From 1de4c25be0f0669533eb59d0e937c9b1a860959e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 17 Aug 2023 20:00:36 +0000 Subject: [PATCH] Auto-Update: 2023-08-17T20:00:32.706807+00:00 --- CVE-2017/CVE-2017-66xx/CVE-2017-6679.json | 8 +- CVE-2021/CVE-2021-275xx/CVE-2021-27524.json | 64 ++- CVE-2021/CVE-2021-288xx/CVE-2021-28835.json | 64 ++- CVE-2021/CVE-2021-468xx/CVE-2021-46895.json | 71 ++- CVE-2022/CVE-2022-303xx/CVE-2022-30333.json | 8 +- CVE-2022/CVE-2022-485xx/CVE-2022-48579.json | 8 +- CVE-2023/CVE-2023-205xx/CVE-2023-20593.json | 12 +- CVE-2023/CVE-2023-208xx/CVE-2023-20867.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21930.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21937.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21938.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21939.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21954.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21967.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21968.json | 6 +- CVE-2023/CVE-2023-220xx/CVE-2023-22006.json | 8 +- CVE-2023/CVE-2023-220xx/CVE-2023-22036.json | 8 +- CVE-2023/CVE-2023-220xx/CVE-2023-22041.json | 12 +- CVE-2023/CVE-2023-220xx/CVE-2023-22045.json | 8 +- CVE-2023/CVE-2023-220xx/CVE-2023-22049.json | 8 +- CVE-2023/CVE-2023-229xx/CVE-2023-22955.json | 6 +- CVE-2023/CVE-2023-229xx/CVE-2023-22956.json | 6 +- CVE-2023/CVE-2023-229xx/CVE-2023-22957.json | 6 +- CVE-2023/CVE-2023-255xx/CVE-2023-25599.json | 6 +- CVE-2023/CVE-2023-264xx/CVE-2023-26469.json | 24 + CVE-2023/CVE-2023-28xx/CVE-2023-2804.json | 7 +- CVE-2023/CVE-2023-29xx/CVE-2023-2977.json | 10 +- CVE-2023/CVE-2023-305xx/CVE-2023-30589.json | 6 +- CVE-2023/CVE-2023-307xx/CVE-2023-30760.json | 71 ++- CVE-2023/CVE-2023-30xx/CVE-2023-3078.json | 4 +- CVE-2023/CVE-2023-312xx/CVE-2023-31209.json | 562 +++++++++++++++++++- CVE-2023/CVE-2023-344xx/CVE-2023-34419.json | 4 +- CVE-2023/CVE-2023-346xx/CVE-2023-34634.json | 8 +- CVE-2023/CVE-2023-379xx/CVE-2023-37914.json | 63 +++ CVE-2023/CVE-2023-384xx/CVE-2023-38408.json | 6 +- CVE-2023/CVE-2023-384xx/CVE-2023-38497.json | 8 +- CVE-2023/CVE-2023-386xx/CVE-2023-38633.json | 8 +- CVE-2023/CVE-2023-388xx/CVE-2023-38843.json | 24 + CVE-2023/CVE-2023-389xx/CVE-2023-38905.json | 24 + CVE-2023/CVE-2023-393xx/CVE-2023-39385.json | 86 ++- CVE-2023/CVE-2023-393xx/CVE-2023-39386.json | 81 ++- CVE-2023/CVE-2023-393xx/CVE-2023-39387.json | 106 +++- CVE-2023/CVE-2023-393xx/CVE-2023-39390.json | 76 ++- CVE-2023/CVE-2023-394xx/CVE-2023-39405.json | 101 +++- CVE-2023/CVE-2023-397xx/CVE-2023-39741.json | 24 + CVE-2023/CVE-2023-397xx/CVE-2023-39743.json | 24 + CVE-2023/CVE-2023-399xx/CVE-2023-39978.json | 18 +- CVE-2023/CVE-2023-401xx/CVE-2023-40165.json | 59 ++ CVE-2023/CVE-2023-402xx/CVE-2023-40272.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40313.json | 47 ++ CVE-2023/CVE-2023-403xx/CVE-2023-40336.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40337.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40338.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40339.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40340.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40341.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40342.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40343.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40344.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40345.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40346.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40347.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40348.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40349.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40350.json | 6 +- CVE-2023/CVE-2023-403xx/CVE-2023-40351.json | 6 +- CVE-2023/CVE-2023-40xx/CVE-2023-4028.json | 4 +- CVE-2023/CVE-2023-40xx/CVE-2023-4029.json | 4 +- CVE-2023/CVE-2023-40xx/CVE-2023-4030.json | 4 +- CVE-2023/CVE-2023-43xx/CVE-2023-4382.json | 6 +- README.md | 74 +-- 71 files changed, 1830 insertions(+), 166 deletions(-) create mode 100644 CVE-2023/CVE-2023-264xx/CVE-2023-26469.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37914.json create mode 100644 CVE-2023/CVE-2023-388xx/CVE-2023-38843.json create mode 100644 CVE-2023/CVE-2023-389xx/CVE-2023-38905.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39741.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39743.json create mode 100644 CVE-2023/CVE-2023-401xx/CVE-2023-40165.json create mode 100644 CVE-2023/CVE-2023-403xx/CVE-2023-40313.json diff --git a/CVE-2017/CVE-2017-66xx/CVE-2017-6679.json b/CVE-2017/CVE-2017-66xx/CVE-2017-6679.json index 0269e901fd5..11f70828c77 100644 --- a/CVE-2017/CVE-2017-66xx/CVE-2017-6679.json +++ b/CVE-2017/CVE-2017-66xx/CVE-2017-6679.json @@ -2,8 +2,8 @@ "id": "CVE-2017-6679", "sourceIdentifier": "ykramarz@cisco.com", "published": "2017-12-01T17:29:00.667", - "lastModified": "2019-10-03T00:03:26.223", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:09.613", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -102,6 +102,10 @@ "VDB Entry" ] }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-tunnel-gJw5thgE", + "source": "ykramarz@cisco.com" + }, { "url": "https://support.umbrella.com/hc/en-us/articles/115004154423", "source": "ykramarz@cisco.com", diff --git a/CVE-2021/CVE-2021-275xx/CVE-2021-27524.json b/CVE-2021/CVE-2021-275xx/CVE-2021-27524.json index a99d5668e35..1473074bf27 100644 --- a/CVE-2021/CVE-2021-275xx/CVE-2021-27524.json +++ b/CVE-2021/CVE-2021-275xx/CVE-2021-27524.json @@ -2,19 +2,75 @@ "id": "CVE-2021-27524", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:12.383", - "lastModified": "2023-08-11T15:18:01.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:53:39.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:margox:braft-editor:2.3.8:*:*:*:*:*:*:*", + "matchCriteriaId": "E97B8DE6-6D88-4E29-B013-285B883524E6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/margox/braft-editor/issues/880", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-288xx/CVE-2021-28835.json b/CVE-2021/CVE-2021-288xx/CVE-2021-28835.json index 9dbc6ecf9c5..65ec78d5f05 100644 --- a/CVE-2021/CVE-2021-288xx/CVE-2021-28835.json +++ b/CVE-2021/CVE-2021-288xx/CVE-2021-28835.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28835", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T14:15:12.730", - "lastModified": "2023-08-11T15:18:01.437", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T18:20:40.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,14 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xnview:xnview:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.50", + "matchCriteriaId": "51CFE50E-3655-4CC4-942C-7657EC38E5CC" + } + ] + } + ] + } + ], "references": [ { "url": "https://newsgroup.xnview.com/viewtopic.php?f=35&t=44679", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.xnview.com/en/xnview/#changelog", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json index be8c58a6c53..9f4a236fd45 100644 --- a/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json +++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46895.json @@ -2,16 +2,49 @@ "id": "CVE-2021-46895", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T13:15:10.030", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:51:34.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30333.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30333.json index c6abb6c15d2..883eef36009 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30333.