From 2042bbef88bfc8958603802a5d1050449974a346 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 22 Nov 2023 19:00:23 +0000 Subject: [PATCH] Auto-Update: 2023-11-22T19:00:19.986892+00:00 --- CVE-2021/CVE-2021-213xx/CVE-2021-21330.json | 10 +- CVE-2022/CVE-2022-331xx/CVE-2022-33124.json | 6 +- CVE-2023/CVE-2023-200xx/CVE-2023-20084.json | 43 +++++++ CVE-2023/CVE-2023-202xx/CVE-2023-20240.json | 43 +++++++ CVE-2023/CVE-2023-202xx/CVE-2023-20241.json | 43 +++++++ CVE-2023/CVE-2023-222xx/CVE-2023-22268.json | 44 ++++++- CVE-2023/CVE-2023-222xx/CVE-2023-22272.json | 44 ++++++- CVE-2023/CVE-2023-222xx/CVE-2023-22273.json | 44 ++++++- CVE-2023/CVE-2023-222xx/CVE-2023-22274.json | 44 ++++++- CVE-2023/CVE-2023-222xx/CVE-2023-22275.json | 44 ++++++- CVE-2023/CVE-2023-242xx/CVE-2023-24229.json | 18 ++- CVE-2023/CVE-2023-24xx/CVE-2023-2437.json | 8 +- CVE-2023/CVE-2023-24xx/CVE-2023-2438.json | 4 +- CVE-2023/CVE-2023-24xx/CVE-2023-2440.json | 4 +- CVE-2023/CVE-2023-24xx/CVE-2023-2446.json | 6 +- CVE-2023/CVE-2023-24xx/CVE-2023-2448.json | 8 +- CVE-2023/CVE-2023-24xx/CVE-2023-2449.json | 8 +- CVE-2023/CVE-2023-24xx/CVE-2023-2497.json | 4 +- CVE-2023/CVE-2023-259xx/CVE-2023-25986.json | 55 +++++++++ CVE-2023/CVE-2023-259xx/CVE-2023-25987.json | 55 +++++++++ CVE-2023/CVE-2023-265xx/CVE-2023-26542.json | 4 +- CVE-2023/CVE-2023-28xx/CVE-2023-2841.json | 4 +- CVE-2023/CVE-2023-372xx/CVE-2023-37276.json | 6 +- CVE-2023/CVE-2023-430xx/CVE-2023-43082.json | 55 +++++++++ CVE-2023/CVE-2023-438xx/CVE-2023-43887.json | 24 ++++ CVE-2023/CVE-2023-443xx/CVE-2023-44325.json | 64 +++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44336.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44337.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44338.json | 123 +++++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44339.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44340.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44348.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44356.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44357.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44358.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44359.json | 113 +++++++++++++++++- CVE-2023/CVE-2023-453xx/CVE-2023-45377.json | 24 ++++ CVE-2023/CVE-2023-456xx/CVE-2023-45620.json | 91 ++++++++++++++- CVE-2023/CVE-2023-456xx/CVE-2023-45621.json | 91 ++++++++++++++- CVE-2023/CVE-2023-456xx/CVE-2023-45622.json | 91 ++++++++++++++- CVE-2023/CVE-2023-456xx/CVE-2023-45623.json | 91 ++++++++++++++- CVE-2023/CVE-2023-456xx/CVE-2023-45624.json | 91 ++++++++++++++- CVE-2023/CVE-2023-463xx/CVE-2023-46357.json | 24 ++++ CVE-2023/CVE-2023-46xx/CVE-2023-4686.json | 4 +- CVE-2023/CVE-2023-470xx/CVE-2023-47014.json | 20 ++++ CVE-2023/CVE-2023-470xx/CVE-2023-47025.json | 68 ++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47055.json | 53 ++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47056.json | 63 +++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47057.json | 63 +++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47058.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47059.json | 53 ++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47060.json | 53 ++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47066.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47067.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47068.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47069.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47070.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47071.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47072.json | 73 +++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47073.json | 83 ++++++++++++- CVE-2023/CVE-2023-472xx/CVE-2023-47250.json | 28 +++++ CVE-2023/CVE-2023-472xx/CVE-2023-47251.json | 28 +++++ CVE-2023/CVE-2023-473xx/CVE-2023-47312.json | 20 ++++ CVE-2023/CVE-2023-473xx/CVE-2023-47313.json | 20 ++++ CVE-2023/CVE-2023-473xx/CVE-2023-47314.json | 20 ++++ CVE-2023/CVE-2023-473xx/CVE-2023-47315.json | 20 ++++ CVE-2023/CVE-2023-473xx/CVE-2023-47316.json | 20 ++++ CVE-2023/CVE-2023-473xx/CVE-2023-47350.json | 4 +- CVE-2023/CVE-2023-473xx/CVE-2023-47380.json | 4 +- CVE-2023/CVE-2023-474xx/CVE-2023-47467.json | 20 ++++ CVE-2023/CVE-2023-475xx/CVE-2023-47511.json | 51 +++++++- CVE-2023/CVE-2023-475xx/CVE-2023-47514.json | 61 +++++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47686.json | 51 +++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47687.json | 51 +++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47755.json | 55 +++++++++ CVE-2023/CVE-2023-477xx/CVE-2023-47758.json | 55 +++++++++ CVE-2023/CVE-2023-477xx/CVE-2023-47765.json | 55 +++++++++ CVE-2023/CVE-2023-47xx/CVE-2023-4706.json | 60 +++++++++- CVE-2023/CVE-2023-47xx/CVE-2023-4726.json | 4 +- CVE-2023/CVE-2023-480xx/CVE-2023-48011.json | 73 +++++++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48013.json | 73 +++++++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48014.json | 73 +++++++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48055.json | 67 ++++++++++- CVE-2023/CVE-2023-480xx/CVE-2023-48056.json | 77 +++++++++++- CVE-2023/CVE-2023-481xx/CVE-2023-48106.json | 20 ++++ CVE-2023/CVE-2023-481xx/CVE-2023-48134.json | 68 ++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48646.json | 20 ++++ CVE-2023/CVE-2023-486xx/CVE-2023-48655.json | 70 ++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48656.json | 70 ++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48657.json | 71 ++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48658.json | 71 ++++++++++- CVE-2023/CVE-2023-486xx/CVE-2023-48659.json | 71 ++++++++++- CVE-2023/CVE-2023-487xx/CVE-2023-48705.json | 4 +- CVE-2023/CVE-2023-50xx/CVE-2023-5048.json | 4 +- CVE-2023/CVE-2023-50xx/CVE-2023-5079.json | 61 +++++++++- CVE-2023/CVE-2023-50xx/CVE-2023-5096.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5128.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5163.json | 4 +- CVE-2023/CVE-2023-52xx/CVE-2023-5234.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5314.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5338.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5382.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5383.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5385.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5386.json | 4 +- CVE-2023/CVE-2023-53xx/CVE-2023-5387.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5411.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5415.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5416.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5417.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5419.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5465.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5466.json | 4 +- CVE-2023/CVE-2023-54xx/CVE-2023-5469.json | 4 +- CVE-2023/CVE-2023-55xx/CVE-2023-5537.json | 4 +- CVE-2023/CVE-2023-56xx/CVE-2023-5662.json | 4 +- CVE-2023/CVE-2023-56xx/CVE-2023-5664.json | 4 +- CVE-2023/CVE-2023-56xx/CVE-2023-5667.json | 4 +- CVE-2023/CVE-2023-57xx/CVE-2023-5704.json | 4 +- CVE-2023/CVE-2023-57xx/CVE-2023-5706.json | 4 +- CVE-2023/CVE-2023-57xx/CVE-2023-5708.json | 4 +- CVE-2023/CVE-2023-57xx/CVE-2023-5715.json | 4 +- CVE-2023/CVE-2023-57xx/CVE-2023-5742.json | 4 +- CVE-2023/CVE-2023-58xx/CVE-2023-5815.json | 4 +- CVE-2023/CVE-2023-58xx/CVE-2023-5822.json | 4 +- CVE-2023/CVE-2023-60xx/CVE-2023-6007.json | 4 +- CVE-2023/CVE-2023-60xx/CVE-2023-6008.json | 4 +- CVE-2023/CVE-2023-60xx/CVE-2023-6009.json | 8 +- CVE-2023/CVE-2023-61xx/CVE-2023-6156.json | 55 +++++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6157.json | 55 +++++++++ CVE-2023/CVE-2023-61xx/CVE-2023-6160.json | 4 +- CVE-2023/CVE-2023-61xx/CVE-2023-6164.json | 4 +- CVE-2023/CVE-2023-62xx/CVE-2023-6204.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6205.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6206.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6207.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6208.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6209.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6212.json | 8 +- CVE-2023/CVE-2023-62xx/CVE-2023-6263.json | 55 +++++++++ README.md | 110 ++++++++--------- 141 files changed, 5011 insertions(+), 363 deletions(-) create mode 100644 CVE-2023/CVE-2023-200xx/CVE-2023-20084.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20240.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20241.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25986.json create mode 100644 CVE-2023/CVE-2023-259xx/CVE-2023-25987.json create mode 100644 CVE-2023/CVE-2023-430xx/CVE-2023-43082.json create mode 100644 CVE-2023/CVE-2023-438xx/CVE-2023-43887.json create mode 100644 CVE-2023/CVE-2023-453xx/CVE-2023-45377.json create mode 100644 CVE-2023/CVE-2023-463xx/CVE-2023-46357.json create mode 100644 CVE-2023/CVE-2023-470xx/CVE-2023-47014.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47250.json create mode 100644 CVE-2023/CVE-2023-472xx/CVE-2023-47251.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47312.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47313.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47314.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47315.json create mode 100644 CVE-2023/CVE-2023-473xx/CVE-2023-47316.json create mode 100644 CVE-2023/CVE-2023-474xx/CVE-2023-47467.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47755.