From 14f67e94f30663c09bd2f48a71f8a320bd229e97 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 16 Aug 2023 22:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-08-16T22:00:25.636231+00:00 --- CVE-2020/CVE-2020-241xx/CVE-2020-24187.json | 69 +++++++++- CVE-2020/CVE-2020-242xx/CVE-2020-24221.json | 64 ++++++++- CVE-2021/CVE-2021-258xx/CVE-2021-25864.json | 6 +- CVE-2021/CVE-2021-265xx/CVE-2021-26504.json | 65 ++++++++- CVE-2021/CVE-2021-265xx/CVE-2021-26505.json | 63 ++++++++- CVE-2021/CVE-2021-275xx/CVE-2021-27523.json | 64 ++++++++- CVE-2022/CVE-2022-298xx/CVE-2022-29887.json | 59 +++++++- CVE-2022/CVE-2022-446xx/CVE-2022-44612.json | 59 +++++++- CVE-2022/CVE-2022-48xx/CVE-2022-4894.json | 20 +++ CVE-2023/CVE-2023-202xx/CVE-2023-20209.json | 43 ++++++ CVE-2023/CVE-2023-202xx/CVE-2023-20228.json | 43 ++++++ CVE-2023/CVE-2023-202xx/CVE-2023-20242.json | 43 ++++++ CVE-2023/CVE-2023-223xx/CVE-2023-22338.json | 59 +++++++- CVE-2023/CVE-2023-228xx/CVE-2023-22843.json | 63 ++++++++- CVE-2023/CVE-2023-251xx/CVE-2023-25182.json | 59 +++++++- CVE-2023/CVE-2023-257xx/CVE-2023-25773.json | 59 +++++++- CVE-2023/CVE-2023-273xx/CVE-2023-27392.json | 59 +++++++- CVE-2023/CVE-2023-275xx/CVE-2023-27506.json | 59 +++++++- CVE-2023/CVE-2023-280xx/CVE-2023-28075.json | 55 ++++++++ CVE-2023/CVE-2023-29xx/CVE-2023-2905.json | 73 +++++++++- CVE-2023/CVE-2023-324xx/CVE-2023-32453.json | 55 ++++++++ CVE-2023/CVE-2023-326xx/CVE-2023-32609.json | 59 +++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39952.json | 117 +++++++++++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40021.json | 71 ++++++++++ CVE-2023/CVE-2023-400xx/CVE-2023-40033.json | 59 ++++++++ CVE-2023/CVE-2023-400xx/CVE-2023-40034.json | 67 +++++++++ CVE-2023/CVE-2023-41xx/CVE-2023-4128.json | 143 +++++++++++++++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4382.json | 84 ++++++++++++ CVE-2023/CVE-2023-43xx/CVE-2023-4383.json | 88 ++++++++++++ CVE-2023/CVE-2023-43xx/CVE-2023-4384.json | 88 ++++++++++++ README.md | 63 +++++---- 31 files changed, 1880 insertions(+), 98 deletions(-) create mode 100644 CVE-2022/CVE-2022-48xx/CVE-2022-4894.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20209.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20228.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20242.json create mode 100644 CVE-2023/CVE-2023-280xx/CVE-2023-28075.json create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32453.json create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40021.json create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40033.json create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40034.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4382.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4383.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4384.json diff --git a/CVE-2020/CVE-2020-241xx/CVE-2020-24187.json b/CVE-2020/CVE-2020-241xx/CVE-2020-24187.json index 5ae638d6803..15c38221f7c 100644 --- a/CVE-2020/CVE-2020-241xx/CVE-2020-24187.json +++ b/CVE-2020/CVE-2020-241xx/CVE-2020-24187.json @@ -2,23 +2,82 @@ "id": "CVE-2020-24187", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:10.237", - "lastModified": "2023-08-11T15:18:19.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T21:11:04.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jerryscript:jerryscript:2.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BCC6C843-EE98-4852-8D03-7FC19D2E821C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Aurorainfinity/Poc/tree/master/jerryscript/NULL-dereference-ecma_get_lex_env_type", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/jerryscript-project/jerryscript/issues/4076", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-242xx/CVE-2020-24221.json b/CVE-2020/CVE-2020-242xx/CVE-2020-24221.json index a65c6b17683..d9cde1e787b 100644 --- a/CVE-2020/CVE-2020-242xx/CVE-2020-24221.json +++ b/CVE-2020/CVE-2020-242xx/CVE-2020-24221.json @@ -2,19 +2,75 @@ "id": "CVE-2020-24221", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:10.297", - "lastModified": "2023-08-11T15:18:19.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T21:11:08.