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30333.json @@ -2,8 +2,8 @@ "id": "CVE-2022-30333", "sourceIdentifier": "cve@mitre.org", "published": "2022-05-09T08:15:06.937", - "lastModified": "2022-10-26T02:35:07.520", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:09.830", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-08-09", "cisaActionDue": "2022-08-30", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -132,6 +132,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", + "source": "cve@mitre.org" + }, { "url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48579.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48579.json index 379331adc70..8a547cab9eb 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48579.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48579.json @@ -2,8 +2,8 @@ "id": "CVE-2022-48579", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-07T04:15:12.073", - "lastModified": "2023-08-11T17:53:10.227", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:09.937", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -75,6 +75,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json index d891efdf41d..fccdf80815e 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20593.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20593", "sourceIdentifier": "psirt@amd.com", "published": "2023-07-24T20:15:10.237", - "lastModified": "2023-08-08T21:15:10.133", + "lastModified": "2023-08-17T19:15:10.013", "vulnStatus": "Modified", "descriptions": [ { @@ -48,7 +48,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -79,7 +78,6 @@ ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -2078,6 +2076,14 @@ "url": "http://www.openwall.com/lists/oss-security/2023/08/08/8", "source": "psirt@amd.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/4", + "source": "psirt@amd.com" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/5", + "source": "psirt@amd.com" + }, { "url": "http://xenbits.xen.org/xsa/advisory-433.html", "source": "psirt@amd.com", diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json index a237996ec42..d2b8ae41fea 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20867.json @@ -2,7 +2,7 @@ "id": "CVE-2023-20867", "sourceIdentifier": "security@vmware.com", "published": "2023-06-13T17:15:14.070", - "lastModified": "2023-07-25T15:15:10.690", + "lastModified": "2023-08-17T19:15:10.463", "vulnStatus": "Modified", "cisaExploitAdd": "2023-06-23", "cisaActionDue": "2023-07-14", @@ -100,6 +100,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html", + "source": "security@vmware.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230725-0001/", "source": "security@vmware.com" diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21930.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21930.json index e6097333b15..8d1d6c69561 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21930.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21930.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21930", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:13.883", - "lastModified": "2023-06-17T04:15:43.933", + "lastModified": "2023-08-17T19:15:10.570", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21937.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21937.json index 83dd88e9e01..004c2e519bb 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21937.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21937.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21937", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:14.507", - "lastModified": "2023-06-17T04:15:44.270", + "lastModified": "2023-08-17T19:15:10.690", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21938.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21938.json index 6c27831f815..aeca71737dc 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21938.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21938.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21938", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:14.603", - "lastModified": "2023-06-17T04:15:44.400", + "lastModified": "2023-08-17T19:15:10.777", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21939.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21939.json index d01ecd78eb0..38de0a976a1 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21939.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21939.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21939", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:14.690", - "lastModified": "2023-06-17T04:15:44.600", + "lastModified": "2023-08-17T19:15:10.880", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21954.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21954.json index cd8783c5b5a..cd25c7b66e6 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21954.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21954.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21954", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:15.630", - "lastModified": "2023-06-17T04:15:44.820", + "lastModified": "2023-08-17T19:15:11.007", "vulnStatus": "Modified", "descriptions": [ { @@ -112,6 +112,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json index 5c810aff05e..1efa590d2bd 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21967", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:16.397", - "lastModified": "2023-06-17T04:15:44.917", + "lastModified": "2023-08-17T19:15:11.107", "vulnStatus": "Modified", "descriptions": [ { @@ -122,6 +122,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json index 3cc378d9388..435ff0faa1a 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21968.json @@ -2,7 +2,7 @@ "id": "CVE-2023-21968", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:16.470", - "lastModified": "2023-06-17T04:15:45.023", + "lastModified": "2023-08-17T19:15:11.197", "vulnStatus": "Modified", "descriptions": [ { @@ -510,6 +510,10 @@ "url": "https://www.debian.org/security/2023/dsa-5430", "source": "secalert_us@oracle.com" }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json index 996d0016543..92cad9258ec 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22006.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22006", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:12.067", - "lastModified": "2023-07-27T17:37:09.910", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:11.307", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -148,6 +148,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json index d4cfff3c88c..a0e2ab6789b 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22036.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22036", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:13.587", - "lastModified": "2023-07-27T17:36:01.857", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:11.490", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -148,6 +148,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json index 37a1d625984..a0f5db4ef5b 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22041.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22041", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:13.963", - "lastModified": "2023-07-27T17:33:31.977", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:11.593", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secalert_us@oracle.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,7 +33,7 @@ "impactScore": 3.6 }, { - "source": "secalert_us@oracle.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", @@ -178,6 +178,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json index c53af32829e..a4f0c482650 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22045.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22045", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:14.267", - "lastModified": "2023-07-27T17:34:53.150", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:11.700", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -168,6 +168,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22049.