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47758.json create mode 100644 CVE-2023/CVE-2023-477xx/CVE-2023-47765.json create mode 100644 CVE-2023/CVE-2023-481xx/CVE-2023-48106.json create mode 100644 CVE-2023/CVE-2023-486xx/CVE-2023-48646.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6156.json create mode 100644 CVE-2023/CVE-2023-61xx/CVE-2023-6157.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6263.json diff --git a/CVE-2021/CVE-2021-213xx/CVE-2021-21330.json b/CVE-2021/CVE-2021-213xx/CVE-2021-21330.json index 5779f9b2d21..94b9bf146e6 100644 --- a/CVE-2021/CVE-2021-213xx/CVE-2021-21330.json +++ b/CVE-2021/CVE-2021-213xx/CVE-2021-21330.json @@ -2,7 +2,7 @@ "id": "CVE-2021-21330", "sourceIdentifier": "security-advisories@github.com", "published": "2021-02-26T03:15:12.840", - "lastModified": "2023-11-07T03:29:48.187", + "lastModified": "2023-11-22T17:09:17.470", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "a0819718-46f1-4df5-94e2-005712e83aaa", + "source": "security-advisories@github.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,7 @@ }, "weaknesses": [ { - "source": "a0819718-46f1-4df5-94e2-005712e83aaa", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { @@ -114,9 +114,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.7.4", - "matchCriteriaId": "728B59B5-934C-4602-A40A-2CEBF520AEC5" + "matchCriteriaId": "85039D6B-2E1A-4679-8345-BD3804144EAC" } ] } diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33124.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33124.json index b0b67f4dab2..8cf5284812d 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33124.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33124.json @@ -2,7 +2,7 @@ "id": "CVE-2022-33124", "sourceIdentifier": "cve@mitre.org", "published": "2022-06-23T17:15:14.877", - "lastModified": "2023-11-07T03:48:17.783", + "lastModified": "2023-11-22T17:09:17.470", "vulnStatus": "Modified", "descriptions": [ { @@ -84,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:aiohttp_project:aiohttp:3.8.1:*:*:*:*:*:*:*", - "matchCriteriaId": "AF331E5E-098F-4924-A146-80AACFEE7758" + "criteria": "cpe:2.3:a:aiohttp:aiohttp:3.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9497F8CF-C73D-4D9F-BCD4-1164551B8374" } ] } diff --git a/CVE-2023/CVE-2023-200xx/CVE-2023-20084.json b/CVE-2023/CVE-2023-200xx/CVE-2023-20084.json new file mode 100644 index 00000000000..756c5e7829a --- /dev/null +++ b/CVE-2023/CVE-2023-200xx/CVE-2023-20084.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20084", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-22T17:15:18.317", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is due to a timing issue that occurs between various software components. An attacker could exploit this vulnerability by persuading a user to put a malicious file into a specific folder and then persuading the user to execute the file within a limited time window. A successful exploit could allow the attacker to cause the endpoint software to fail to quarantine the malicious file or kill its process. Note: This vulnerability only applies to deployments that have the Windows Folder Redirection feature enabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-endpoint-dos-RzOgFKnd", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20240.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20240.json new file mode 100644 index 00000000000..e367ffaf647 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20240.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20240", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-22T17:15:18.520", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json new file mode 100644 index 00000000000..155115858d6 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20241.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20241", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-22T17:15:18.740", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.\r\n\r These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these vulnerabilities by logging in to an affected device at the same time that another user is accessing Cisco Secure Client on the same system, and then sending crafted packets to a port on that local host. A successful exploit could allow the attacker to crash the VPN Agent service, causing it to be unavailable to all users of the system. To exploit these vulnerabilities, the attacker must have valid credentials on a multi-user system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-accsc-dos-9SLzkZ8", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json index bf1469c6c4c..48a60e6e436 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22268.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22268", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T13:15:07.693", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:45:33.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an low-privileged authenticated attacker. Exploitation of this issue does not require user interaction." + }, + { + "lang": "es", + "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante autenticado con pocos privilegios. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -46,10 +50,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.4", + "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json index 59ccd57d9d9..9485350f919 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22272.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22272", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T13:15:07.897", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:45:09.013", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + }, + { + "lang": "es", + "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -46,10 +50,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.4", + "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json index b2c9c319bf6..c06110087a6 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22273.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22273", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T13:15:08.097", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:44:58.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction." + }, + { + "lang": "es", + "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo por parte de un atacante autenticado por un administrador. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -46,10 +50,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.4", + "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json index 3b644225b3e..67b18b23b7e 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22274.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22274", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T13:15:08.277", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:44:48.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + }, + { + "lang": "es", + "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una vulnerabilidad de restricci\u00f3n inadecuada de referencia de entidad externa XML ('XXE') que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -46,10 +50,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.4", + "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json b/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json index 5350a735fe6..57d8095ef9f 100644 --- a/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json +++ b/CVE-2023/CVE-2023-222xx/CVE-2023-22275.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22275", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T13:15:08.467", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:44:42.280", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction." + }, + { + "lang": "es", + "value": "Las versiones 11.4 y anteriores de Adobe RoboHelp Server se ven afectadas por una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL (\"inyecci\u00f3n SQL\") que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n por parte de un atacante no autenticado. La explotaci\u00f3n de este problema no requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -46,10 +50,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:robohelp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.4", + "matchCriteriaId": "720169BC-ED60-49A9-8655-D8EEA71601E2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/robohelp-server/apsb23-53.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24229.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24229.json index e80d3c1a011..aee3307a449 100644 --- a/CVE-2023/CVE-2023-242xx/CVE-2023-24229.json +++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24229.json @@ -2,12 +2,12 @@ "id": "CVE-2023-24229", "sourceIdentifier": "cve@mitre.org", "published": "2023-03-15T18:15:10.460", - "lastModified": "2023-03-19T03:57:06.433", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-22T18:15:07.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component." + "value": "DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter." } ], "metrics": { @@ -84,12 +84,24 @@ "Third Party Advisory" ] }, + { + "url": "https://web.archive.org/web/20230315181013/https://github.com/sadwwcxz/Vul", + "source": "cve@mitre.org" + }, + { + "url": "https://www.draytek.co.uk/support/guides/kb-remotemanagement", + "source": "cve@mitre.org" + }, { "url": "https://www.draytek.com/", "source": "cve@mitre.org", "tags": [ "Not Applicable" ] + }, + { + "url": "https://www.draytek.com/support/knowledge-base/5465", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json index e84cc5de1d0..a8291d1ed2e 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2437", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.043", - "lastModified": "2023-11-22T16:15:08.043", - "vulnStatus": "Received", + "lastModified": "2023-11-22T18:15:08.473", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "source": "security@wordfence.com" + }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "source": "security@wordfence.com" diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2438.