From 12d9b9f5866f055047db8e28d810486c36bada35 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 21 Nov 2023 00:55:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-21T00:55:17.801804+00:00 --- CVE-2023/CVE-2023-392xx/CVE-2023-39204.json | 182 +++++++++++++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39205.json | 158 ++++++++++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39206.json | 182 +++++++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39999.json | 6 +- CVE-2023/CVE-2023-401xx/CVE-2023-40151.json | 59 +++++++ CVE-2023/CVE-2023-435xx/CVE-2023-43582.json | 152 +++++++++++++++- CVE-2023/CVE-2023-435xx/CVE-2023-43588.json | 104 ++++++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47517.json | 61 ++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47518.json | 51 +++++- CVE-2023/CVE-2023-480xx/CVE-2023-48051.json | 20 +++ CVE-2023/CVE-2023-483xx/CVE-2023-48310.json | 63 +++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5561.json | 6 +- CVE-2023/CVE-2023-61xx/CVE-2023-6142.json | 59 +++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6144.json | 59 +++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6199.json | 59 +++++++ README.md | 40 ++--- 16 files changed, 1218 insertions(+), 43 deletions(-) create mode 100644 CVE-2023/CVE-2023-401xx/CVE-2023-40151.json create mode 100644 CVE-2023/CVE-2023-480xx/CVE-2023-48051.json create mode 100644 CVE-2023/CVE-2023-483xx/CVE-2023-48310.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6142.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6144.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6199.json diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39204.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39204.json index 4ff0e414533..122a413c5b8 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39204.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39204.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39204", "sourceIdentifier": "security@zoom.us", "published": "2023-11-14T23:15:08.687", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:47:04.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access." + }, + { + "lang": "es", + "value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,152 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "6542B8C0-31B4-40A0-B6F3-136C5A16EFE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "5722E765-C79A-4A21-9E03-2634D5E7F2F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "86B49D79-7C51-46BE-87C2-93717D687531" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "F6679219-E822-4E14-98CF-1661E343143E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "63776027-642A-4B76-A561-F658045ECBD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "81A22013-04BC-4F45-8295-81C5FD441FC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "B399594A-A021-4CCF-BD2D-3E43FC0BF8B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "0DACEF42-D48D-4CDD-B72C-0C1C2A63DF96" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "5C73290C-5F04-40AC-BFD8-64E2E53E3EF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "C29E2E20-94A0-4516-8815-F634290D1C3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "10213F87-D42E-47F0-A0E4-3EEC68D024B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "6E3A49AF-5716-4516-8BC5-2DF788E6608C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "24D1C345-4BF0-4027-A7C1-4D2FD8106EFB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "DE7C3EFB-8CDF-447F-BDFC-2914C7DF8449" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.13", + "matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.11", + "matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "229A05D6-27BE-46A0-ADA8-C37873A24EA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "42CDC31F-325B-43A1-8266-34317C644630" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "C7B42405-380C-42AD-9B87-99EB92E433BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "351C219A-492B-4DC8-B92F-1B609A16459A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.15.10", + "matchCriteriaId": "3D834D47-BF15-461E-A908-3F7A919C2ED2" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39205.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39205.json index ef77b3f5d6e..359e0673843 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39205.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39205.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39205", "sourceIdentifier": "security@zoom.us", "published": "2023-11-14T23:15:08.887", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:46:21.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access." + }, + { + "lang": "es", + "value": "La verificaci\u00f3n de condiciones inadecuadas en Zoom Team Chat para clientes de Zoom puede permitir que un usuario autenticado lleve a cabo una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,128 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "440B9710-9B66-4F17-A4EE-C1D11DF4DC76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "B3F99428-4438-47DA-BD2D-FF61BF1CC736" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "392358DF-EC53-4538-A361-F467B8DFEE8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "33188B54-F6E1-4556-8A90-9DD7384AF299" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.13", + "matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.11", + "matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39206.