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:miniupnp_project:ngiflib:0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "5BE2BAA9-5D76-4039-A655-3F478ED5D601" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/miniupnp/ngiflib/issues/17", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-258xx/CVE-2021-25864.json b/CVE-2021/CVE-2021-258xx/CVE-2021-25864.json index 28603ec3be2..e44ddc87832 100644 --- a/CVE-2021/CVE-2021-258xx/CVE-2021-25864.json +++ b/CVE-2021/CVE-2021-258xx/CVE-2021-25864.json @@ -2,7 +2,7 @@ "id": "CVE-2021-25864", "sourceIdentifier": "cve@mitre.org", "published": "2021-01-26T18:16:21.897", - "lastModified": "2021-02-02T21:13:34.160", + "lastModified": "2023-08-16T20:29:49.300", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:node-red-contrib-huemagic_project:node-red-contrib-huemagic:3.0.0:*:*:*:*:node.js:*:*", - "matchCriteriaId": "450D1783-67DC-4AA6-B9E0-BB8ADE6CE553" + "criteria": "cpe:2.3:a:dgtl:huemagic:3.0.0:*:*:*:*:node.js:*:*", + "matchCriteriaId": "34B7DCCF-571F-4971-B41A-7B83E207C803" } ] } diff --git a/CVE-2021/CVE-2021-265xx/CVE-2021-26504.json b/CVE-2021/CVE-2021-265xx/CVE-2021-26504.json index 9be2a460592..2b0a3024a71 100644 --- a/CVE-2021/CVE-2021-265xx/CVE-2021-26504.json +++ b/CVE-2021/CVE-2021-265xx/CVE-2021-26504.json @@ -2,19 +2,76 @@ "id": "CVE-2021-26504", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:12.187", - "lastModified": "2023-08-11T15:18:01.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:22:24.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dgtl:huemagic:3.0.0:*:*:*:*:node.js:*:*", + "matchCriteriaId": "34B7DCCF-571F-4971-B41A-7B83E207C803" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Foddy/node-red-contrib-huemagic/issues/217", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-265xx/CVE-2021-26505.json b/CVE-2021/CVE-2021-265xx/CVE-2021-26505.json index ff875a4a1af..2c6637400b4 100644 --- a/CVE-2021/CVE-2021-265xx/CVE-2021-26505.json +++ b/CVE-2021/CVE-2021-265xx/CVE-2021-26505.json @@ -2,19 +2,74 @@ "id": "CVE-2021-26505", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:12.257", - "lastModified": "2023-08-11T15:18:01.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:09:07.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hello.js_project:hello.js:1.18.6:*:*:*:*:node.js:*:*", + "matchCriteriaId": "8449D91E-C8BA-42F4-B8B3-7A30B8F5AC57" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MrSwitch/hello.js/issues/634", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-275xx/CVE-2021-27523.json b/CVE-2021/CVE-2021-275xx/CVE-2021-27523.json index 4ac66ee2dbb..1c3cdb550fe 100644 --- a/CVE-2021/CVE-2021-275xx/CVE-2021-27523.json +++ b/CVE-2021/CVE-2021-275xx/CVE-2021-27523.json @@ -2,19 +2,75 @@ "id": "CVE-2021-27523", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:12.320", - "lastModified": "2023-08-11T15:18:01.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:08:11.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-falcon:dashboard:0.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "977BD1DB-D24F-436A-9259-0A6FDC17E1E2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/open-falcon/dashboard/issues/153", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-298xx/CVE-2022-29887.json b/CVE-2022/CVE-2022-298xx/CVE-2022-29887.json index 7fc7bc62a7d..dc6bc1ff1f1 100644 --- a/CVE-2022/CVE-2022-298xx/CVE-2022-29887.json +++ b/CVE-2022/CVE-2022-298xx/CVE-2022-29887.json @@ -2,8 +2,8 @@ "id": "CVE-2022-29887", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:12.437", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:35:20.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:manageability_commander:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3", + "matchCriteriaId": "F66CDA13-93CB-4EC2-99AA-227177DD7365" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00893.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44612.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44612.json index 4f859b56176..f6572510f59 100644 --- a/CVE-2022/CVE-2022-446xx/CVE-2022-44612.json +++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44612.json @@ -2,8 +2,8 @@ "id": "CVE-2022-44612", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:16.153", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:38:42.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:unison:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.12", + "matchCriteriaId": "08E8CC7F-08C6-4C0B-B81D-FBB0D7F79CFC" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00897.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4894.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4894.json new file mode 100644 index 00000000000..5920ace7ceb --- /dev/null +++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4894.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-4894", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-08-16T21:15:09.477", + "lastModified": "2023-08-16T21:15:09.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_8947379-8947403-16/hpsbpi03857", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20209.