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2438.json index 664a6336474..85f6122a229 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2438.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2438.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2438", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.207", - "lastModified": "2023-11-22T16:15:08.207", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2440.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2440.json index b3b1df53110..c99a2686525 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2440.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2440.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2440", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.367", - "lastModified": "2023-11-22T16:15:08.367", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2446.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2446.json index 2e83ca9f3d0..217198a25f6 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2446.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2446.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2446", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T08:15:07.020", - "lastModified": "2023-11-22T13:56:48.513", + "lastModified": "2023-11-22T18:15:08.533", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -39,6 +39,10 @@ ] }, "references": [ + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "source": "security@wordfence.com" + }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "source": "security@wordfence.com" diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2448.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2448.json index 7520f2cbc3e..0b5b6ed4f24 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2448.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2448.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2448", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.537", - "lastModified": "2023-11-22T16:15:08.537", - "vulnStatus": "Received", + "lastModified": "2023-11-22T18:15:08.603", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "source": "security@wordfence.com" + }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "source": "security@wordfence.com" diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2449.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2449.json index 3bf9fad0cd2..5ac165292a5 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2449.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2449.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2449", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.697", - "lastModified": "2023-11-22T16:15:08.697", - "vulnStatus": "Received", + "lastModified": "2023-11-22T18:15:08.663", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "source": "security@wordfence.com" + }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "source": "security@wordfence.com" diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json index 9c509209f84..d99c6b1618d 100644 --- a/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json +++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2497.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2497", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:08.857", - "lastModified": "2023-11-22T16:15:08.857", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json new file mode 100644 index 00000000000..f42e76a31ca --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25986.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25986", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-22T18:15:08.087", + "lastModified": "2023-11-22T18:15:08.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \u2013 Ancienne version plugin <=\u00a04.10.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/paygreen-woocommerce/wordpress-paygreen-plugin-4-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json new file mode 100644 index 00000000000..05019165ed7 --- /dev/null +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25987.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25987", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-22T18:15:08.283", + "lastModified": "2023-11-22T18:15:08.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u0161evi\u0107 My YouTube Channel plugin <=\u00a03.23.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/youtube-channel/wordpress-my-youtube-channel-plugin-3-23-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json index 9dbb5356b56..c8129fb8448 100644 --- a/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26542.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26542", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-22T15:15:08.990", - "lastModified": "2023-11-22T15:15:08.990", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:32:02.580", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2841.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2841.json index 8f8dd762996..55057bfb057 100644 --- a/CVE-2023/CVE-2023-28xx/CVE-2023-2841.json +++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2841.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2841", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:09.020", - "lastModified": "2023-11-22T16:15:09.020", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37276.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37276.json index 0457c2deb34..1e7d06e9cd6 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37276.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37276.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37276", "sourceIdentifier": "security-advisories@github.com", "published": "2023-07-19T20:15:10.603", - "lastModified": "2023-07-28T15:55:35.390", + "lastModified": "2023-11-22T17:09:17.470", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,9 +85,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.8.4", - "matchCriteriaId": "DF4DD285-33F6-451D-B56A-C326E41CF6E4" + "matchCriteriaId": "2108175E-0BE7-48A0-B191-AFA35C485AF3" } ] } diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43082.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43082.json new file mode 100644 index 00000000000..701ead9a0fb --- /dev/null +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43082.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43082", + "sourceIdentifier": "security_alert@emc.com", + "published": "2023-11-22T17:15:18.940", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nDell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json new file mode 100644 index 00000000000..b283222f681 --- /dev/null +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43887.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43887", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.747", + "lastModified": "2023-11-22T18:15:08.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/strukturag/libde265/issues/418", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json index 8d6c8c3c28e..12f202dd5d0 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44325", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T09:15:23.053", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:44:29.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:animate:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.0.2", + "matchCriteriaId": "E38DCD72-51C3-4D00-9D3B-31CA58712414" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/animate/apsb23-61.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44336.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44336.json index 020655cb1e4..17fa5745571 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44336.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44336.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44336", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:08.890", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:18:22.253", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44337.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44337.json index 9f81deab6a8..267329b2728 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44337.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44337.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44337", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:09.600", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:16:36.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44338.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44338.json index 00002563db1..661af8b26b6 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44338.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44338.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44338", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:10.187", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:16:11.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +80,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44339.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44339.json index f3c4c0a9196..206d8ee24f6 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44339.