diff --git a/CVE-2021/CVE-2021-277xx/CVE-2021-27715.json b/CVE-2021/CVE-2021-277xx/CVE-2021-27715.json index 5e785cb9b5e..7a2c9d4288b 100644 --- a/CVE-2021/CVE-2021-277xx/CVE-2021-27715.json +++ b/CVE-2021/CVE-2021-277xx/CVE-2021-27715.json @@ -2,23 +2,93 @@ "id": "CVE-2021-27715", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-08T03:15:07.823", - "lastModified": "2023-09-08T12:58:39.247", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:19:26.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mofinetwork:mofi4500-4gxelte-v2_firmware:3.5.6-xnet-5052:*:*:*:*:*:*:*", + "matchCriteriaId": "07AEC844-FE9B-49CF-A748-07B67AF837BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mofinetwork:mofi4500-4gxelte-v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD1B5A49-821C-4192-84B3-46201EEED36D" + } + ] + } + ] + } + ], "references": [ { "url": "http://mofi.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.nagarro.com/services/security/mofi-cve-security-advisory", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-224xx/CVE-2022-22401.json b/CVE-2022/CVE-2022-224xx/CVE-2022-22401.json index 4fef070974e..49c42db1f21 100644 --- a/CVE-2022/CVE-2022-224xx/CVE-2022-22401.json +++ b/CVE-2022/CVE-2022-224xx/CVE-2022-22401.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22401", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-08T22:15:09.533", - "lastModified": "2023-09-10T19:45:57.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T21:05:27.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.5", + "matchCriteriaId": "E98E1987-F57F-48E0-B65E-3EA019915989" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222567", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029681", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-224xx/CVE-2022-22405.json b/CVE-2022/CVE-2022-224xx/CVE-2022-22405.json index c596553992e..ad3485f7c40 100644 --- a/CVE-2022/CVE-2022-224xx/CVE-2022-22405.json +++ b/CVE-2022/CVE-2022-224xx/CVE-2022-22405.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22405", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-08T21:15:44.140", - "lastModified": "2023-09-10T19:45:57.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:26:14.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +76,52 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.5", + "matchCriteriaId": "E98E1987-F57F-48E0-B65E-3EA019915989" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/222576", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029681", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21520.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21520.json new file mode 100644 index 00000000000..db464d55ea4 --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21520.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-21520", + "sourceIdentifier": "secure@blackberry.com", + "published": "2023-09-12T20:15:07.633", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA PII Enumeration via Credential Recovery in the Self Service\u00a0(Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406", + "source": "secure@blackberry.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21522.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21522.json index 19173c4d390..76a834e399c 100644 --- a/CVE-2023/CVE-2023-215xx/CVE-2023-21522.json +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21522.json @@ -2,12 +2,12 @@ "id": "CVE-2023-21522", "sourceIdentifier": "secure@blackberry.com", "published": "2023-09-12T19:15:36.153", - "lastModified": "2023-09-12T19:38:09.050", + "lastModified": "2023-09-12T20:15:07.853", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of Blackberry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00a0" + "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.\u00a0" } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-215xx/CVE-2023-21523.json b/CVE-2023/CVE-2023-215xx/CVE-2023-21523.json new file mode 100644 index 00000000000..3f1d4fd4ead --- /dev/null +++ b/CVE-2023/CVE-2023-215xx/CVE-2023-21523.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-21523", + "sourceIdentifier": "secure@blackberry.com", + "published": "2023-09-12T20:15:08.010", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406", + "source": "secure@blackberry.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-249xx/CVE-2023-24965.json b/CVE-2023/CVE-2023-249xx/CVE-2023-24965.json index 652d265a0fa..b5a60350ca4 100644 --- a/CVE-2023/CVE-2023-249xx/CVE-2023-24965.json +++ b/CVE-2023/CVE-2023-249xx/CVE-2023-24965.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24965", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-08T21:15:44.860", - "lastModified": "2023-09-10T19:45:57.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:28:03.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.5", + "matchCriteriaId": "E98E1987-F57F-48E0-B65E-3EA019915989" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246713", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029681", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30995.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30995.json index 20ef81bff99..b0b4e1c1f53 100644 --- a/CVE-2023/CVE-2023-309xx/CVE-2023-30995.json +++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30995.json @@ -2,8 +2,8 @@ "id": "CVE-2023-30995", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-08T21:15:45.027", - "lastModified": "2023-09-10T19:45:57.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:31:35.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +54,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:aspera_faspex:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.5", + "matchCriteriaId": "E98E1987-F57F-48E0-B65E-3EA019915989" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254268", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7029681", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36736.