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22049.json index fd11b16a480..28c9a9eae9d 100644 --- a/CVE-2023/CVE-2023-220xx/CVE-2023-22049.json +++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22049.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22049", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-07-18T21:15:14.567", - "lastModified": "2023-07-27T17:34:44.697", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:11.797", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -168,6 +168,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.debian.org/security/2023/dsa-5478", + "source": "secalert_us@oracle.com" + }, { "url": "https://www.oracle.com/security-alerts/cpujul2023.html", "source": "secalert_us@oracle.com", diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22955.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22955.json index bc9b3386202..0a72aa93722 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22955.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22955.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22955", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T20:15:14.607", - "lastModified": "2023-08-15T19:15:09.983", + "lastModified": "2023-08-17T19:15:11.887", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174214/AudioCodes-VoIP-Phones-Insufficient-Firmware-Validation.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Aug/17", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22956.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22956.json index 43a60b9cba4..cdd0a0a9a1b 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22956.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22956.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22956", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T20:15:14.703", - "lastModified": "2023-08-15T19:15:10.233", + "lastModified": "2023-08-17T19:15:11.943", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174216/AudioCodes-VoIP-Phones-Hardcoded-Key.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Aug/16", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22957.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22957.json index 96bbd4de95a..c3bd3359052 100644 --- a/CVE-2023/CVE-2023-229xx/CVE-2023-22957.json +++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22957.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22957", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-11T20:15:14.787", - "lastModified": "2023-08-15T19:15:10.303", + "lastModified": "2023-08-17T19:15:12.003", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://packetstormsecurity.com/files/174215/AudioCodes-VoIP-Phones-Hardcoded-Key.html", + "source": "cve@mitre.org" + }, { "url": "http://seclists.org/fulldisclosure/2023/Aug/15", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json b/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json index 573714a91a1..546b7d9d5a5 100644 --- a/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json +++ b/CVE-2023/CVE-2023-255xx/CVE-2023-25599.json @@ -2,12 +2,12 @@ "id": "CVE-2023-25599", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T21:15:11.380", - "lastModified": "2023-06-01T15:25:56.043", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:12.067", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts." + "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2, 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json b/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json new file mode 100644 index 00000000000..c67e870c3dd --- /dev/null +++ b/CVE-2023/CVE-2023-264xx/CVE-2023-26469.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-26469", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-17T19:15:12.143", + "lastModified": "2023-08-17T19:15:12.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Orange-Cyberdefense/CVE-repository/tree/master", + "source": "cve@mitre.org" + }, + { + "url": "https://jorani.org/security-features-in-lms.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json index 8230fc0a54c..96bdc4ea66c 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2804.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2804", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-25T22:15:09.443", - "lastModified": "2023-06-21T15:18:30.140", + "lastModified": "2023-08-17T19:26:54.530", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,9 +65,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:*:*:*:*:*:*:*:*", - "versionEndExcluding": "2.1.90", - "matchCriteriaId": "A1DBB115-C125-432D-BF8C-013672749D6C" + "criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.1.90:*:*:*:*:*:*:*", + "matchCriteriaId": "B3DDE171-3648-4EA8-BD44-788B3FDAF61E" } ] } diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json index da2e6e93787..e31dcb901bd 100644 --- a/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json +++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2977.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2977", "sourceIdentifier": "secalert@redhat.com", "published": "2023-06-01T01:15:17.917", - "lastModified": "2023-06-21T02:15:09.563", + "lastModified": "2023-08-17T19:15:12.230", "vulnStatus": "Modified", "descriptions": [ { @@ -127,6 +127,14 @@ { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30589.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30589.json index 9bf678b8736..454bca3c462 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30589.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30589.json @@ -2,7 +2,7 @@ "id": "CVE-2023-30589", "sourceIdentifier": "support@hackerone.com", "published": "2023-07-01T00:15:10.293", - "lastModified": "2023-08-07T03:15:21.800", + "lastModified": "2023-08-17T19:15:12.340", "vulnStatus": "Modified", "descriptions": [ { @@ -115,6 +115,10 @@ "Mailing List" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IV326O2X4BE3SINX5FJHMAKVHUAA4ZYF/", + "source": "support@hackerone.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30760.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30760.json index 832ca229a34..60430dbe9c8 100644 --- a/CVE-2023/CVE-2023-307xx/CVE-2023-30760.json +++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30760", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:31.437", - "lastModified": "2023-08-11T03:44:51.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T18:03:04.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -34,10 +54,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:intel:realsense_450_fa_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.25.0", + "matchCriteriaId": "1BB231C5-028C-41DC-B854-75C74057A753" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:realsense_450_fa:-:*:*:*:*:*:*:*", + "matchCriteriaId": "417C60AE-1C22-4BCA-8D4C-68741D0869D5" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00912.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3078.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3078.json index 18cd085e4c3..0d4eb338c20 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3078.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3078", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-08-17T17:15:10.027", - "lastModified": "2023-08-17T17:15:10.027", - "vulnStatus": "Received", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json index 5b4b19a2b81..3883eeca1b3 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31209.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31209", "sourceIdentifier": "security@checkmk.com", "published": "2023-08-10T09:15:12.123", - "lastModified": "2023-08-10T12:43:50.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T18:46:11.