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20209.json new file mode 100644 index 00000000000..a9f60efe925 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20209.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20209", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-08-16T21:15:09.650", + "lastModified": "2023-08-16T21:15:09.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write privileges on the application to perform a command injection attack that could result in remote code execution on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to establish a remote shell with root privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-injection-X475EbTQ", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20228.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20228.json new file mode 100644 index 00000000000..fcff0a2bb13 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20228.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20228", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-08-16T21:15:09.737", + "lastModified": "2023-08-16T21:15:09.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the browser of the targeted user or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-xss-UMYtYEtr", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20242.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20242.json new file mode 100644 index 00000000000..ec256adef8b --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20242.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20242", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-08-16T21:15:09.800", + "lastModified": "2023-08-16T21:15:09.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-imp-xss-QtT4VdsK", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22338.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22338.json index 345fbd7b327..1779d7f9fb1 100644 --- a/CVE-2023/CVE-2023-223xx/CVE-2023-22338.json +++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22338.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22338", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:16.780", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:52:08.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:onevpl_gpu_runtime:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.6.5", + "matchCriteriaId": "ED9FACF6-33A2-480B-8BF2-E39ED1605067" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00818.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json index 420ba527ac0..b5fb55a9cfe 100644 --- a/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json +++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22843.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22843", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2023-08-09T09:15:13.667", - "lastModified": "2023-08-09T12:46:39.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T21:06:13.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -46,10 +76,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.6.2", + "matchCriteriaId": "D5DACA15-76B3-417A-8776-9014575659A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.6.2", + "matchCriteriaId": "6317D905-9F4B-42A1-937E-AB79D99B1973" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.nozominetworks.com/NN-2023:4-01", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-251xx/CVE-2023-25182.json b/CVE-2023/CVE-2023-251xx/CVE-2023-25182.json index b64afafb3c2..e5f9dbd9473 100644 --- a/CVE-2023/CVE-2023-251xx/CVE-2023-25182.json +++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25182.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25182", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:18.660", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:43:11.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:unite:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "4.2.11", + "matchCriteriaId": "FE9DCB41-5F24-4416-B169-D8106B7EFB32" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25773.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25773.json index ba2cac51aff..df335dd00cb 100644 --- a/CVE-2023/CVE-2023-257xx/CVE-2023-25773.json +++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25773.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25773", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:18.820", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:45:18.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:unite:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "4.2.34962", + "matchCriteriaId": "20F3A24C-4200-427A-8A82-3247EF4B6BB1" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00826.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27392.