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36736.json index cb5f4ec1954..4b948fb7a26 100644 --- a/CVE-2023/CVE-2023-367xx/CVE-2023-36736.json +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36736.json @@ -2,12 +2,12 @@ "id": "CVE-2023-36736", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:09.703", - "lastModified": "2023-09-12T19:38:09.050", + "lastModified": "2023-09-12T21:15:07.703", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Microsoft Identity Linux Broker Arbitrary Code Execution Vulnerability" + "value": "Microsoft Identity Linux Broker Remote Code Execution Vulnerability" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3710.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3710.json new file mode 100644 index 00000000000..5b0a2052235 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3710.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3710", + "sourceIdentifier": "psirt@honeywell.com", + "published": "2023-09-12T20:15:09.387", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "source": "psirt@honeywell.com" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "source": "psirt@honeywell.com" + }, + { + "url": "https://www.honeywell.com/us/en/product-security", + "source": "psirt@honeywell.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3711.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3711.json new file mode 100644 index 00000000000..868b73f9f90 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3711.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3711", + "sourceIdentifier": "psirt@honeywell.com", + "published": "2023-09-12T20:15:09.593", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.\u00a0Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "source": "psirt@honeywell.com" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "source": "psirt@honeywell.com" + }, + { + "url": "https://www.honeywell.com/us/en/product-security", + "source": "psirt@honeywell.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json new file mode 100644 index 00000000000..9b9eb7e3bf6 --- /dev/null +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-3712", + "sourceIdentifier": "psirt@honeywell.com", + "published": "2023-09-12T20:15:09.787", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@honeywell.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", + "source": "psirt@honeywell.com" + }, + { + "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", + "source": "psirt@honeywell.com" + }, + { + "url": "https://www.honeywell.com/us/en/product-security", + "source": "psirt@honeywell.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38031.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38031.json index 61168f6bb48..f866e044399 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38031.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38031", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T04:15:10.273", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:45:43.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +31,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -46,10 +66,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7348-56989-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json index 5422a49b080..0c9e635f94c 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38032", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T07:15:08.107", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:46:03.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7349-7f8cd-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json index e3683a07c14..d1df6e5333c 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38033", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T07:15:08.297", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:46:11.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7350-ded5e-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38155.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38155.json index 3d7dff3a0c0..9fbd5ebf6f9 100644 --- a/CVE-2023/CVE-2023-381xx/CVE-2023-38155.json +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38155.json @@ -2,12 +2,12 @@ "id": "CVE-2023-38155", "sourceIdentifier": "secure@microsoft.com", "published": "2023-09-12T17:15:19.527", - "lastModified": "2023-09-12T19:38:09.050", + "lastModified": "2023-09-12T21:15:08.040", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Azure DevOps Server and Team Foundation Server Elevation of Privilege Vulnerability" + "value": "Azure DevOps Server Remote Code Execution Vulnerability" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39201.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39201.json new file mode 100644 index 00000000000..2a9870822cd --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39201.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39201", + "sourceIdentifier": "security@zoom.us", + "published": "2023-09-12T20:15:08.207", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39208.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39208.json new file mode 100644 index 00000000000..73338f81725 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39208.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39208", + "sourceIdentifier": "security@zoom.us", + "published": "2023-09-12T20:15:09.007", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39215.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39215.json new file mode 100644 index 00000000000..a489d3fae1a --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39215.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39215", + "sourceIdentifier": "security@zoom.us", + "published": "2023-09-12T20:15:09.203", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@zoom.us", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://explore.zoom.us/en/trust/security/security-bulletin/", + "source": "security@zoom.us" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json index 20ab3151db3..64a30bba393 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39236", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T07:15:08.440", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:46:29.