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44339.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44339", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:10.717", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:15:45.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json index 28b78e67e01..f41672b9a99 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44340.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44340", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:11.347", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:15:31.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json index cb3923a74c2..68f16a4ac42 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44348.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44348", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:12.063", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:15:18.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json index ff371315eb3..6e2486b9b67 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44356.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44356", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:12.640", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:07:19.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json index 0dfae2eb116..f8b93f601a8 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44357.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44357", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:13.173", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:04:47.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json index 371ae168bb4..441e3599a9d 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44358.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44358", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:13.740", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:04:35.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44359.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44359.json index 524787e2ef3..5198025a90d 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44359.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44359", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T10:15:14.283", - "lastModified": "2023-11-16T13:51:11.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:04:24.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,97 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "A0FEBC42-3857-4802-9DF6-468D875FD75C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.006.20380", + "matchCriteriaId": "CAB9D2E5-B4E0-497C-A95B-58A4B61989C3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndIncluding": "20.005.30539", + "matchCriteriaId": "9C8E748F-AF8D-46BB-ACDE-2454E922B3BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30539", + "matchCriteriaId": "DC0F114D-0EF3-4164-B4CD-36E91408F2F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb23-54.htm", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45377.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45377.json new file mode 100644 index 00000000000..08be58c20c4 --- /dev/null +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45377.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-45377", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.083", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In the module \"Chronopost Official\" (chronopost) for PrestaShop, a guest can perform SQL injection. The script PHP `cancelSkybill.php` own a sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://addons.prestashop.com/fr/transporteurs/19561-chronopost-officiel.html", + "source": "cve@mitre.org" + }, + { + "url": "https://security.friendsofpresta.org/modules/2023/11/21/chronopost.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45620.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45620.json index d3e60c30f0b..4635d3d72b9 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45620.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45620.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45620", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:10.333", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:30:05.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45621.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45621.json index 3c508bbe943..41aa396769e 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45621.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45621.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45621", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:10.497", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:30:22.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en CLI Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45622.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45622.json index 5d803f277cc..8bb32d7a435 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45622.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45622.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45622", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:10.660", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:30:32.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en BLE Daemon Service al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45623.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45623.json index 6bde3eaf1a8..3c6c37519f8 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45623.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45623.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45623", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:10.883", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:26:16.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to interrupt the normal operation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de Denegaci\u00f3n de Servicio (DoS) no autenticadas en Wi-Fi Uplink Service al que se accede a trav\u00e9s a trav\u00e9s protocolo PAPI. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45624.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45624.json index 7266ccb4ec8..c80b7e572fe 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45624.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45624.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45624", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:11.077", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:15:26.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) no autenticada en Soft Ap Daemon al que se accede a trav\u00e9s del protocolo PAPI. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46357.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46357.json new file mode 100644 index 00000000000..101555501fe --- /dev/null +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46357.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46357", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.797", + "lastModified": "2023-11-22T18:15:08.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the module \"Cross Selling in Modal Cart\" (motivationsale) < 3.5.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `motivationsaleDataModel::getProductsByIds()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://addons.prestashop.com/fr/ventes-croisees-packs-produits/16122-cross-selling-in-modal-cart.html", + "source": "cve@mitre.org" + }, + { + "url": "https://security.friendsofpresta.org/modules/2023/11/21/motivationsale.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json index 3454a7f1e98..da11adbbc6c 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4686.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4686", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:09.823", - "lastModified": "2023-11-22T16:15:09.823", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47014.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47014.json new file mode 100644 index 00000000000..993256edbc8 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47014.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47014", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.840", + "lastModified": "2023-11-22T18:15:08.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes App Using PHP with Source Code v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to add-note.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/emirhanerdogu/CVE-2023-47014-Sticky-Notes-App-Using-PHP-with-Source-Code-v1.0-CSRF-to-CORS/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47025.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47025.json index a82e81246e3..74ceaf23bbe 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47025.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47025.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47025", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T23:15:08.123", - "lastModified": "2023-11-16T23:57:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:56:48.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component." + }, + { + "lang": "es", + "value": "Un problema en Free5gc v.3.3.0 permite que un atacante local provoque una denegaci\u00f3n de servicio a trav\u00e9s del componente free5gc-compose." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:free5gc:free5gc:3.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "89BA8BA8-E366-48F9-930A-91ED1442AAFE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/free5gc/free5gc/issues/501", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47055.