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27392.json index 3af8e5c646a..a1be3b529d6 100644 --- a/CVE-2023/CVE-2023-273xx/CVE-2023-27392.json +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27392.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27392", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:23.257", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:37:35.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:support:*:*:*:*:*:android:*:*", + "versionEndExcluding": "v23.02.07", + "matchCriteriaId": "B5FA6F57-16C9-422A-8043-F569EDAD17D0" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00862.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27506.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27506.json index 98306360f1e..400934f6fb8 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27506.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27506.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27506", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:23.817", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:56:58.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:optimization_for_tensorflow:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.12", + "matchCriteriaId": "C6B01686-6642-4649-980D-51D200E28D61" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00840.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-280xx/CVE-2023-28075.json b/CVE-2023/CVE-2023-280xx/CVE-2023-28075.json new file mode 100644 index 00000000000..a15e8cc26cd --- /dev/null +++ b/CVE-2023/CVE-2023-280xx/CVE-2023-28075.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-28075", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-08-16T20:15:09.427", + "lastModified": "2023-08-16T20:15:09.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000212817/dsa-2023-152-security-update-for-a-dell-client-bios-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json index 3933d18ce30..26644c2c912 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2905.json @@ -2,16 +2,49 @@ "id": "CVE-2023-2905", "sourceIdentifier": "cve@takeonme.org", "published": "2023-08-09T05:15:40.740", - "lastModified": "2023-08-09T12:46:53.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:49:56.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH\u00a0parsed message with a variable length header, Cesanta Mongoose, an\u00a0embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "cve@takeonme.org", "type": "Secondary", @@ -23,18 +56,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cesanta:mongoose:7.10:*:*:*:*:*:*:*", + "matchCriteriaId": "56CBAB29-FE86-4AD6-B410-BE5B5A4AEBF7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cesanta/mongoose/pull/2274", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cesanta/mongoose/releases/tag/7.11", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://takeonme.org/cves/CVE-2023-2905.html", - "source": "cve@takeonme.org" + "source": "cve@takeonme.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32453.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32453.json new file mode 100644 index 00000000000..9e67259b94d --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32453.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32453", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-08-16T20:15:09.560", + "lastModified": "2023-08-16T20:15:09.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nDell BIOS contains an improper authentication vulnerability. A malicious user with physical access to the system may potentially exploit this vulnerability in order to modify a security-critical UEFI variable without knowledge of the BIOS administrator.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000215217/dsa-2023-190-dell-client-bios", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32609.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32609.json index f062f41bc08..79faf024be6 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32609.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32609.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32609", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:32.403", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:05:07.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:unite:*:*:*:*:*:android:*:*", + "versionEndExcluding": "4.2.3504", + "matchCriteriaId": "600D672B-B11D-4A14-9D7D-1193A6784BAC" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00932.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39952.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39952.json index dcc71651afe..9be0b8d9ea0 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39952.