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "security@checkmk.com", "type": "Secondary", @@ -46,10 +76,536 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.0.0", + "matchCriteriaId": "EA066B19-D5EC-4BAA-A842-1E792607D51B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "E5138E25-A5AF-495D-A713-B8BDACC133D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "7AE78B5E-2D00-462B-AC0E-5E68BC36ED1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "9D69AA9A-C6FF-4A9F-8B02-2F207C4150FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "452F359B-BCB5-46E0-A77A-383C3C2E2D60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "D9A66C28-A2BA-4091-AB4C-05CDB1D3777F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "463A4A68-810B-4C20-A696-4F94DB20224B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "F4459581-214F-423B-A29D-31C789FD7F1C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "CC0CFABC-A53C-4FD3-A57A-CB72C87A034B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "F96B08FA-8129-4880-86FE-47B08C2B6964" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "CAEB960C-5A5E-4F7C-8588-3F6737AE5DCA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "3CB134CD-0746-47C8-BAB8-2AE9C083C4D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "E4B5DDAA-F7B5-4BFD-836E-F7DA0FC7B0C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "A4DA5440-F376-4952-ABCB-AC557C5944A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "DB7DB93B-CDD2-4662-893B-6E36F9EDA7FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "81DFD64A-FEFD-4EBA-B6EC-28D3F0EEC33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "918ACC6A-2EE8-401F-B18A-94B8757B202E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "1B6AE143-5A29-4EE8-AF7D-5D495A2248D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "9B678D96-5987-4423-A713-57812B896380" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "A16EA6BD-003D-416E-B6C7-EBE5AA4AC2B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "7A016627-9BF2-4D25-AB97-172EAEC4C187" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "333FBE01-E5C1-4668-B50F-B64A34E799A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "FE7C4821-74F2-442C-B51F-A52788FC61F4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "168E2F68-E3EA-407F-8DCE-BDB1F557FFFA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "D7A74CB5-CC6E-4166-B884-498F2CF1A33E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "42DCB139-5BBE-45F3-80F5-3A43D95A58BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "1A3E3E6C-DCC0-466D-A505-5F80379CF0AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "1542CDC8-9697-44DE-8F6A-3EB25D07EEE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "1A5B33FF-EA21-4AEB-8D9A-21DA9DB5892A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "78616E5A-E1FF-40AA-8E13-0B2E84CE6F8F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "5D956394-C3F3-4C88-A791-364AE555D522" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "25E96088-0FA2-49FD-B93D-5AFC9605289E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "EDB60B12-F724-40C7-8EB2-1270484E88F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "1982ED3B-A0FA-476A-BFB2-5B7B53289496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "F646D243-433E-46F9-9E8E-E4F734F9E648" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "D1C14080-79C9-4620-AD1F-6CB46F0F74D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p32:*:*:*:*:*:*", + "matchCriteriaId": "4AECE1FE-F3D1-4FF0-BDF9-F39FFCBF52E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p33:*:*:*:*:*:*", + "matchCriteriaId": "C2F79F99-5F46-48A7-BEE7-1551CD56C2F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p34:*:*:*:*:*:*", + "matchCriteriaId": "2EB6F9D4-13D2-4218-96EF-64C2126369DC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p35:*:*:*:*:*:*", + "matchCriteriaId": "62841559-BDA0-4B67-932A-007D91BFBD14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p36:*:*:*:*:*:*", + "matchCriteriaId": "F6F22F4E-4A8A-4A7B-A01A-50E9BEA019DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p37:*:*:*:*:*:*", + "matchCriteriaId": "C1467012-F4CD-4547-A761-50B5F478A055" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "AA60BF44-AF52-458A-BD3F-9FD5D8408575" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "9BFE55DC-89EA-404F-8DDF-93E351366789" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "C62D8997-DD3B-4B83-B6A5-DFC2408A9164" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "80B4A77F-F636-49BB-8CB6-60064984463F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "356E5744-AB8E-4FBA-992F-74ED8F9086CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.0.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "41FB6FFA-F38F-4754-A1E6-35073D84069E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BC0AC5A2-3724-4942-ABE2-CA9F3B9B4BDA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "E3AAC1AD-C2F5-4171-BD92-95A8BA09E79A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "8CB8C4BB-4AE6-4EA2-8F38-780B627721ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "D0F14106-2A3D-4FC7-A0C7-6EDA75D1A8F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "F8C2DA36-8419-4846-BFA0-A729BE7D72C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "8AA4FA3D-7A59-4597-9D79-B6B020D86BD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "79F0CF88-FF11-4741-AFF6-9F88F57C2140" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "8E93629E-C0CB-4636-B343-1C0646D8228E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "58102464-E66F-49CD-8952-3F3F9A6A45CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:b9:*:*:*:*:*:*", + "matchCriteriaId": "9C98E509-8466-4F95-ABE7-7ECC91640E04" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "A7B89F71-ABD2-4B2D-AE6B-C0F243E89443" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p10:*:*:*:*:*:*", + "matchCriteriaId": "002EF417-C702-42E2-9C8F-C9593B43AB03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p11:*:*:*:*:*:*", + "matchCriteriaId": "B8E358A9-0430-4EF1-8557-7F1C088FFF48" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p12:*:*:*:*:*:*", + "matchCriteriaId": "4B0AF395-FDC7-4321-9E00-C935641C138B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p13:*:*:*:*:*:*", + "matchCriteriaId": "59B9CCED-806F-47EF-B5B6-441AADCB4B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p14:*:*:*:*:*:*", + "matchCriteriaId": "FAED2CD5-A2CE-438C-8ED7-338D9D61FBD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p15:*:*:*:*:*:*", + "matchCriteriaId": "F08A96EF-FD2E-4D45-884B-349869649C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p16:*:*:*:*:*:*", + "matchCriteriaId": "E80D718E-66B6-4FC6-911D-C264F2C891C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p17:*:*:*:*:*:*", + "matchCriteriaId": "174BF76A-00C5-4ECD-937D-FE66851D3979" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p18:*:*:*:*:*:*", + "matchCriteriaId": "F43DBAE4-FEF9-431E-AE82-31C7944CA830" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p19:*:*:*:*:*:*", + "matchCriteriaId": "7AF612FF-7441-41C4-96C2-36A15E45FF93" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "960DF373-EDE6-4318-B6E9-07573ED5907A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p20:*:*:*:*:*:*", + "matchCriteriaId": "5FFBF793-48E0-48DB-9C12-1C4A5805009E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p21:*:*:*:*:*:*", + "matchCriteriaId": "B6A2F0DB-CA73-4F14-8099-7A29BADC1F4E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p22:*:*:*:*:*:*", + "matchCriteriaId": "5D23ECB8-9C2C-4BA5-ADD6-248FD2CFF37A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p23:*:*:*:*:*:*", + "matchCriteriaId": "9958D126-EF50-4ED7-85A3-6E5120EFB931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p24:*:*:*:*:*:*", + "matchCriteriaId": "5D9B3F5F-158A-4C43-A894-1A55D1D758FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p25:*:*:*:*:*:*", + "matchCriteriaId": "17729C6D-3DD1-4082-B3AF-B53770304F7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p26:*:*:*:*:*:*", + "matchCriteriaId": "2E34014C-90A0-4ABB-A15F-73E83F312246" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p27:*:*:*:*:*:*", + "matchCriteriaId": "C0DCB95E-CC14-40BF-A7E4-1CD9075E2785" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p28:*:*:*:*:*:*", + "matchCriteriaId": "E1AA25FE-FA1B-4525-99B8-1098E75BDC5C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p29:*:*:*:*:*:*", + "matchCriteriaId": "073ED1BF-B3FE-4CC4-A279-15981DBC0BE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "3144AABF-74CB-44EE-A618-8529A8ACFCF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p30:*:*:*:*:*:*", + "matchCriteriaId": "BA067A60-3B6A-4C3B-8934-E2725199EE39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p31:*:*:*:*:*:*", + "matchCriteriaId": "DD42912A-092C-4FD9-9874-5B04989164C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p4:*:*:*:*:*:*", + "matchCriteriaId": "88AC7AB0-40DF-44D1-83EA-FDD4D5346BBD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p5:*:*:*:*:*:*", + "matchCriteriaId": "4285A4A3-3DED-456D-93D4-1B9FDB42C1EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p6:*:*:*:*:*:*", + "matchCriteriaId": "098FD286-B6CB-4428-9A62-A5F24B4D9E92" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p7:*:*:*:*:*:*", + "matchCriteriaId": "8400088B-E56E-4D0B-86D5-76D884C8031A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p8:*:*:*:*:*:*", + "matchCriteriaId": "29554684-FEFF-42B2-B62E-6523782F537C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.1.0:p9:*:*:*:*:*:*", + "matchCriteriaId": "91AE66E4-AE6B-4F25-9312-6418FC3E221F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:-:*:*:*:*:*:*", + "matchCriteriaId": "8EC2C076-C4C6-4C9A-84FE-B47E835AA0E7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b1:*:*:*:*:*:*", + "matchCriteriaId": "A954DDB4-ACF5-4D74-B735-0BB14762457C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b2:*:*:*:*:*:*", + "matchCriteriaId": "F4E9D8E0-ECFF-4987-8189-F6A5917D39B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b3:*:*:*:*:*:*", + "matchCriteriaId": "7CDF16A7-E9BC-488B-A0DF-91B7F79C2D7A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b4:*:*:*:*:*:*", + "matchCriteriaId": "EF3C4AB5-966A-46CD-8774-7BD4115FC80B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b5:*:*:*:*:*:*", + "matchCriteriaId": "580C70A7-387E-4650-9DBA-D7AA0BFDB1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b6:*:*:*:*:*:*", + "matchCriteriaId": "343C5CD6-48ED-4693-BC2A-549A43F02931" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b7:*:*:*:*:*:*", + "matchCriteriaId": "18F1E6EC-5866-4338-9772-92EB01E0A184" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:b8:*:*:*:*:*:*", + "matchCriteriaId": "57C08697-674F-4924-A5A2-40F1E2BF2059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:i1:*:*:*:*:*:*", + "matchCriteriaId": "AB444D23-88E8-4AFE-9F1E-56AE4ADF7644" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p1:*:*:*:*:*:*", + "matchCriteriaId": "050E9020-9E83-4198-B550-F554686DCC36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p2:*:*:*:*:*:*", + "matchCriteriaId": "E9F4C18C-D62E-47F5-A309-D0BC9CFB990C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tribe29:checkmk:2.2.0:p3:*:*:*:*:*:*", + "matchCriteriaId": "DAFBA752-75C7-4514-AC75-CE7D78AE9F96" + } + ] + } + ] + } + ], "references": [ { "url": "https://checkmk.com/werk/15194", - "source": "security@checkmk.com" + "source": "security@checkmk.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34419.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34419.json index da8e2442e4a..68f1bc646b3 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34419.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34419.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34419", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-08-17T17:15:09.913", - "lastModified": "2023-08-17T17:15:09.913", - "vulnStatus": "Received", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json b/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json index 294f5c76151..090cd47e076 100644 --- a/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json +++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34634.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34634", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-01T14:15:10.070", - "lastModified": "2023-08-10T18:19:44.543", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:12.443", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -74,6 +74,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/174222/Greenshot-1.3.274-Deserialization-Command-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/greenshot/greenshot/commit/a152e2883fca7f78051b3bd6b1e5cc57355cb44c", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37914.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37914.json new file mode 100644 index 00000000000..60c3706c29f --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37914.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-37914", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-17T18:15:14.810", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf", + "source": "security-advisories@github.com" + }, + { + "url": "https://jira.xwiki.org/browse/XWIKI-20421", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json index 09c687745c3..e5da3848707 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38408", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T03:15:10.170", - "lastModified": "2023-08-03T15:15:28.740", + "lastModified": "2023-08-17T19:15:12.520", "vulnStatus": "Modified", "descriptions": [ { @@ -149,6 +149,10 @@ "Patch" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json index bb364477109..89294eb51e8 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38497.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38497", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-04T16:15:10.370", - "lastModified": "2023-08-10T19:53:44.323", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:12.613", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -154,6 +154,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMEXGUGPW5OBSQA6URTBNDSU3RAEFOZ4/", + "source": "security-advisories@github.com" + }, { "url": "https://www.rust-lang.org/policies/security", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json index 7117585f9d2..eb6ea8734dd 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38633", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-22T17:15:09.810", - "lastModified": "2023-08-16T19:41:52.567", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-17T19:15:12.727", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -165,6 +165,10 @@ "Release Notes" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38843.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38843.json new file mode 100644 index 00000000000..b4938c2ce3c --- /dev/null +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38843.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38843", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-17T19:15:12.800", + "lastModified": "2023-08-17T19:15:12.800", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/senzee1984/ff30f0914db39d2741ab17332f0fc6e1", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/atlosdotorg/atlos", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38905.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38905.json new file mode 100644 index 00000000000..a5d36a25f02 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38905.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-38905", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-17T19:15:12.873", + "lastModified": "2023-08-17T19:15:12.