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39206.json index ff9e13e617d..cb40c51cf67 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39206.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39206.json @@ -2,16 +2,40 @@ "id": "CVE-2023-39206", "sourceIdentifier": "security@zoom.us", "published": "2023-11-14T23:15:09.073", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:46:02.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access." + }, + { + "lang": "es", + "value": "El desbordamiento del b\u00fafer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,152 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "440B9710-9B66-4F17-A4EE-C1D11DF4DC76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "B3F99428-4438-47DA-BD2D-FF61BF1CC736" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "392358DF-EC53-4538-A361-F467B8DFEE8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "1E1A90A2-8B2E-481F-95D6-FB9E85B951CD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "1.9.0", + "matchCriteriaId": "33188B54-F6E1-4556-8A90-9DD7384AF299" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.13", + "matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.11", + "matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39999.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39999.json index 2a1638897a3..be50cf0798f 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39999.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39999.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39999", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-13T12:15:09.970", - "lastModified": "2023-11-03T22:15:10.313", + "lastModified": "2023-11-20T23:15:06.393", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -254,6 +254,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html", + "source": "audit@patchstack.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/", "source": "audit@patchstack.com" diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40151.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40151.json new file mode 100644 index 00000000000..fc970b681e1 --- /dev/null +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40151.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40151", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-11-21T00:15:06.953", + "lastModified": "2023-11-21T00:15:06.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nWhen user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://support.redlion.net/hc/en-us/articles/19339209248269-RLCSIM-2023-05-Authentication-Bypass-and-Remote-Code-Execution", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43582.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43582.json index 44d5224daba..90bab3c96b3 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43582.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43582.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43582", "sourceIdentifier": "security@zoom.us", "published": "2023-11-15T00:15:08.673", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:45:03.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.\n" + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n inadecuada en algunos clientes de Zoom puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,122 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "249D7C05-850F-4BED-BE1B-864B3A555DC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "C00191F0-BCF9-4200-8953-B1DD1E0DBA3F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "12D81D70-FA29-4921-9A20-BE8DC596F6AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "141007D5-4A8B-48C3-8BFB-EAF8BC3EF905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "3D39B6BA-D4BC-4502-8867-D5A5441D3196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "62689640-F0DA-4FBA-83A9-AA29843B6E57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.13", + "matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.11", + "matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-435xx/CVE-2023-43588.json b/CVE-2023/CVE-2023-435xx/CVE-2023-43588.json index e9c1dec4a62..257747822d5 100644 --- a/CVE-2023/CVE-2023-435xx/CVE-2023-43588.json +++ b/CVE-2023/CVE-2023-435xx/CVE-2023-43588.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43588", "sourceIdentifier": "security@zoom.us", "published": "2023-11-15T00:15:08.860", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:44:17.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.