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39952.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39952", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-10T14:15:15.270", - "lastModified": "2023-08-10T14:46:58.037", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:23:36.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,107 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "22.0.0", + "versionEndExcluding": "22.2.10.13", + "matchCriteriaId": "2A984DB5-B23A-4A3B-974F-9859A3FE5782" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "23.0.0", + "versionEndExcluding": "23.0.12.8", + "matchCriteriaId": "00E5E519-BCEC-47AB-BD6C-3B45C7475320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "24.0.0", + "versionEndExcluding": "24.0.12.4", + "matchCriteriaId": "A54AB8A9-8FF1-420E-9A16-C3D123E1B320" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.8", + "matchCriteriaId": "A2EE7242-A7BB-4FE3-8617-9C355C68EB2A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "25.0.0", + "versionEndExcluding": "25.0.8", + "matchCriteriaId": "05C7C20F-A320-425C-BECF-E895E5ACF1CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.3", + "matchCriteriaId": "636E2B84-2F89-4F35-9ADF-BCB1761B2E2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "26.0.0", + "versionEndExcluding": "26.0.3", + "matchCriteriaId": "54FD90F4-2243-4A99-954B-FCC44EE180AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*", + "matchCriteriaId": "13650329-BCD1-4FDB-9446-5133C0EDC905" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "DB1974B0-31C5-4E22-9E8C-BD40C6B54D0C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/nextcloud/groupfolders/issues/1906", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-cq8w-v4fh-4rjq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/nextcloud/server/pull/38890", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://hackerone.com/reports/1808079", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40021.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40021.json new file mode 100644 index 00000000000..94829975653 --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40021.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-40021", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-16T21:15:09.880", + "lastModified": "2023-08-16T21:15:09.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by character. Once they have recovered the token, they can then submit a forged request on behalf of a logged-in user and execute privileged actions on that user's behalf. In particular the function to validate received CSRF tokens is at `oppia.core.controllers.base.CsrfTokenManager.is_csrf_token_valid`. An attacker who can lure a logged-in Oppia user to a malicious website can perform any change on Oppia that the user is authorized to do, including changing profile information; creating, deleting, and changing explorations; etc. Note that the attacker cannot change a user's login credentials. An attack would need to complete within 1 second because every second, the time used in computing the token changes. This issue has been addressed in commit `b89bf80837` which has been included in release `3.3.2-hotfix-2`. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + }, + { + "lang": "en", + "value": "CWE-208" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oppia/oppia/blob/3a05c3558a292f3db9e658e60e708c266c003fd0/core/controllers/base.py#L964-L990", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oppia/oppia/commit/b89bf808378c1236874b5797a7bda32c77b4af23", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oppia/oppia/pull/18769", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oppia/oppia/security/advisories/GHSA-49jp-pjc3-2532", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40033.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40033.json new file mode 100644 index 00000000000..d4132d2bf07 --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40033.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40033", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-16T21:15:09.987", + "lastModified": "2023-08-16T21:15:09.