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and DBMS_PIPE.RECEIVE_MESSAGE functions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/wealeson1/e24fc8575f4e051320d69e9a75080642", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jeecgboot/jeecg-boot/issues/4737", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json index f5f5a607a7a..0f1b7ac8a36 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39385.json @@ -2,16 +2,49 @@ "id": "CVE-2023-39385", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T13:15:10.333", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:51:42.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,57 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json index 54b3aafe8fa..f5b01451921 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39386.json @@ -2,16 +2,49 @@ "id": "CVE-2023-39386", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T13:15:10.597", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:40:00.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json index 2e288adfa0f..656612eb400 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39387.json @@ -2,16 +2,49 @@ "id": "CVE-2023-39387", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T13:15:10.807", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:18:15.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of permission control in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,77 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json index 6275075a6f2..5f5420a43ec 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39390.json @@ -2,16 +2,49 @@ "id": "CVE-2023-39390", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T13:15:11.090", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T18:06:24.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json index 0c405e69364..445f6360b1e 100644 --- a/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39405.json @@ -2,16 +2,49 @@ "id": "CVE-2023-39405", "sourceIdentifier": "psirt@huawei.com", "published": "2023-08-13T12:15:46.467", - "lastModified": "2023-08-14T00:36:52.173", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-17T19:53:18.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +56,72 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/8/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39741.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39741.json new file mode 100644 index 00000000000..d530583cd69 --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39741.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39741", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-17T19:15:12.977", + "lastModified": "2023-08-17T19:15:12.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ckolivas/lrzip/issues/246", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/huanglei3/lrzip_poc/tree/main/lrzip_heap_overflow", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39743.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39743.json new file mode 100644 index 00000000000..85c7443b088 --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39743.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39743", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-17T19:15:13.077", + "lastModified": "2023-08-17T19:15:13.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/huanglei3/lrzip-next-poc/tree/main", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pete4abw/lrzip-next/issues/132", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json index 207baaa5429..f50c01dd039 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39978.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39978", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-08T06:15:47.790", - "lastModified": "2023-08-10T14:56:36.533", + "lastModified": "2023-08-17T18:53:22.127", "vulnStatus": "Analyzed", "descriptions": [ { @@ -17,20 +17,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "exploitabilityScore": 1.8, + "impactScore": 1.4 } ] }, diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40165.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40165.json new file mode 100644 index 00000000000..f18cb3b2e52 --- /dev/null +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40165.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40165", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-17T18:15:17.100", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "rubygems.org is the Ruby community's primary gem (library) hosting service. Insufficient input validation allowed malicious actors to replace any uploaded gem version that had a platform, version number, or gem name matching `/-\\d/`, permanently replacing the legitimate upload in the canonical gem storage bucket, and triggering an immediate CDN purge so that the malicious gem would be served immediately. The maintainers have checked all gems matching the `/-\\d/` pattern and can confirm that no unexpected `.gem`s were found. As a result, we believe this vulnerability was _not_ exploited. The easiest way to ensure that a user's applications were not exploited by this vulnerability is to check that all of your downloaded .gems have a checksum that matches the checksum recorded in the RubyGems.org database. RubyGems contributor Maciej Mensfeld wrote a tool to automatically check that all downloaded .gem files match the checksums recorded in the RubyGems.org database. You can use it by running: `bundle add bundler-integrity` followed by `bundle exec bundler-integrity`. Neither this tool nor anything else can prove you were not exploited, but the can assist your investigation by quickly comparing RubyGems API-provided checksums with the checksums of files on your disk. The issue has been patched with improved input validation and the changes are live. No action is required on the part of the user. Users are advised to validate their local gems." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rubygems/rubygems.org/commit/7e19c19247ddf5885a915710afc60ec6663d8502", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rubygems/rubygems.org/security/advisories/GHSA-rxcq-2m4f-94wm", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40272.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40272.json index 8df51501850..2c3651b8a52 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40272.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40272.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40272", "sourceIdentifier": "security@apache.org", "published": "2023-08-17T14:15:10.083", - "lastModified": "2023-08-17T16:20:42.683", + "lastModified": "2023-08-17T19:15:13.143", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/17/1", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40313.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40313.json new file mode 100644 index 00000000000..8f39142d613 --- /dev/null +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40313.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-40313", + "sourceIdentifier": "security@opennms.com", + "published": "2023-08-17T19:15:13.220", + "lastModified": "2023-08-17T19:15:13.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@opennms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://docs.opennms.com/horizon/32/releasenotes/changelog.html", + "source": "security@opennms.com" + }, + { + "url": "https://github.com/OpenNMS/opennms/pull/6368", + "source": "security@opennms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40336.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40336.json index a0154aee13c..066e05b4bf6 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40336.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40336.