5520.json index c6e6570c12c..0c7783bae1f 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5520.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5520.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5520", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-11T12:15:11.857", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-13T15:13:36.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2." + }, + { + "lang": "es", + "value": "Fuera de los L\u00edmites Le\u00eddo en el repositorio de GitHub gpac/gpac anterior a 2.2.2." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.2", + "matchCriteriaId": "DBF31B7B-F4C7-40C0-9245-09FECA1A8164" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 741c3a7369b..9bc2d928dd7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-13T14:00:24.644716+00:00 +2023-10-13T16:00:24.418019+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-13T13:46:47.010000+00:00 +2023-10-13T15:44:04.660000+00:00 ``` ### Last Data Feed Release @@ -29,62 +29,55 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227755 +227766 ``` ### CVEs added in the last Commit -Recently added CVEs: `18` +Recently added CVEs: `11` -* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-10-13T12:15:09.970`) -* [CVE-2023-43079](CVE-2023/CVE-2023-430xx/CVE-2023-43079.json) (`2023-10-13T12:15:10.077`) -* [CVE-2023-29464](CVE-2023/CVE-2023-294xx/CVE-2023-29464.json) (`2023-10-13T13:15:11.453`) -* [CVE-2023-39960](CVE-2023/CVE-2023-399xx/CVE-2023-39960.json) (`2023-10-13T13:15:11.560`) -* [CVE-2023-45107](CVE-2023/CVE-2023-451xx/CVE-2023-45107.json) (`2023-10-13T13:15:11.663`) -* [CVE-2023-45108](CVE-2023/CVE-2023-451xx/CVE-2023-45108.json) (`2023-10-13T13:15:11.750`) -* [CVE-2023-45130](CVE-2023/CVE-2023-451xx/CVE-2023-45130.json) (`2023-10-13T13:15:11.827`) -* [CVE-2023-45162](CVE-2023/CVE-2023-451xx/CVE-2023-45162.json) (`2023-10-13T13:15:11.910`) -* [CVE-2023-45463](CVE-2023/CVE-2023-454xx/CVE-2023-45463.json) (`2023-10-13T13:15:11.987`) -* [CVE-2023-45464](CVE-2023/CVE-2023-454xx/CVE-2023-45464.json) (`2023-10-13T13:15:12.043`) -* [CVE-2023-45465](CVE-2023/CVE-2023-454xx/CVE-2023-45465.json) (`2023-10-13T13:15:12.093`) -* [CVE-2023-45466](CVE-2023/CVE-2023-454xx/CVE-2023-45466.json) (`2023-10-13T13:15:12.147`) -* [CVE-2023-45467](CVE-2023/CVE-2023-454xx/CVE-2023-45467.json) (`2023-10-13T13:15:12.203`) -* [CVE-2023-45468](CVE-2023/CVE-2023-454xx/CVE-2023-45468.json) (`2023-10-13T13:15:12.253`) -* [CVE-2023-4517](CVE-2023/CVE-2023-45xx/CVE-2023-4517.json) (`2023-10-13T13:15:12.443`) -* [CVE-2023-4829](CVE-2023/CVE-2023-48xx/CVE-2023-4829.json) (`2023-10-13T13:15:12.523`) -* [CVE-2023-4995](CVE-2023/CVE-2023-49xx/CVE-2023-4995.json) (`2023-10-13T13:15:12.607`) -* [CVE-2023-5240](CVE-2023/CVE-2023-52xx/CVE-2023-5240.json) (`2023-10-13T13:15:12.693`) +* [CVE-2023-45109](CVE-2023/CVE-2023-451xx/CVE-2023-45109.json) (`2023-10-13T14:15:10.193`) +* [CVE-2023-45391](CVE-2023/CVE-2023-453xx/CVE-2023-45391.json) (`2023-10-13T14:15:10.587`) +* [CVE-2023-45393](CVE-2023/CVE-2023-453xx/CVE-2023-45393.json) (`2023-10-13T14:15:10.847`) +* [CVE-2023-33303](CVE-2023/CVE-2023-333xx/CVE-2023-33303.json) (`2023-10-13T15:15:43.930`) +* [CVE-2023-41680](CVE-2023/CVE-2023-416xx/CVE-2023-41680.json) (`2023-10-13T15:15:44.000`) +* [CVE-2023-41681](CVE-2023/CVE-2023-416xx/CVE-2023-41681.json) (`2023-10-13T15:15:44.060`) +* [CVE-2023-41682](CVE-2023/CVE-2023-416xx/CVE-2023-41682.json) (`2023-10-13T15:15:44.123`) +* [CVE-2023-41836](CVE-2023/CVE-2023-418xx/CVE-2023-41836.json) (`2023-10-13T15:15:44.183`) +* [CVE-2023-41843](CVE-2023/CVE-2023-418xx/CVE-2023-41843.json) (`2023-10-13T15:15:44.243`) +* [CVE-2023-45267](CVE-2023/CVE-2023-452xx/CVE-2023-45267.json) (`2023-10-13T15:15:44.310`) +* [CVE-2023-45268](CVE-2023/CVE-2023-452xx/CVE-2023-45268.json) (`2023-10-13T15:15:44.383`) ### CVEs modified in the last Commit -Recently modified CVEs: `56` +Recently modified CVEs: `32` -* [CVE-2023-44194](CVE-2023/CVE-2023-441xx/CVE-2023-44194.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44195](CVE-2023/CVE-2023-441xx/CVE-2023-44195.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44196](CVE-2023/CVE-2023-441xx/CVE-2023-44196.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44197](CVE-2023/CVE-2023-441xx/CVE-2023-44197.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44198](CVE-2023/CVE-2023-441xx/CVE-2023-44198.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44199](CVE-2023/CVE-2023-441xx/CVE-2023-44199.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44201](CVE-2023/CVE-2023-442xx/CVE-2023-44201.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44203](CVE-2023/CVE-2023-442xx/CVE-2023-44203.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-44204](CVE-2023/CVE-2023-442xx/CVE-2023-44204.json) (`2023-10-13T12:47:39.540`) -* [CVE-2023-23632](CVE-2023/CVE-2023-236xx/CVE-2023-23632.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-5562](CVE-2023/CVE-2023-55xx/CVE-2023-5562.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-45510](CVE-2023/CVE-2023-455xx/CVE-2023-45510.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-45511](CVE-2023/CVE-2023-455xx/CVE-2023-45511.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-27316](CVE-2023/CVE-2023-273xx/CVE-2023-27316.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-22392](CVE-2023/CVE-2023-223xx/CVE-2023-22392.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-36839](CVE-2023/CVE-2023-368xx/CVE-2023-36839.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-36841](CVE-2023/CVE-2023-368xx/CVE-2023-36841.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-36843](CVE-2023/CVE-2023-368xx/CVE-2023-36843.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-41261](CVE-2023/CVE-2023-412xx/CVE-2023-41261.