diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json new file mode 100644 index 00000000000..17d4d2bfcf1 --- /dev/null +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-43843", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-14T01:15:07.453", + "lastModified": "2023-12-14T01:15:07.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 239080." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://https://www.ibm.com/support/pages/node/7094941", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json index 62da4cd8e84..88f43514395 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30222", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T17:15:11.857", - "lastModified": "2023-06-30T15:52:51.067", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T01:15:07.693", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ } ], "references": [ + { + "url": "https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/", + "source": "cve@mitre.org" + }, { "url": "https://packetstormsecurity.com", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json b/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json index 1ae06bf44ea..0b2c0d82b5f 100644 --- a/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json +++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30223", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-16T17:15:11.897", - "lastModified": "2023-06-30T15:58:40.550", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T01:15:07.787", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ } ], "references": [ + { + "url": "https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/", + "source": "cve@mitre.org" + }, { "url": "https://packetstormsecurity.com", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31546.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31546.json new file mode 100644 index 00000000000..2200f79c873 --- /dev/null +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31546.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31546", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T01:15:07.850", + "lastModified": "2023-12-14T01:15:07.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ran9ege/CVE-2023-31546/blob/main/CVE-2023-31546.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json index a35f3f7fead..ea3b846df13 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json @@ -2,12 +2,12 @@ "id": "CVE-2023-36585", "sourceIdentifier": "secure@microsoft.com", "published": "2023-10-10T18:15:14.343", - "lastModified": "2023-10-13T19:09:26.133", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T02:15:11.723", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Active Template Library Denial of Service Vulnerability" + "value": "Windows upnphost.dll Denial of Service Vulnerability" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json new file mode 100644 index 00000000000..301adf205de --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41719", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-14T02:15:12.460", + "lastModified": "2023-12-14T02:15:12.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json new file mode 100644 index 00000000000..499b418b169 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41720", + "sourceIdentifier": "support@hackerone.com", + "published": "2023-12-14T02:15:12.670", + "lastModified": "2023-12-14T02:15:12.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json new file mode 100644 index 00000000000..15ba46bcfa5 --- /dev/null +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43042", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-14T01:15:07.897", + "lastModified": "2023-12-14T01:15:07.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1393" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://https://www.ibm.com/support/pages/node/7064976", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json new file mode 100644 index 00000000000..4643b36d038 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45184", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2023-12-14T02:15:12.960", + "lastModified": "2023-12-14T02:15:12.