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40336", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.347", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.283", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40337.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40337.json index dae8e7abca2..6094ae7682a 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40337.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40337.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40337", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.420", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.343", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json index 380869398be..6af1e1f6920 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40338.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40338", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.483", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.397", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40339.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40339.json index 24828dcc587..e825c74e4bc 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40339.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40339.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40339", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.547", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.463", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3090", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40340.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40340.json index 8197bad776e..8406c1b2804 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40340.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40340.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40340", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.620", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.523", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3196", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json index ad7623d798c..c6e3571a3d7 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40341.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40341", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.683", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.587", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3116", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json index 7af7388f796..749b6b61a8d 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40342.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40342", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.753", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.650", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3223", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json index 97dee1c2cb2..50cdb6fc4ac 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40343.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40343", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.817", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.713", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3229", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json index beb34d46b05..c045e7cc829 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40344.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40344", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.880", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.780", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(1)", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json index 38bbb265ae9..b4dae219197 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40345.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40345", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:11.937", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.843", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3214%20(2)", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json index 1f8374b1f52..d339093e5be 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40346.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40346", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.000", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.910", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3071", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40347.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40347.json index 58b63bf6dd0..b4da08800e2 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40347.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40347.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40347", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.060", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:13.973", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3153", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40348.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40348.json index 93de29db8fd..dfeb37e6027 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40348.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40348.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40348", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.127", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:14.037", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40349.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40349.json index 3b82f5c2234..f3a9106429b 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40349.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40349.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40349", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.187", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:14.103", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40350.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40350.json index 5fe340edb14..30e8c92b446 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40350.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40350.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40350", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.250", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:14.167", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2811", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40351.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40351.json index d3e6b420622..536cd445ece 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40351.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40351.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40351", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-08-16T15:15:12.313", - "lastModified": "2023-08-16T15:16:57.723", + "lastModified": "2023-08-17T19:15:14.227", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/08/16/3", + "source": "jenkinsci-cert@googlegroups.com" + }, { "url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3201", "source": "jenkinsci-cert@googlegroups.com" diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4028.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4028.json index a3d6a00f27f..9ac1811ea20 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4028.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4028.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4028", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-08-17T17:15:10.217", - "lastModified": "2023-08-17T17:15:10.217", - "vulnStatus": "Received", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4029.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4029.json index 84123602e50..587e376f5be 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4029.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4029", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-08-17T17:15:10.313", - "lastModified": "2023-08-17T17:15:10.313", - "vulnStatus": "Received", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4030.