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-41262](CVE-2023/CVE-2023-412xx/CVE-2023-41262.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-41263](CVE-2023/CVE-2023-412xx/CVE-2023-41263.json) (`2023-10-13T12:47:48.873`) -* [CVE-2023-5498](CVE-2023/CVE-2023-54xx/CVE-2023-5498.json) (`2023-10-13T12:54:51.443`) -* [CVE-2023-43787](CVE-2023/CVE-2023-437xx/CVE-2023-43787.json) (`2023-10-13T13:18:05.560`) -* [CVE-2023-5488](CVE-2023/CVE-2023-54xx/CVE-2023-5488.json) (`2023-10-13T13:22:54.483`) -* [CVE-2023-43786](CVE-2023/CVE-2023-437xx/CVE-2023-43786.json) (`2023-10-13T13:26:45.497`) +* [CVE-2023-45282](CVE-2023/CVE-2023-452xx/CVE-2023-45282.json) (`2023-10-13T14:42:00.880`) +* [CVE-2023-30805](CVE-2023/CVE-2023-308xx/CVE-2023-30805.json) (`2023-10-13T14:57:34.343`) +* [CVE-2023-30804](CVE-2023/CVE-2023-308xx/CVE-2023-30804.json) (`2023-10-13T14:58:48.373`) +* [CVE-2023-30803](CVE-2023/CVE-2023-308xx/CVE-2023-30803.json) (`2023-10-13T14:59:30.843`) +* [CVE-2023-30802](CVE-2023/CVE-2023-308xx/CVE-2023-30802.json) (`2023-10-13T15:00:09.473`) +* [CVE-2023-30806](CVE-2023/CVE-2023-308xx/CVE-2023-30806.json) (`2023-10-13T15:00:30.383`) +* [CVE-2023-25822](CVE-2023/CVE-2023-258xx/CVE-2023-25822.json) (`2023-10-13T15:01:57.210`) +* [CVE-2023-43269](CVE-2023/CVE-2023-432xx/CVE-2023-43269.json) (`2023-10-13T15:03:11.810`) +* [CVE-2023-39323](CVE-2023/CVE-2023-393xx/CVE-2023-39323.json) (`2023-10-13T15:03:42.950`) +* [CVE-2023-42787](CVE-2023/CVE-2023-427xx/CVE-2023-42787.json) (`2023-10-13T15:04:19.727`) +* [CVE-2023-5232](CVE-2023/CVE-2023-52xx/CVE-2023-5232.json) (`2023-10-13T15:07:51.423`) +* [CVE-2023-36573](CVE-2023/CVE-2023-365xx/CVE-2023-36573.json) (`2023-10-13T15:09:02.467`) +* [CVE-2023-36572](CVE-2023/CVE-2023-365xx/CVE-2023-36572.json) (`2023-10-13T15:09:29.557`) +* [CVE-2023-36569](CVE-2023/CVE-2023-365xx/CVE-2023-36569.json) (`2023-10-13T15:10:30.050`) +* [CVE-2023-36568](CVE-2023/CVE-2023-365xx/CVE-2023-36568.json) (`2023-10-13T15:10:58.450`) +* [CVE-2023-5520](CVE-2023/CVE-2023-55xx/CVE-2023-5520.json) (`2023-10-13T15:13:36.757`) +* [CVE-2023-36567](CVE-2023/CVE-2023-365xx/CVE-2023-36567.json) (`2023-10-13T15:15:32.337`) +* [CVE-2023-36579](CVE-2023/CVE-2023-365xx/CVE-2023-36579.json) (`2023-10-13T15:16:06.637`) +* [CVE-2023-36578](CVE-2023/CVE-2023-365xx/CVE-2023-36578.json) (`2023-10-13T15:16:40.177`) +* [CVE-2023-36577](CVE-2023/CVE-2023-365xx/CVE-2023-36577.json) (`2023-10-13T15:17:39.077`) +* [CVE-2023-36576](CVE-2023/CVE-2023-365xx/CVE-2023-36576.json) (`2023-10-13T15:18:36.740`) +* [CVE-2023-36575](CVE-2023/CVE-2023-365xx/CVE-2023-36575.json) (`2023-10-13T15:19:13.637`) +* [CVE-2023-36574](CVE-2023/CVE-2023-365xx/CVE-2023-36574.json) (`2023-10-13T15:19:55.470`) +* [CVE-2023-42788](CVE-2023/CVE-2023-427xx/CVE-2023-42788.json) (`2023-10-13T15:22:01.607`) +* [CVE-2023-33301](CVE-2023/CVE-2023-333xx/CVE-2023-33301.json) (`2023-10-13T15:44:04.660`) ## Download and Usage