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -36,7 +36,7 @@ }, "weaknesses": [ { - "source": "twcert@cert.org.tw", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +44,54 @@ "value": "CWE-78" } ] + }, + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] } ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7351-ec8fe-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json index fac2e1244cd..71abf4ce622 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39237", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T07:15:08.537", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:46:41.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7352-bad68-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39238.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39238.json index 0583dd43db8..a7278b7ccb3 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39238.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39238", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T08:15:07.533", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:47:01.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,96 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "55D08B1A-85B6-4501-8998-E308F7633DF9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "7201F0D9-5111-414B-8756-3B36838193CD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7354-4e654-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39239.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39239.json index f74c35cf15f..af9b9c51ae8 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39239.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39239.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39239", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T08:15:07.620", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:47:18.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,96 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "55D08B1A-85B6-4501-8998-E308F7633DF9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "7201F0D9-5111-414B-8756-3B36838193CD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://www.twcert.org.tw/tw/cp-132-7355-0ce8d-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39240.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39240.json index fdd9024b504..7a437b47d88 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39240.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39240.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39240", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-09-07T08:15:07.710", - "lastModified": "2023-09-07T12:50:36.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:09:22.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,10 +46,96 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax55_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "55D08B1A-85B6-4501-8998-E308F7633DF9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8F27D4F-EDC4-4676-8C66-545378850BF1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ax56u_v2_firmware:3.0.0.4.386_50460:*:*:*:*:*:*:*", + "matchCriteriaId": "7201F0D9-5111-414B-8756-3B36838193CD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ax56u_v2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFFF5EF7-E4EC-4DA0-82B4-9996087B951F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac86u_firmware:3.0.0.4_386_51529:*:*:*:*:*:*:*", + "matchCriteriaId": "E3A1AA3F-0CCF-41B0-B8D7-2D72D82C0261" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac86u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89095282-ABBD-4056-B731-7F05638DB1A6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.twcert.org.tw/tw/cp-132-7356-021bf-1.html", - "source": "twcert@cert.org.tw" + "source": "twcert@cert.org.tw", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41327.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41327.json index 86125e973af..577cb9e9aec 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41327.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41327.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41327", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T21:15:14.323", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:43:26.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.32.0-17", + "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.35.1", + "matchCriteriaId": "418B9CC0-59C9-4560-9E92-5C0B1D547916" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.3", + "matchCriteriaId": "5E2F15FC-7298-49C1-9C37-6B0AE0C5B272" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wiremock/wiremock/releases/tag/3.0.0-beta-15", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-hq8w-9w8w-pmx7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41329.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41329.json index 313979570dd..9def04e29df 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41329.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41329.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41329", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T21:15:14.517", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:45:24.