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Flarum is an open source forum software. Flarum is affected by a vulnerability that allows an attacker to conduct a Blind Server-Side Request Forgery (SSRF) attack or disclose any file on the server, even with a basic user account on any Flarum forum. By uploading a file containing a URL and spoofing the MIME type, an attacker can manipulate the application to execute unintended actions. The vulnerability is due to the behavior of the `intervention/image` package, which attempts to interpret the supplied file contents as a URL, which then fetches its contents. This allows an attacker to exploit the vulnerability to perform SSRF attacks, disclose local file contents, or conduct a blind oracle attack. This has been patched in Flarum version 1.8.0. Users are advised to upgrade. Users unable to upgrade may disable PHP's `allow_url_fopen` which will prevent the fetching of external files via URLs as a temporary workaround for the SSRF aspect of the vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/flarum/framework/commit/d1059c1cc79fe61f9538f3da55e8f42abbede570", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/flarum/framework/security/advisories/GHSA-67c6-q4j4-hccg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json new file mode 100644 index 00000000000..c5ffc17305b --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-40034", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-16T21:15:10.087", + "lastModified": "2023-08-16T21:15:10.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/woodpecker-ci/woodpecker/pull/2221", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/woodpecker-ci/woodpecker/pull/2222", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json index e89ca82c0aa..142ce156aad 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4128", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-10T17:15:12.033", - "lastModified": "2023-08-14T03:15:09.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-16T20:32:04.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,26 +54,135 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*", + "matchCriteriaId": "A2D9420A-9BF4-4C16-B6DA-8A1D279F7384" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*", + "matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-4128", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json new file mode 100644 index 00000000000..28197f9de20 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json @@ -0,0 +1,84 @@ +{ + "id": "CVE-2023-4382", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-08-16T20:15:09.650", + "lastModified": "2023-08-16T20:15:09.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.237314", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.237314", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4383.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4383.json new file mode 100644 index 00000000000..4ad0e602d2e --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4383.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-4383", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-08-16T20:15:09.740", + "lastModified": "2023-08-16T20:15:09.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. This affects an unknown part of the file runasroot. The manipulation leads to incorrect execution-assigned permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 6.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-279" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/dmknght/ac489cf3605ded09b3925521afee3003", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.237315", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.237315", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4384.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4384.json new file mode 100644 index 00000000000..071741d6186 --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4384.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-4384", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-08-16T20:15:09.827", + "lastModified": "2023-08-16T20:15:09.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://l6x.notion.site/PoC-7041cf9625554273b17148de85705d06?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.237316", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.237316", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0e6b103d72b..e334c7311e8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-16T20:00:28.512128+00:00 +2023-08-16T22:00:25.636231+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-16T19:57:00.017000+00:00 +2023-08-16T21:15:10.087000+00:00 ``` ### Last Data Feed Release @@ -29,42 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222832 +222844 