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47055.json index ed66c526221..fac6a8d256f 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47055.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47055.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47055", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:07.267", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:21:17.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -46,10 +50,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47056.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47056.json index 3a3af69cf34..0d22f9e422d 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47056.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47056.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47056", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:07.510", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:21:22.627", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores), 23.6 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n Heap de la memoria que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Es requerida una interacci\u00f3n del usuario para explotar este problema, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -35,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -46,10 +60,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47057.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47057.json index ddfc2db66f4..ffd932438a5 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47057.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47057.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47057", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:07.700", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:21:31.597", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versiones 24.0 (y anteriores) y 23.6 (y anteriores), est\u00e1n afectadas por una vulnerabilidad de escritura fuera de l\u00edmites que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Una explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -35,6 +39,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -46,10 +60,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47058.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47058.json index 84a1bb320f5..52f1f0dd35d 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47058.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47058.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47058", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:07.890", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:21:45.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -46,10 +70,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47059.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47059.json index d76f29b4529..287a8542a1a 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47059.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47059.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47059", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:08.080", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:31:40.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de lectura fuera de los l\u00edmites al analizar un archivo manipulado, lo que podr\u00eda dar lugar a una lectura m\u00e1s all\u00e1 del final de una estructura de memoria asignada. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -46,10 +50,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47060.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47060.json index b5804624e0a..6eded1b7b97 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47060.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47060.json @@ -2,12 +2,16 @@ "id": "CVE-2023-47060", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-16T17:15:08.270", - "lastModified": "2023-11-16T17:30:31.273", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:31:45.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Adobe Premiere Pro versi\u00f3n 24.0 (y anteriores) y 23.6 (y anteriores) se ven afectados por una vulnerabilidad de acceso al puntero no inicializado que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -46,10 +50,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BCF0FF73-E9FD-4D83-A812-EC45C0638401" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:premiere_pro:24.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEE067D-6646-43C6-987C-35BB0EF7C3F0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/premiere_pro/apsb23-65.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json index 8c8e363fdad..5f4a95ca280 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47066.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47066", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.293", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:55:17.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json index 18fb35012b1..b3d4c1701c1 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47067.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47067", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.793", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:54:19.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json index 3e5d5d8d9fc..cd4c5a0de6b 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47068", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:07.997", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:53:51.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json index 354e4fd3a03..e58a9f3277e 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47069.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47069", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.200", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:52:15.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json index 56ad47a1dd5..42a61f313a7 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47070.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47070", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.457", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:51:55.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json index 40d73e087e0..1a5ccb3b52b 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47071.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47071", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.660", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:51:28.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json index aedf1348d3b..ad01ab4eae0 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47072.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47072", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:08.867", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:50:36.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json index a6fb724d720..2f13d0604e9 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47073.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47073", "sourceIdentifier": "psirt@adobe.com", "published": "2023-11-17T11:15:09.060", - "lastModified": "2023-11-17T13:58:53.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:50:07.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -50,10 +80,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "23.0", + "versionEndIncluding": "23.6", + "matchCriteriaId": "BA5168A1-3412-4CD3-B4C1-39283BCAA16C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.0.2", + "matchCriteriaId": "7F1DDFE3-B9DA-42E8-A8F4-7011977ED3BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/after_effects/apsb23-66.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json new file mode 100644 index 00000000000..d2e6c2ff7a0 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47250.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-47250", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.883", + "lastModified": "2023-11-22T18:15:08.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "source": "cve@mitre.org" + }, + { + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json new file mode 100644 index 00000000000..1aeae633fe3 --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47251.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-47251", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.930", + "lastModified": "2023-11-22T18:15:08.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "source": "cve@mitre.org" + }, + { + "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47312.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47312.json new file mode 100644 index 00000000000..9c2c7fffd23 --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47312.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47312", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.207", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to Login Credential Leakage via Audit Entries." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://boltonshield.com/en/cve/cve-2023-47312/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47313.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47313.json new file mode 100644 index 00000000000..a182f274f0d --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47313.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47313", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.260", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://boltonshield.com/en/cve/cve-2023-47313/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47314.