\n\n" + }, + { + "lang": "es", + "value": "La gesti\u00f3n insuficiente del flujo de control en algunos clientes de Zoom puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@zoom.us", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "security@zoom.us", "type": "Secondary", @@ -46,10 +80,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:iphone_os:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "CF877945-AEBB-4347-B45C-DC5CF711EAC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E7C90882-B6EB-476E-B8C8-9CA9D2C86328" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:meetings:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E80CFF3B-0BF6-4EF4-878B-B037B5DF1BC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.14.13", + "matchCriteriaId": "4D26E2D3-9148-44AA-8AF0-A3E58704F532" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.0", + "versionEndExcluding": "5.15.11", + "matchCriteriaId": "C3B28CE5-ABB5-43C4-8BB4-133050E0821E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "7EB1DC6F-6270-40C4-804F-7EEC18A62FE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "E055EB88-5A25-4348-AAEA-5A25496E5E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "5.16.0", + "matchCriteriaId": "1BF6E442-FE5C-46AF-AE37-4D5A9AB56A3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", - "source": "security@zoom.us" + "source": "security@zoom.us", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47517.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47517.json index 7016e717a92..2a7aa51223b 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47517.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47517.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47517", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T23:15:11.737", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:45:47.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <=\u00a01.23.11.6 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento SendPress Newsletters en versiones <= 1.23.11.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pressified:sendpress:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.23.11.6", + "matchCriteriaId": "067F2805-85F7-4309-A837-9BA03C1BDE8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/sendpress/wordpress-sendpress-newsletters-plugin-1-22-3-31-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47518.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47518.json index c92f32813c8..1f5fc41548c 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47518.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47518.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47518", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-14T23:15:11.923", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T00:45:18.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <=\u00a02.6.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Matthew Muro Restrict Categories en versiones <= 2.6.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vfbpro:restrict_categories:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.4", + "matchCriteriaId": "5255F786-B34E-4295-A2A6-42AB90174579" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/restrict-categories/wordpress-restrict-categories-plugin-2-6-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48051.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48051.json new file mode 100644 index 00000000000..5a5c5fd9ce6 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48051.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48051", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-20T23:15:06.550", + "lastModified": "2023-11-20T23:15:06.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Carglglz/upydev/issues/38", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48310.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48310.json new file mode 100644 index 00000000000..fa101cc97ee --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48310.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-48310", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-20T23:15:06.593", + "lastModified": "2023-11-20T23:15:06.593", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name (and even without). A log file is created at the location specified. These files are created as root. If the file exists, the existing file is being rendered useless. This can result in denial of service. Version 2.1.1 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/NC3-LU/TestingPlatform/commit/7b3e7ca869a4845aa7445f874c22c5929315c3a7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/NC3-LU/TestingPlatform/releases/tag/v2.1.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/NC3-LU/TestingPlatform/security/advisories/GHSA-9fhc-f3mr-w6h6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5561.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5561.json index c0a07851153..fcc0d11a4dc 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5561.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5561.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5561", "sourceIdentifier": "contact@wpscan.com", "published": "2023-10-16T20:15:18.073", - "lastModified": "2023-11-08T19:15:09.703", + "lastModified": "2023-11-20T23:15:06.797", "vulnStatus": "Modified", "descriptions": [ { @@ -182,6 +182,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html", + "source": "contact@wpscan.com" + }, { "url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/", "source": "contact@wpscan.com", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6142.