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4030.json index a8db6751545..8ca08aabf37 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4030.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4030.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4030", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-08-17T17:15:10.403", - "lastModified": "2023-08-17T17:15:10.403", - "vulnStatus": "Received", + "lastModified": "2023-08-17T18:54:21.203", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json index c3b1623edf1..af884e57996 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4382.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4382", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-16T20:15:09.650", - "lastModified": "2023-08-17T12:53:44.537", + "lastModified": "2023-08-17T19:15:14.317", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174212/Hyip-Rio-2.1-Cross-Site-Scripting-File-Upload.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.237314", "source": "cna@vuldb.com" diff --git a/README.md b/README.md index f81f674eced..840053db270 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-17T18:00:33.698059+00:00 +2023-08-17T20:00:32.706807+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-17T17:50:16.507000+00:00 +2023-08-17T19:53:39.687000+00:00 ``` ### Last Data Feed Release @@ -29,52 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222910 +222918 ``` ### CVEs added in the last Commit Recently added CVEs: `8` -* [CVE-2023-2914](CVE-2023/CVE-2023-29xx/CVE-2023-2914.json) (`2023-08-17T16:15:09.513`) -* [CVE-2023-2915](CVE-2023/CVE-2023-29xx/CVE-2023-2915.json) (`2023-08-17T16:15:09.693`) -* [CVE-2023-2917](CVE-2023/CVE-2023-29xx/CVE-2023-2917.json) (`2023-08-17T16:15:09.790`) -* [CVE-2023-34419](CVE-2023/CVE-2023-344xx/CVE-2023-34419.json) (`2023-08-17T17:15:09.913`) -* [CVE-2023-3078](CVE-2023/CVE-2023-30xx/CVE-2023-3078.json) (`2023-08-17T17:15:10.027`) -* [CVE-2023-4028](CVE-2023/CVE-2023-40xx/CVE-2023-4028.json) (`2023-08-17T17:15:10.217`) -* [CVE-2023-4029](CVE-2023/CVE-2023-40xx/CVE-2023-4029.json) (`2023-08-17T17:15:10.313`) -* [CVE-2023-4030](CVE-2023/CVE-2023-40xx/CVE-2023-4030.json) (`2023-08-17T17:15:10.403`) +* [CVE-2023-37914](CVE-2023/CVE-2023-379xx/CVE-2023-37914.json) (`2023-08-17T18:15:14.810`) +* [CVE-2023-40165](CVE-2023/CVE-2023-401xx/CVE-2023-40165.json) (`2023-08-17T18:15:17.100`) +* [CVE-2023-26469](CVE-2023/CVE-2023-264xx/CVE-2023-26469.json) (`2023-08-17T19:15:12.143`) +* [CVE-2023-38843](CVE-2023/CVE-2023-388xx/CVE-2023-38843.json) (`2023-08-17T19:15:12.800`) +* [CVE-2023-38905](CVE-2023/CVE-2023-389xx/CVE-2023-38905.json) (`2023-08-17T19:15:12.873`) +* [CVE-2023-39741](CVE-2023/CVE-2023-397xx/CVE-2023-39741.json) (`2023-08-17T19:15:12.977`) +* [CVE-2023-39743](CVE-2023/CVE-2023-397xx/CVE-2023-39743.json) (`2023-08-17T19:15:13.077`) +* [CVE-2023-40313](CVE-2023/CVE-2023-403xx/CVE-2023-40313.json) (`2023-08-17T19:15:13.220`) ### CVEs modified in the last Commit -Recently modified CVEs: `42` +Recently modified CVEs: `62` -* [CVE-2023-4394](CVE-2023/CVE-2023-43xx/CVE-2023-4394.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-34412](CVE-2023/CVE-2023-344xx/CVE-2023-34412.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-40272](CVE-2023/CVE-2023-402xx/CVE-2023-40272.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-28693](CVE-2023/CVE-2023-286xx/CVE-2023-28693.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-28783](CVE-2023/CVE-2023-287xx/CVE-2023-28783.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-31072](CVE-2023/CVE-2023-310xx/CVE-2023-31072.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-31079](CVE-2023/CVE-2023-310xx/CVE-2023-31079.json) (`2023-08-17T16:20:42.683`) -* [CVE-2023-35838](CVE-2023/CVE-2023-358xx/CVE-2023-35838.json) (`2023-08-17T16:23:24.087`) -* [CVE-2023-36673](CVE-2023/CVE-2023-366xx/CVE-2023-36673.json) (`2023-08-17T16:23:42.997`) -* [CVE-2023-35179](CVE-2023/CVE-2023-351xx/CVE-2023-35179.json) (`2023-08-17T16:27:56.180`) -* [CVE-2023-33877](CVE-2023/CVE-2023-338xx/CVE-2023-33877.json) (`2023-08-17T16:43:26.863`) -* [CVE-2023-33867](CVE-2023/CVE-2023-338xx/CVE-2023-33867.json) (`2023-08-17T16:44:58.960`) -* [CVE-2023-32663](CVE-2023/CVE-2023-326xx/CVE-2023-32663.json) (`2023-08-17T16:45:58.003`) -* [CVE-2023-32656](CVE-2023/CVE-2023-326xx/CVE-2023-32656.json) (`2023-08-17T16:50:21.683`) -* [CVE-2023-29243](CVE-2023/CVE-2023-292xx/CVE-2023-29243.json) (`2023-08-17T16:52:15.457`) -* [CVE-2023-26587](CVE-2023/CVE-2023-265xx/CVE-2023-26587.json) (`2023-08-17T16:56:50.163`) -* [CVE-2023-37511](CVE-2023/CVE-2023-375xx/CVE-2023-37511.json) (`2023-08-17T17:02:24.107`) -* [CVE-2023-0871](CVE-2023/CVE-2023-08xx/CVE-2023-0871.json) (`2023-08-17T17:15:09.623`) -* [CVE-2023-26756](CVE-2023/CVE-2023-267xx/CVE-2023-26756.json) (`2023-08-17T17:15:09.817`) -* [CVE-2023-28658](CVE-2023/CVE-2023-286xx/CVE-2023-28658.json) (`2023-08-17T17:45:14.460`) -* [CVE-2023-27391](CVE-2023/CVE-2023-273xx/CVE-2023-27391.json) (`2023-08-17T17:47:29.597`) -* [CVE-2023-34086](CVE-2023/CVE-2023-340xx/CVE-2023-34086.json) (`2023-08-17T17:47:43.510`) -* [CVE-2023-34349](CVE-2023/CVE-2023-343xx/CVE-2023-34349.json) (`2023-08-17T17:49:14.390`) -* [CVE-2023-34427](CVE-2023/CVE-2023-344xx/CVE-2023-34427.json) (`2023-08-17T17:50:01.420`) -* [CVE-2023-27505](CVE-2023/CVE-2023-275xx/CVE-2023-27505.json) (`2023-08-17T17:50:16.507`) +* [CVE-2023-38497](CVE-2023/CVE-2023-384xx/CVE-2023-38497.json) (`2023-08-17T19:15:12.613`) +* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2023-08-17T19:15:12.727`) +* [CVE-2023-40272](CVE-2023/CVE-2023-402xx/CVE-2023-40272.json) (`2023-08-17T19:15:13.143`) +* [CVE-2023-40336](CVE-2023/CVE-2023-403xx/CVE-2023-40336.json) (`2023-08-17T19:15:13.283`) +* [CVE-2023-40337](CVE-2023/CVE-2023-403xx/CVE-2023-40337.json) (`2023-08-17T19:15:13.343`) +* [CVE-2023-40338](CVE-2023/CVE-2023-403xx/CVE-2023-40338.json) (`2023-08-17T19:15:13.397`) +* [CVE-2023-40339](CVE-2023/CVE-2023-403xx/CVE-2023-40339.json) (`2023-08-17T19:15:13.463`) +* [CVE-2023-40340](CVE-2023/CVE-2023-403xx/CVE-2023-40340.json) (`2023-08-17T19:15:13.523`) +* [CVE-2023-40341](CVE-2023/CVE-2023-403xx/CVE-2023-40341.json) (`2023-08-17T19:15:13.587`) +* [CVE-2023-40342](CVE-2023/CVE-2023-403xx/CVE-2023-40342.json) (`2023-08-17T19:15:13.650`) +* [CVE-2023-40343](CVE-2023/CVE-2023-403xx/CVE-2023-40343.json) (`2023-08-17T19:15:13.713`) +* [CVE-2023-40344](CVE-2023/CVE-2023-403xx/CVE-2023-40344.json) (`2023-08-17T19:15:13.780`) +* [CVE-2023-40345](CVE-2023/CVE-2023-403xx/CVE-2023-40345.json) (`2023-08-17T19:15:13.843`) +* [CVE-2023-40346](CVE-2023/CVE-2023-403xx/CVE-2023-40346.json) (`2023-08-17T19:15:13.910`) +* [CVE-2023-40347](CVE-2023/CVE-2023-403xx/CVE-2023-40347.json) (`2023-08-17T19:15:13.973`) +* [CVE-2023-40348](CVE-2023/CVE-2023-403xx/CVE-2023-40348.json) (`2023-08-17T19:15:14.037`) +* [CVE-2023-40349](CVE-2023/CVE-2023-403xx/CVE-2023-40349.json) (`2023-08-17T19:15:14.103`) +* [CVE-2023-40350](CVE-2023/CVE-2023-403xx/CVE-2023-40350.json) (`2023-08-17T19:15:14.167`) +* [CVE-2023-40351](CVE-2023/CVE-2023-403xx/CVE-2023-40351.json) (`2023-08-17T19:15:14.227`) +* [CVE-2023-4382](CVE-2023/CVE-2023-43xx/CVE-2023-4382.json) (`2023-08-17T19:15:14.317`) +* [CVE-2023-39387](CVE-2023/CVE-2023-393xx/CVE-2023-39387.json) (`2023-08-17T19:18:15.017`) +* [CVE-2023-2804](CVE-2023/CVE-2023-28xx/CVE-2023-2804.json) (`2023-08-17T19:26:54.530`) +* [CVE-2023-39386](CVE-2023/CVE-2023-393xx/CVE-2023-39386.json) (`2023-08-17T19:40:00.127`) +* [CVE-2023-39385](CVE-2023/CVE-2023-393xx/CVE-2023-39385.json) (`2023-08-17T19:51:42.627`) +* [CVE-2023-39405](CVE-2023/CVE-2023-394xx/CVE-2023-39405.json) (`2023-08-17T19:53:18.873`) ## Download and Usage