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47314.json new file mode 100644 index 00000000000..4bf326fadf1 --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47314.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47314", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.327", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Cross Site Scripting (XSS) via Uncontrolled File Upload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://boltonshield.com/en/cve/cve-2023-47314/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47315.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47315.json new file mode 100644 index 00000000000..64f2ff59841 --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47315.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47315", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.377", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://boltonshield.com/en/cve/cve-2023-47315/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47316.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47316.json new file mode 100644 index 00000000000..d6374fa690f --- /dev/null +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47316.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47316", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T17:15:22.490", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://boltonshield.com/en/cve/cve-2023-47316/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json index 12be5da7ff9..c81af876feb 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47350.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47350", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T16:15:09.580", - "lastModified": "2023-11-22T16:15:09.580", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json index 9db6d8500b0..08672a38b08 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47380", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-22T15:15:09.380", - "lastModified": "2023-11-22T15:15:09.380", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json new file mode 100644 index 00000000000..36125756df4 --- /dev/null +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47467.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47467", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:08.980", + "lastModified": "2023-11-22T18:15:08.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.yuque.com/u2479829/tegvu8/dvmfdl5fssfen05q", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json index e3d14977678..d79bf5ed910 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47511.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47511", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-16T19:15:08.880", - "lastModified": "2023-11-16T20:03:36.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:23:46.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <=\u00a02.3.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento SO WP Pinyin Slugs en versiones <=2.3.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:so-wp:pinyin_slugs:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.0", + "matchCriteriaId": "7F2D4EAA-A942-44CE-A14B-520AEDA4A166" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/so-pinyin-slugs/wordpress-pinyin-slugs-plugin-2-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json index 7884788e57a..09250a58b2f 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47514.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47514", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-16T18:15:07.060", - "lastModified": "2023-11-16T20:03:36.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:31:02.543", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <=\u00a02.0.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento WooCommerce para lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT en versiones <=2.0.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:star-emea:star_cloudprnt_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.3", + "matchCriteriaId": "05281085-B5B8-4B65-B032-707EE8D93533" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/star-cloudprnt-for-woocommerce/wordpress-star-cloudprnt-for-woocommerce-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47686.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47686.json index d6470f6221c..f2b7a33ecc3 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47686.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47686.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47686", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-16T23:15:08.170", - "lastModified": "2023-11-16T23:57:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:56:36.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <=\u00a02.7.2.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Kiboko Labs Arigato Autoresponder and Newsletteren versiones <=2.7.2.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kibokolabs:arigato_autoresponder_and_newsletter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.7.2.2", + "matchCriteriaId": "D0AD36A7-A6C1-417A-BE66-45ED2B0CBBE5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bft-autoresponder/wordpress-arigato-autoresponder-and-newsletter-plugin-2-7-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47687.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47687.json index a7bf16a9002..0431703e087 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47687.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47687.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47687", "sourceIdentifier": "audit@patchstack.com", "published": "2023-11-16T23:15:08.380", - "lastModified": "2023-11-16T23:57:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:56:23.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <=\u00a02.6.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento VJInfotech Woo Custom y Sequential Order Number en versiones <=2.6.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vjinfotech:woo_custom_and_sequential_order_number:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.0", + "matchCriteriaId": "7E3600CE-11BE-4597-AFB1-63137170F3FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-custom-and-sequential-order-number/wordpress-woo-custom-and-sequential-order-number-plugin-2-6-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47755.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47755.json new file mode 100644 index 00000000000..df66649d779 --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47755.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47755", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-22T18:15:09.037", + "lastModified": "2023-11-22T18:15:09.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <=\u00a03.3.5 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/product-carousel-slider-for-woocommerce/wordpress-woocommerce-product-carousel-slider-plugin-3-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json new file mode 100644 index 00000000000..2a35dbad55b --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47758.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47758", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-22T18:15:09.253", + "lastModified": "2023-11-22T18:15:09.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form plugin <=\u00a01.7.11 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-11-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json new file mode 100644 index 00000000000..27add787b4c --- /dev/null +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47765.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47765", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-11-22T18:15:09.440", + "lastModified": "2023-11-22T18:15:09.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <=\u00a02.1.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/patron-button-and-widgets-by-codebard/wordpress-codebard-s-patron-button-and-widgets-for-patreon-plugin-2-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4706.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4706.json index 774b2d39cc6..8a3a8782fe0 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4706.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4706.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4706", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-11-08T22:15:11.420", - "lastModified": "2023-11-09T13:46:19.893", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:26:48.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nA privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.\n\n" + }, + { + "lang": "es", + "value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en dispositivos precargados de Lenovo implementados con Microsoft AutoPilot en una cuenta de usuario est\u00e1ndar debido a privilegios predeterminados incorrectos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@lenovo.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "psirt@lenovo.com", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lenovo:preload_directory:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EEFD66E5-DB7E-4EA9-A2D5-2F0081C651EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.lenovo.com/us/en/product_security/LEN-127385", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json index f4055d2de46..dc712443d38 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4726.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4726", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:09.983", - "lastModified": "2023-11-22T16:15:09.983", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48011.