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,71 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:python_wiremock:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.1", + "matchCriteriaId": "C996BA43-2702-4ECA-AB34-F6E7FA0811A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:studio:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.32.0-17", + "matchCriteriaId": "94D6D047-97F7-4326-AAF8-09ACB980D549" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.35.1", + "matchCriteriaId": "C970946B-2D32-441B-B920-43B29BDB31AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.3", + "matchCriteriaId": "5E2F15FC-7298-49C1-9C37-6B0AE0C5B272" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock_docker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.35.1-1", + "matchCriteriaId": "6D536C73-6C99-428A-9F41-A6452708B6D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wiremock:wiremock_docker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.0.3-1", + "matchCriteriaId": "6ED4EACC-77AA-476D-83C4-94F1646D0AEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wiremock/wiremock/security/advisories/GHSA-pmxq-pj47-j8j4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://wiremock.org/docs/configuration/#preventing-proxying-to-and-recording-from-specific-target-addresses", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41330.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41330.json index c1b51b03b7a..0392cc50216 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41330.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41330.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41330", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-06T18:15:09.153", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:42:58.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:knplabs:snappy:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.4.3", + "matchCriteriaId": "C2412BC7-4738-4E4B-9382-9C967F55BEC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/KnpLabs/snappy/commit/d3b742d61a68bf93866032c2c0a7f1486128b67e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/KnpLabs/snappy/security/advisories/GHSA-92rv-4j2h-8mjj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Mitigation", + "Vendor Advisory" + ] }, { "url": "https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41331.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41331.json new file mode 100644 index 00000000000..4b4a6e66eb3 --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41331.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41331", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-12T20:15:09.980", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully\ncrafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-917" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sofastack/sofa-rpc/releases/tag/v5.11.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-chv2-7hxj-2j86", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41646.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41646.json index e6d3ec30671..071841587c8 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41646.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41646.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41646", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-07T22:15:07.857", - "lastModified": "2023-09-08T12:58:44.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-12T20:02:24.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "Buttercup v2.20.3 permite a los atacantes obtener el hash de la contrase\u00f1a maestra para el gestor de contrase\u00f1as mediante el acceso al archivo \"/vaults.json/\". " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-916" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perrymitchell:buttercup:2.20.3:*:*:*:*:*:*:*", + "matchCriteriaId": "F9A458D4-031D-4B46-8C1C-F2D1EFE8D449" + } + ] + } + ] + } + ], "references": [ { "url": "https://buttercup.pw/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/tristao-marinho/CVE-2023-41646/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41885.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41885.json new file mode 100644 index 00000000000..26e2fd789a7 --- /dev/null +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41885.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41885", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-12T21:15:08.163", + "lastModified": "2023-09-12T21:15:08.163", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not also enforce strong passwords, these lists of valid accounts are likely to be used in a password spray attack with the outcome being attempted takeover of user accounts on the platform. The impact of this vulnerability is minor as it requires chaining with other attack vectors in order to gain more then simply a list of valid users on the underlying platform. The likelihood of this vulnerability is possible as it requires minimal skills to pull off, especially given the underlying login functionality for Piccolo based sites is open source. This issue has been patched in version 0.121.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/piccolo-orm/piccolo/commit/edcfe3568382922ba3e3b65896e6e7272f972261", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/piccolo-orm/piccolo/security/advisories/GHSA-h7cm-mrvq-wcfr", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json index 9ad2c6a93ac..9334aa94d67 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json @@ -2,7 +2,7 @@ "id": "CVE-2023-42470", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T08:15:07.647", - "lastModified": "2023-09-11T12:41:46.007", + "lastModified": "2023-09-12T20:15:10.200", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://github.com/actuator/cve/blob/main/CVE-2023-42470", + "source": "cve@mitre.org" + }, { "url": "https://github.com/actuator/imou/blob/main/imou-life-6.8.0.md", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json new file mode 100644 index 00000000000..b7bcb3c73c0 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4900.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4900", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.537", + "lastModified": "2023-09-12T21:15:08.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1430867", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json new file mode 100644 index 00000000000..90141da1078 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4901.