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks. IBM X-Force ID: 268270." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268270", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7091942", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json index 9b6fc35a31c..d49944966a0 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46118", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:36.117", - "lastModified": "2023-12-02T01:15:08.923", + "lastModified": "2023-12-14T01:15:08.103", "vulnStatus": "Modified", "descriptions": [ { @@ -113,6 +113,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html", + "source": "security-advisories@github.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5571", "source": "security-advisories@github.com" diff --git a/README.md b/README.md index ae36e8f0947..5398b0fb617 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T00:55:18.119173+00:00 +2023-12-14T03:00:19.148699+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T00:15:43.490000+00:00 +2023-12-14T02:15:12.960000+00:00 ``` ### Last Data Feed Release @@ -29,39 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233080 +233086 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `6` -* [CVE-2023-41621](CVE-2023/CVE-2023-416xx/CVE-2023-41621.json) (`2023-12-13T23:15:07.217`) -* [CVE-2023-43583](CVE-2023/CVE-2023-435xx/CVE-2023-43583.json) (`2023-12-13T23:15:07.270`) -* [CVE-2023-43585](CVE-2023/CVE-2023-435xx/CVE-2023-43585.json) (`2023-12-13T23:15:07.463`) -* [CVE-2023-43586](CVE-2023/CVE-2023-435xx/CVE-2023-43586.json) (`2023-12-13T23:15:07.660`) -* [CVE-2023-45166](CVE-2023/CVE-2023-451xx/CVE-2023-45166.json) (`2023-12-13T23:15:07.850`) -* [CVE-2023-45170](CVE-2023/CVE-2023-451xx/CVE-2023-45170.json) (`2023-12-13T23:15:08.017`) -* [CVE-2023-45174](CVE-2023/CVE-2023-451xx/CVE-2023-45174.json) (`2023-12-13T23:15:08.180`) -* [CVE-2023-49646](CVE-2023/CVE-2023-496xx/CVE-2023-49646.json) (`2023-12-13T23:15:08.357`) -* [CVE-2023-21751](CVE-2023/CVE-2023-217xx/CVE-2023-21751.json) (`2023-12-14T00:15:42.863`) -* [CVE-2023-40921](CVE-2023/CVE-2023-409xx/CVE-2023-40921.json) (`2023-12-14T00:15:43.443`) -* [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-14T00:15:43.490`) +* [CVE-2022-43843](CVE-2022/CVE-2022-438xx/CVE-2022-43843.json) (`2023-12-14T01:15:07.453`) +* [CVE-2023-31546](CVE-2023/CVE-2023-315xx/CVE-2023-31546.json) (`2023-12-14T01:15:07.850`) +* [CVE-2023-43042](CVE-2023/CVE-2023-430xx/CVE-2023-43042.json) (`2023-12-14T01:15:07.897`) +* [CVE-2023-41719](CVE-2023/CVE-2023-417xx/CVE-2023-41719.json) (`2023-12-14T02:15:12.460`) +* [CVE-2023-41720](CVE-2023/CVE-2023-417xx/CVE-2023-41720.json) (`2023-12-14T02:15:12.670`) +* [CVE-2023-45184](CVE-2023/CVE-2023-451xx/CVE-2023-45184.json) (`2023-12-14T02:15:12.960`) ### CVEs modified in the last Commit -Recently modified CVEs: `9` +Recently modified CVEs: `4` -* [CVE-2023-42898](CVE-2023/CVE-2023-428xx/CVE-2023-42898.json) (`2023-12-13T23:15:29.030`) -* [CVE-2023-42478](CVE-2023/CVE-2023-424xx/CVE-2023-42478.json) (`2023-12-13T23:23:46.593`) -* [CVE-2023-42874](CVE-2023/CVE-2023-428xx/CVE-2023-42874.json) (`2023-12-13T23:29:19.097`) -* [CVE-2023-36648](CVE-2023/CVE-2023-366xx/CVE-2023-36648.json) (`2023-12-13T23:38:17.737`) -* [CVE-2023-36650](CVE-2023/CVE-2023-366xx/CVE-2023-36650.json) (`2023-12-13T23:51:23.937`) -* [CVE-2023-42481](CVE-2023/CVE-2023-424xx/CVE-2023-42481.json) (`2023-12-13T23:54:39.960`) -* [CVE-2023-36647](CVE-2023/CVE-2023-366xx/CVE-2023-36647.json) (`2023-12-14T00:03:46.357`) -* [CVE-2023-42476](CVE-2023/CVE-2023-424xx/CVE-2023-42476.json) (`2023-12-14T00:07:10.443`) -* [CVE-2023-36651](CVE-2023/CVE-2023-366xx/CVE-2023-36651.json) (`2023-12-14T00:12:41.860`) +* [CVE-2023-30222](CVE-2023/CVE-2023-302xx/CVE-2023-30222.json) (`2023-12-14T01:15:07.693`) +* [CVE-2023-30223](CVE-2023/CVE-2023-302xx/CVE-2023-30223.json) (`2023-12-14T01:15:07.787`) +* [CVE-2023-46118](CVE-2023/CVE-2023-461xx/CVE-2023-46118.json) (`2023-12-14T01:15:08.103`) +* [CVE-2023-36585](CVE-2023/CVE-2023-365xx/CVE-2023-36585.json) (`2023-12-14T02:15:11.723`) ## Download and Usage