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48011.json index 3dca80bc460..c9cbd309768 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48011.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48011.json @@ -2,23 +2,86 @@ "id": "CVE-2023-48011", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T19:15:07.693", - "lastModified": "2023-11-16T01:43:41.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:42:49.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master contiene un heap-use-after-free a trav\u00e9s de la funci\u00f3n flush_ref_samples en /gpac/src/isomedia/movie_fragments.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*", + "matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gpac/gpac/issues/2611", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48013.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48013.json index 146afdaa089..5b65384ef47 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48013.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48013.json @@ -2,23 +2,86 @@ "id": "CVE-2023-48013", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T19:15:07.753", - "lastModified": "2023-11-16T01:43:41.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:42:31.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master contiene un doble libre a trav\u00e9s de la funci\u00f3n gf_filterpacket_del en /gpac/src/filter_core/filter.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*", + "matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gpac/gpac/issues/2612", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48014.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48014.json index b2f0e275f92..0b22c8a6062 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48014.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48014.json @@ -2,23 +2,86 @@ "id": "CVE-2023-48014", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T19:15:07.803", - "lastModified": "2023-11-16T01:43:41.077", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:38:29.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que GPAC v2.3-DEV-rev566-g50c2ab06f-master conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n hevc_parse_vps_extension en /media_tools/av_parsers.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev566-g50c2ab06f-master:*:*:*:*:*:*:*", + "matchCriteriaId": "ECEFB340-26A2-43CD-A8DC-518262E4DC36" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gpac/gpac/issues/2613", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json index 97bb0952a62..41e8c1c265a 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48055.json @@ -2,19 +2,78 @@ "id": "CVE-2023-48055", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.390", - "lastModified": "2023-11-16T20:03:36.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:24:27.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que SuperAGI v0.0.13 utiliza una clave codificada para operaciones de cifrado. Esta vulnerabilidad puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n y comunicaciones." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:superagi:superagi:0.0.13:*:*:*:*:*:*:*", + "matchCriteriaId": "18D1F2CD-E6AA-4A40-8CB9-885C003D343E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gxx777.github.io/SuperAGI_v0.0.13_Cryptographic_API_Misuse_Vulnerability.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json index bfe9275ea6f..0e5395033b4 100644 --- a/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48056.json @@ -2,27 +2,92 @@ "id": "CVE-2023-48056", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T18:15:07.440", - "lastModified": "2023-11-16T20:03:36.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:24:16.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications." + }, + { + "lang": "es", + "value": "PyPinkSign v0.5.1 utiliza un IV no aleatorio o est\u00e1tico para el modo Cipher Block Chaining (CBC) en el cifrado AES. Esta vulnerabilidad puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n y comunicaciones." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bandoche:pypinksign:0.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FD699B70-087B-47BC-B486-13A7DA1BEDC1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://bandoche.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://pypinksign.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48106.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48106.json new file mode 100644 index 00000000000..2fb7f166d56 --- /dev/null +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48106.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48106", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:09.630", + "lastModified": "2023-11-22T18:15:09.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zlib-ng/minizip-ng/issues/740", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json b/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json index 2a5bc728c13..a947b9c7a21 100644 --- a/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json +++ b/CVE-2023/CVE-2023-481xx/CVE-2023-48134.json @@ -2,19 +2,79 @@ "id": "CVE-2023-48134", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-16T19:15:09.263", - "lastModified": "2023-11-16T20:03:36.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:23:58.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor." + }, + { + "lang": "es", + "value": "nagayama_copabowl Line 13.6.1 es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/syz913/CVE-reports/blob/main/nagayama_copabowl.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48646.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48646.json new file mode 100644 index 00000000000..d1ee721c595 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48646.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48646", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-22T18:15:09.670", + "lastModified": "2023-11-22T18:15:09.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.manageengine.com/ad-recovery-manager/advisory/CVE-2023-48646.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json index ff4f185a1e7..c0788ba4cfc 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48655", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.640", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:35:04.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/Component/IndexFilterComponent.php no filtra correctamente los par\u00e1metros de consulta." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.176", + "matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/158c8b2f788b75e0d26e9249a75e1be291e59d4b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json index eb091ac1bd5..10697170480 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48656", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.690", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:35:26.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal las cl\u00e1usulas de pedido." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.176", + "matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json index 4509642674a..73096dc8457 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48657", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.740", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:53:34.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php maneja mal los filtros." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.176", + "matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json index 7ec349c96d4..ca8c7d2bb4d 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48658", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.793", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:54:32.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Model/AppModel.php carece de una funci\u00f3n checkParam para caracteres alfanum\u00e9ricos, guiones bajos, guiones, puntos y espacios." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.176", + "matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/168621521b57b2437331174186f84a6aa3e71f0d", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json index c0f9c44e5df..a78fb8f73ed 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48659", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.847", - "lastModified": "2023-11-17T13:58:59.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T17:54:40.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "Se descubri\u00f3 un problema en MISP antes de la versi\u00f3n 2.4.176. app/Controller/AppController.php maneja mal el an\u00e1lisis de par\u00e1metros." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.176", + "matchCriteriaId": "2BBA7CBC-4331-4A5C-A738-3AC216AFC03A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/37ecf81b84a01baa4d4b1fade4de94a9018c32ed", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.175...v2.4.176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48705.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48705.json index 7289b5f4b1f..8a09529e460 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48705.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48705.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48705", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-22T16:15:09.627", - "lastModified": "2023-11-22T16:15:09.627", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json index bb195f51c49..712434a3eef 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5048.