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6142.json new file mode 100644 index 00000000000..9fd3259209f --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6142.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6142", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-11-21T00:15:07.160", + "lastModified": "2023-11-21T00:15:07.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bunny/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://github.com/Armanidrisi/devblog/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6144.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6144.json new file mode 100644 index 00000000000..f9937edcd53 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6144.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6144", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-11-21T00:15:07.353", + "lastModified": "2023-11-21T00:15:07.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dev blog v1.0 allows to exploit an account takeover through the \"user\" cookie. With this, an attacker can access any user's session just by knowing their username.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/almighty/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://github.com/Armanidrisi/devblog/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json new file mode 100644 index 00000000000..3ca02a9e17d --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6199", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-11-20T23:15:06.877", + "lastModified": "2023-11-20T23:15:06.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/imagination/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.bookstackapp.com/blog/bookstack-release-v23-10-3/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9f6aba38cfc..4b34a4a2898 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-20T23:00:17.974728+00:00 +2023-11-21T00:55:17.801804+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-20T22:15:07.243000+00:00 +2023-11-21T00:47:04.810000+00:00 ``` ### Last Data Feed Release @@ -29,34 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231185 +231191 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `6` -* [CVE-2023-46470](CVE-2023/CVE-2023-464xx/CVE-2023-46470.json) (`2023-11-20T21:15:08.210`) -* [CVE-2023-46471](CVE-2023/CVE-2023-464xx/CVE-2023-46471.json) (`2023-11-20T21:15:08.253`) -* [CVE-2023-47172](CVE-2023/CVE-2023-471xx/CVE-2023-47172.json) (`2023-11-20T21:15:08.293`) -* [CVE-2023-47311](CVE-2023/CVE-2023-473xx/CVE-2023-47311.json) (`2023-11-20T21:15:08.337`) -* [CVE-2023-6062](CVE-2023/CVE-2023-60xx/CVE-2023-6062.json) (`2023-11-20T21:15:08.387`) -* [CVE-2023-6178](CVE-2023/CVE-2023-61xx/CVE-2023-6178.json) (`2023-11-20T21:15:08.550`) -* [CVE-2023-48176](CVE-2023/CVE-2023-481xx/CVE-2023-48176.json) (`2023-11-20T22:15:07.187`) -* [CVE-2023-48192](CVE-2023/CVE-2023-481xx/CVE-2023-48192.json) (`2023-11-20T22:15:07.243`) +* [CVE-2023-48051](CVE-2023/CVE-2023-480xx/CVE-2023-48051.json) (`2023-11-20T23:15:06.550`) +* [CVE-2023-48310](CVE-2023/CVE-2023-483xx/CVE-2023-48310.json) (`2023-11-20T23:15:06.593`) +* [CVE-2023-6199](CVE-2023/CVE-2023-61xx/CVE-2023-6199.json) (`2023-11-20T23:15:06.877`) +* [CVE-2023-40151](CVE-2023/CVE-2023-401xx/CVE-2023-40151.json) (`2023-11-21T00:15:06.953`) +* [CVE-2023-6142](CVE-2023/CVE-2023-61xx/CVE-2023-6142.json) (`2023-11-21T00:15:07.160`) +* [CVE-2023-6144](CVE-2023/CVE-2023-61xx/CVE-2023-6144.json) (`2023-11-21T00:15:07.353`) ### CVEs modified in the last Commit -Recently modified CVEs: `7` +Recently modified CVEs: `9` -* [CVE-2020-13920](CVE-2020/CVE-2020-139xx/CVE-2020-13920.json) (`2023-11-20T22:15:06.783`) -* [CVE-2021-26117](CVE-2021/CVE-2021-261xx/CVE-2021-26117.json) (`2023-11-20T22:15:06.903`) -* [CVE-2023-38177](CVE-2023/CVE-2023-381xx/CVE-2023-38177.json) (`2023-11-20T21:00:46.393`) -* [CVE-2023-36719](CVE-2023/CVE-2023-367xx/CVE-2023-36719.json) (`2023-11-20T21:02:51.473`) -* [CVE-2023-46213](CVE-2023/CVE-2023-462xx/CVE-2023-46213.json) (`2023-11-20T21:15:08.043`) -* [CVE-2023-46214](CVE-2023/CVE-2023-462xx/CVE-2023-46214.json) (`2023-11-20T21:15:08.133`) -* [CVE-2023-46604](CVE-2023/CVE-2023-466xx/CVE-2023-46604.json) (`2023-11-20T22:15:07.083`) +* [CVE-2023-39999](CVE-2023/CVE-2023-399xx/CVE-2023-39999.json) (`2023-11-20T23:15:06.393`) +* [CVE-2023-5561](CVE-2023/CVE-2023-55xx/CVE-2023-5561.json) (`2023-11-20T23:15:06.797`) +* [CVE-2023-43588](CVE-2023/CVE-2023-435xx/CVE-2023-43588.json) (`2023-11-21T00:44:17.740`) +* [CVE-2023-43582](CVE-2023/CVE-2023-435xx/CVE-2023-43582.json) (`2023-11-21T00:45:03.947`) +* [CVE-2023-47518](CVE-2023/CVE-2023-475xx/CVE-2023-47518.json) (`2023-11-21T00:45:18.103`) +* [CVE-2023-47517](CVE-2023/CVE-2023-475xx/CVE-2023-47517.json) (`2023-11-21T00:45:47.997`) +* [CVE-2023-39206](CVE-2023/CVE-2023-392xx/CVE-2023-39206.json) (`2023-11-21T00:46:02.800`) +* [CVE-2023-39205](CVE-2023/CVE-2023-392xx/CVE-2023-39205.json) (`2023-11-21T00:46:21.403`) +* [CVE-2023-39204](CVE-2023/CVE-2023-392xx/CVE-2023-39204.json) (`2023-11-21T00:47:04.810`) ## Download and Usage