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `12` -* [CVE-2023-38737](CVE-2023/CVE-2023-387xx/CVE-2023-38737.json) (`2023-08-16T19:15:09.793`) -* [CVE-2023-4387](CVE-2023/CVE-2023-43xx/CVE-2023-4387.json) (`2023-08-16T19:15:10.087`) -* [CVE-2023-4389](CVE-2023/CVE-2023-43xx/CVE-2023-4389.json) (`2023-08-16T19:15:10.163`) +* [CVE-2022-4894](CVE-2022/CVE-2022-48xx/CVE-2022-4894.json) (`2023-08-16T21:15:09.477`) +* [CVE-2023-28075](CVE-2023/CVE-2023-280xx/CVE-2023-28075.json) (`2023-08-16T20:15:09.427`) +* [CVE-2023-32453](CVE-2023/CVE-2023-324xx/CVE-2023-32453.json) (`2023-08-16T20:15:09.560`) +* [CVE-2023-4382](CVE-2023/CVE-2023-43xx/CVE-2023-4382.json) (`2023-08-16T20:15:09.650`) +* [CVE-2023-4383](CVE-2023/CVE-2023-43xx/CVE-2023-4383.json) (`2023-08-16T20:15:09.740`) +* [CVE-2023-4384](CVE-2023/CVE-2023-43xx/CVE-2023-4384.json) (`2023-08-16T20:15:09.827`) +* [CVE-2023-20209](CVE-2023/CVE-2023-202xx/CVE-2023-20209.json) (`2023-08-16T21:15:09.650`) +* [CVE-2023-20228](CVE-2023/CVE-2023-202xx/CVE-2023-20228.json) (`2023-08-16T21:15:09.737`) +* [CVE-2023-20242](CVE-2023/CVE-2023-202xx/CVE-2023-20242.json) (`2023-08-16T21:15:09.800`) +* [CVE-2023-40021](CVE-2023/CVE-2023-400xx/CVE-2023-40021.json) (`2023-08-16T21:15:09.880`) +* [CVE-2023-40033](CVE-2023/CVE-2023-400xx/CVE-2023-40033.json) (`2023-08-16T21:15:09.987`) +* [CVE-2023-40034](CVE-2023/CVE-2023-400xx/CVE-2023-40034.json) (`2023-08-16T21:15:10.087`) ### CVEs modified in the last Commit -Recently modified CVEs: `20` +Recently modified CVEs: `18` -* [CVE-2019-13194](CVE-2019/CVE-2019-131xx/CVE-2019-13194.json) (`2023-08-16T18:51:08.290`) -* [CVE-2019-13193](CVE-2019/CVE-2019-131xx/CVE-2019-13193.json) (`2023-08-16T18:51:58.137`) -* [CVE-2019-13192](CVE-2019/CVE-2019-131xx/CVE-2019-13192.json) (`2023-08-16T18:52:01.080`) -* [CVE-2023-33468](CVE-2023/CVE-2023-334xx/CVE-2023-33468.json) (`2023-08-16T18:03:44.977`) -* [CVE-2023-39961](CVE-2023/CVE-2023-399xx/CVE-2023-39961.json) (`2023-08-16T18:35:46.193`) -* [CVE-2023-39964](CVE-2023/CVE-2023-399xx/CVE-2023-39964.json) (`2023-08-16T18:44:24.103`) -* [CVE-2023-39965](CVE-2023/CVE-2023-399xx/CVE-2023-39965.json) (`2023-08-16T18:52:42.710`) -* [CVE-2023-39966](CVE-2023/CVE-2023-399xx/CVE-2023-39966.json) (`2023-08-16T18:55:12.590`) -* [CVE-2023-2737](CVE-2023/CVE-2023-27xx/CVE-2023-2737.json) (`2023-08-16T19:04:32.000`) -* [CVE-2023-39250](CVE-2023/CVE-2023-392xx/CVE-2023-39250.json) (`2023-08-16T19:04:32.000`) -* [CVE-2023-4204](CVE-2023/CVE-2023-42xx/CVE-2023-4204.json) (`2023-08-16T19:04:32.000`) -* [CVE-2023-4385](CVE-2023/CVE-2023-43xx/CVE-2023-4385.json) (`2023-08-16T19:04:32.000`) -* [CVE-2023-39953](CVE-2023/CVE-2023-399xx/CVE-2023-39953.json) (`2023-08-16T19:10:58.313`) -* [CVE-2023-39954](CVE-2023/CVE-2023-399xx/CVE-2023-39954.json) (`2023-08-16T19:15:35.977`) -* [CVE-2023-34615](CVE-2023/CVE-2023-346xx/CVE-2023-34615.json) (`2023-08-16T19:34:33.483`) -* [CVE-2023-39955](CVE-2023/CVE-2023-399xx/CVE-2023-39955.json) (`2023-08-16T19:38:45.193`) -* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-08-16T19:41:52.567`) -* [CVE-2023-23903](CVE-2023/CVE-2023-239xx/CVE-2023-23903.json) (`2023-08-16T19:44:20.300`) -* [CVE-2023-24471](CVE-2023/CVE-2023-244xx/CVE-2023-24471.json) (`2023-08-16T19:46:55.460`) -* [CVE-2023-39957](CVE-2023/CVE-2023-399xx/CVE-2023-39957.json) (`2023-08-16T19:57:00.017`) +* [CVE-2020-24187](CVE-2020/CVE-2020-241xx/CVE-2020-24187.json) (`2023-08-16T21:11:04.957`) +* [CVE-2020-24221](CVE-2020/CVE-2020-242xx/CVE-2020-24221.json) (`2023-08-16T21:11:08.147`) +* [CVE-2021-27523](CVE-2021/CVE-2021-275xx/CVE-2021-27523.json) (`2023-08-16T20:08:11.497`) +* [CVE-2021-26505](CVE-2021/CVE-2021-265xx/CVE-2021-26505.json) (`2023-08-16T20:09:07.517`) +* [CVE-2021-26504](CVE-2021/CVE-2021-265xx/CVE-2021-26504.json) (`2023-08-16T20:22:24.490`) +* [CVE-2021-25864](CVE-2021/CVE-2021-258xx/CVE-2021-25864.json) (`2023-08-16T20:29:49.300`) +* [CVE-2022-29887](CVE-2022/CVE-2022-298xx/CVE-2022-29887.json) (`2023-08-16T20:35:20.687`) +* [CVE-2022-44612](CVE-2022/CVE-2022-446xx/CVE-2022-44612.json) (`2023-08-16T20:38:42.333`) +* [CVE-2023-32609](CVE-2023/CVE-2023-326xx/CVE-2023-32609.json) (`2023-08-16T20:05:07.757`) +* [CVE-2023-39952](CVE-2023/CVE-2023-399xx/CVE-2023-39952.json) (`2023-08-16T20:23:36.877`) +* [CVE-2023-4128](CVE-2023/CVE-2023-41xx/CVE-2023-4128.json) (`2023-08-16T20:32:04.830`) +* [CVE-2023-27392](CVE-2023/CVE-2023-273xx/CVE-2023-27392.json) (`2023-08-16T20:37:35.870`) +* [CVE-2023-25182](CVE-2023/CVE-2023-251xx/CVE-2023-25182.json) (`2023-08-16T20:43:11.657`) +* [CVE-2023-25773](CVE-2023/CVE-2023-257xx/CVE-2023-25773.json) (`2023-08-16T20:45:18.080`) +* [CVE-2023-2905](CVE-2023/CVE-2023-29xx/CVE-2023-2905.json) (`2023-08-16T20:49:56.363`) +* [CVE-2023-22338](CVE-2023/CVE-2023-223xx/CVE-2023-22338.json) (`2023-08-16T20:52:08.750`) +* [CVE-2023-27506](CVE-2023/CVE-2023-275xx/CVE-2023-27506.json) (`2023-08-16T20:56:58.130`) +* [CVE-2023-22843](CVE-2023/CVE-2023-228xx/CVE-2023-22843.json) (`2023-08-16T21:06:13.870`) ## Download and Usage