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4901", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.603", + "lastModified": "2023-09-12T21:15:08.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1459281", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json new file mode 100644 index 00000000000..7f6c3d8fe5d --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4902.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4902", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.657", + "lastModified": "2023-09-12T21:15:08.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1454515", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json new file mode 100644 index 00000000000..861c7b537e5 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4903.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4903", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.717", + "lastModified": "2023-09-12T21:15:08.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1446709", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json new file mode 100644 index 00000000000..54aa65de83d --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4904.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4904", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.777", + "lastModified": "2023-09-12T21:15:08.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1453501", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json new file mode 100644 index 00000000000..12992626b27 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4905.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4905", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.837", + "lastModified": "2023-09-12T21:15:08.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1441228", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json new file mode 100644 index 00000000000..939dbab2a6b --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4906.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4906", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.893", + "lastModified": "2023-09-12T21:15:08.893", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1449874", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json new file mode 100644 index 00000000000..4651de8fb84 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4907.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4907", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:08.950", + "lastModified": "2023-09-12T21:15:08.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1462104", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json new file mode 100644 index 00000000000..33ed38549a0 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4908.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4908", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:09.010", + "lastModified": "2023-09-12T21:15:09.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1451543", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json new file mode 100644 index 00000000000..1927dc70606 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4909.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-4909", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2023-09-12T21:15:09.073", + "lastModified": "2023-09-12T21:15:09.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://crbug.com/1463293", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4918.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4918.json new file mode 100644 index 00000000000..5ca5e7dc2e8 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4918.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-4918", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-09-12T20:15:10.390", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the \"password\" and \"password-confirm\" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4918", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238588", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-5q66-v53q-pm35", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json new file mode 100644 index 00000000000..262dc5c3405 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4921.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4921", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-09-12T20:15:10.573", + "lastModified": "2023-09-12T20:41:39.640", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8", + "source": "cve-coordination@google.com" + }, + { + "url": "https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4979e30b889..9b5cc5b58be 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-12T20:00:24.745323+00:00 +2023-09-12T22:00:25.280743+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-12T19:55:13.077000+00:00 +2023-09-12T21:15:09.073000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224813 +224835 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `22` -* [CVE-2023-21521](CVE-2023/CVE-2023-215xx/CVE-2023-21521.json) (`2023-09-12T19:15:36.033`) -* [CVE-2023-21522](CVE-2023/CVE-2023-215xx/CVE-2023-21522.json) (`2023-09-12T19:15:36.153`) -* [CVE-2023-30962](CVE-2023/CVE-2023-309xx/CVE-2023-30962.json) (`2023-09-12T19:15:36.237`) -* [CVE-2023-4501](CVE-2023/CVE-2023-45xx/CVE-2023-4501.json) (`2023-09-12T19:15:36.333`) +* [CVE-2023-21520](CVE-2023/CVE-2023-215xx/CVE-2023-21520.json) (`2023-09-12T20:15:07.633`) +* [CVE-2023-21523](CVE-2023/CVE-2023-215xx/CVE-2023-21523.json) (`2023-09-12T20:15:08.010`) +* [CVE-2023-39201](CVE-2023/CVE-2023-392xx/CVE-2023-39201.json) (`2023-09-12T20:15:08.207`) +* [CVE-2023-39208](CVE-2023/CVE-2023-392xx/CVE-2023-39208.json) (`2023-09-12T20:15:09.007`) +* [CVE-2023-39215](CVE-2023/CVE-2023-392xx/CVE-2023-39215.json) (`2023-09-12T20:15:09.203`) +* [CVE-2023-3710](CVE-2023/CVE-2023-37xx/CVE-2023-3710.json) (`2023-09-12T20:15:09.387`) +* [CVE-2023-3711](CVE-2023/CVE-2023-37xx/CVE-2023-3711.json) (`2023-09-12T20:15:09.593`) +* [CVE-2023-3712](CVE-2023/CVE-2023-37xx/CVE-2023-3712.json) (`2023-09-12T20:15:09.787`) +* [CVE-2023-41331](CVE-2023/CVE-2023-413xx/CVE-2023-41331.json) (`2023-09-12T20:15:09.980`) +* [CVE-2023-4918](CVE-2023/CVE-2023-49xx/CVE-2023-4918.json) (`2023-09-12T20:15:10.390`) +* [CVE-2023-4921](CVE-2023/CVE-2023-49xx/CVE-2023-4921.json) (`2023-09-12T20:15:10.573`) +* [CVE-2023-41885](CVE-2023/CVE-2023-418xx/CVE-2023-41885.json) (`2023-09-12T21:15:08.163`) +* [CVE-2023-4900](CVE-2023/CVE-2023-49xx/CVE-2023-4900.json) (`2023-09-12T21:15:08.537`) +* [CVE-2023-4901](CVE-2023/CVE-2023-49xx/CVE-2023-4901.json) (`2023-09-12T21:15:08.603`) +* [CVE-2023-4902](CVE-2023/CVE-2023-49xx/CVE-2023-4902.json) (`2023-09-12T21:15:08.657`) +* [CVE-2023-4903](CVE-2023/CVE-2023-49xx/CVE-2023-4903.json) (`2023-09-12T21:15:08.717`) +* [CVE-2023-4904](CVE-2023/CVE-2023-49xx/CVE-2023-4904.json) (`2023-09-12T21:15:08.777`) +* [CVE-2023-4905](CVE-2023/CVE-2023-49xx/CVE-2023-4905.json) (`2023-09-12T21:15:08.837`) +* [CVE-2023-4906](CVE-2023/CVE-2023-49xx/CVE-2023-4906.json) (`2023-09-12T21:15:08.893`) +* [CVE-2023-4907](CVE-2023/CVE-2023-49xx/CVE-2023-4907.json) (`2023-09-12T21:15:08.950`) +* [CVE-2023-4908](CVE-2023/CVE-2023-49xx/CVE-2023-4908.json) (`2023-09-12T21:15:09.010`) +* [CVE-2023-4909](CVE-2023/CVE-2023-49xx/CVE-2023-4909.json) (`2023-09-12T21:15:09.073`) ### CVEs modified in the last Commit -Recently modified CVEs: `89` +Recently modified CVEs: `21` -* [CVE-2023-38140](CVE-2023/CVE-2023-381xx/CVE-2023-38140.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38141](CVE-2023/CVE-2023-381xx/CVE-2023-38141.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38142](CVE-2023/CVE-2023-381xx/CVE-2023-38142.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38143](CVE-2023/CVE-2023-381xx/CVE-2023-38143.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38144](CVE-2023/CVE-2023-381xx/CVE-2023-38144.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38146](CVE-2023/CVE-2023-381xx/CVE-2023-38146.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38147](CVE-2023/CVE-2023-381xx/CVE-2023-38147.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38148](CVE-2023/CVE-2023-381xx/CVE-2023-38148.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38149](CVE-2023/CVE-2023-381xx/CVE-2023-38149.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38150](CVE-2023/CVE-2023-381xx/CVE-2023-38150.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38152](CVE-2023/CVE-2023-381xx/CVE-2023-38152.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38155](CVE-2023/CVE-2023-381xx/CVE-2023-38155.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38156](CVE-2023/CVE-2023-381xx/CVE-2023-38156.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38160](CVE-2023/CVE-2023-381xx/CVE-2023-38160.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38161](CVE-2023/CVE-2023-381xx/CVE-2023-38161.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38162](CVE-2023/CVE-2023-381xx/CVE-2023-38162.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38163](CVE-2023/CVE-2023-381xx/CVE-2023-38163.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-38164](CVE-2023/CVE-2023-381xx/CVE-2023-38164.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-41764](CVE-2023/CVE-2023-417xx/CVE-2023-41764.json) (`2023-09-12T19:38:09.050`) -* [CVE-2023-34758](CVE-2023/CVE-2023-347xx/CVE-2023-34758.json) (`2023-09-12T19:39:31.640`) -* [CVE-2023-2598](CVE-2023/CVE-2023-25xx/CVE-2023-2598.json) (`2023-09-12T19:41:14.247`) -* [CVE-2023-39164](CVE-2023/CVE-2023-391xx/CVE-2023-39164.json) (`2023-09-12T19:42:29.390`) -* [CVE-2023-28560](CVE-2023/CVE-2023-285xx/CVE-2023-28560.json) (`2023-09-12T19:46:13.190`) -* [CVE-2023-32004](CVE-2023/CVE-2023-320xx/CVE-2023-32004.json) (`2023-09-12T19:54:07.643`) -* [CVE-2023-40942](CVE-2023/CVE-2023-409xx/CVE-2023-40942.json) (`2023-09-12T19:55:13.077`) +* [CVE-2021-27715](CVE-2021/CVE-2021-277xx/CVE-2021-27715.json) (`2023-09-12T20:19:26.247`) +* [CVE-2022-22405](CVE-2022/CVE-2022-224xx/CVE-2022-22405.json) (`2023-09-12T20:26:14.320`) +* [CVE-2022-22401](CVE-2022/CVE-2022-224xx/CVE-2022-22401.json) (`2023-09-12T21:05:27.433`) +* [CVE-2023-41646](CVE-2023/CVE-2023-416xx/CVE-2023-41646.json) (`2023-09-12T20:02:24.610`) +* [CVE-2023-39240](CVE-2023/CVE-2023-392xx/CVE-2023-39240.json) (`2023-09-12T20:09:22.577`) +* [CVE-2023-21522](CVE-2023/CVE-2023-215xx/CVE-2023-21522.json) (`2023-09-12T20:15:07.853`) +* [CVE-2023-42470](CVE-2023/CVE-2023-424xx/CVE-2023-42470.json) (`2023-09-12T20:15:10.200`) +* [CVE-2023-24965](CVE-2023/CVE-2023-249xx/CVE-2023-24965.json) (`2023-09-12T20:28:03.347`) +* [CVE-2023-30995](CVE-2023/CVE-2023-309xx/CVE-2023-30995.json) (`2023-09-12T20:31:35.640`) +* [CVE-2023-41330](CVE-2023/CVE-2023-413xx/CVE-2023-41330.json) (`2023-09-12T20:42:58.853`) +* [CVE-2023-41327](CVE-2023/CVE-2023-413xx/CVE-2023-41327.json) (`2023-09-12T20:43:26.803`) +* [CVE-2023-41329](CVE-2023/CVE-2023-413xx/CVE-2023-41329.json) (`2023-09-12T20:45:24.907`) +* [CVE-2023-38031](CVE-2023/CVE-2023-380xx/CVE-2023-38031.json) (`2023-09-12T20:45:43.417`) +* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-12T20:46:03.037`) +* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-12T20:46:11.303`) +* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-12T20:46:29.193`) +* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-12T20:46:41.957`) +* [CVE-2023-39238](CVE-2023/CVE-2023-392xx/CVE-2023-39238.json) (`2023-09-12T20:47:01.077`) +* [CVE-2023-39239](CVE-2023/CVE-2023-392xx/CVE-2023-39239.json) (`2023-09-12T20:47:18.443`) +* [CVE-2023-36736](CVE-2023/CVE-2023-367xx/CVE-2023-36736.json) (`2023-09-12T21:15:07.703`) +* [CVE-2023-38155](CVE-2023/CVE-2023-381xx/CVE-2023-38155.json) (`2023-09-12T21:15:08.040`) ## Download and Usage