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5048", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.137", - "lastModified": "2023-11-22T16:15:10.137", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5079.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5079.json index 1099bd0bf56..c65198f3dd0 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5079.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5079.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5079", "sourceIdentifier": "psirt@lenovo.com", "published": "2023-11-08T22:15:12.133", - "lastModified": "2023-11-09T13:46:19.893", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-22T18:45:31.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Lenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta de la aplicaci\u00f3n Lenovo LeCloud permite a los atacantes acceder a componentes arbitrarios y descargas de archivos arbitrarios, lo que podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@lenovo.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "psirt@lenovo.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lenovo:lecloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.0.25.99", + "matchCriteriaId": "72EE10E2-9487-4FB7-A2BE-FBADCCF0BC12" + } + ] + } + ] + } + ], "references": [ { "url": "https://iknow.lenovo.com.cn/detail/418253?", - "source": "psirt@lenovo.com" + "source": "psirt@lenovo.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json index 86e6d6dcd67..f0cfeddd329 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5096.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5096", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.293", - "lastModified": "2023-11-22T16:15:10.293", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json index c681bc8e0c6..d307b41f29e 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5128", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.453", - "lastModified": "2023-11-22T16:15:10.453", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json index 1c72efa1009..7275bc1cb90 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5163.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5163", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.613", - "lastModified": "2023-11-22T16:15:10.613", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5234.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5234.json index b5bb4db43b8..446b4dd712a 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5234.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5234.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5234", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.773", - "lastModified": "2023-11-22T16:15:10.773", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json index 15fb325639c..652f531e8ec 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5314.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5314", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:10.930", - "lastModified": "2023-11-22T16:15:10.930", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json index 6752218b890..4ce2f41af4d 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5338.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5338", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.083", - "lastModified": "2023-11-22T16:15:11.083", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5382.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5382.json index dc8ba7ee96f..7c637b30c9a 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5382.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5382.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5382", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.240", - "lastModified": "2023-11-22T16:15:11.240", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:59.573", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5383.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5383.json index 23d18a39ada..a9d34cde7fc 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5383.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5383.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5383", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.400", - "lastModified": "2023-11-22T16:15:11.400", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5385.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5385.json index f9af827e29b..1b1340f9e96 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5385.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5385.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5385", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.557", - "lastModified": "2023-11-22T16:15:11.557", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5386.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5386.json index 30282d8c6c1..39306168dc9 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5386.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5386.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5386", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.710", - "lastModified": "2023-11-22T16:15:11.710", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5387.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5387.json index be920aa0ca5..d53c661eedd 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5387.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5387.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5387", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:11.863", - "lastModified": "2023-11-22T16:15:11.863", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5411.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5411.json index 0aef4f650e4..e0f37addf45 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5411.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5411.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5411", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.023", - "lastModified": "2023-11-22T16:15:12.023", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5415.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5415.json index 37cf6d4b09b..0818d67dfe7 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5415.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5415.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5415", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.177", - "lastModified": "2023-11-22T16:15:12.177", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5416.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5416.json index 3a6308c70ed..662bc15ba7e 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5416.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5416.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5416", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.340", - "lastModified": "2023-11-22T16:15:12.340", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5417.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5417.json index a77c6db998b..39639ab1a1c 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5417.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5417.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5417", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.500", - "lastModified": "2023-11-22T16:15:12.500", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5419.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5419.json index 781ef07737b..203961fe590 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5419.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5419.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5419", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.660", - "lastModified": "2023-11-22T16:15:12.660", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json index 25d217ecd66..c9a3d8c0436 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5465.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5465", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.810", - "lastModified": "2023-11-22T16:15:12.810", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json index 6dc5c1754aa..cd1c7ce4bd2 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5466.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5466", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:12.970", - "lastModified": "2023-11-22T16:15:12.970", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json index 1bd7f7e64d6..3b62fcc4c0c 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5469.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5469", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.130", - "lastModified": "2023-11-22T16:15:13.130", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json index 86de5a993dc..0d0c795b197 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5537.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5537", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.310", - "lastModified": "2023-11-22T16:15:13.310", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json index 1fa0df9abf2..013c4693675 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5662.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5662", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.490", - "lastModified": "2023-11-22T16:15:13.490", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json index a76fe1f745c..22456f70596 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5664.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5664", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.657", - "lastModified": "2023-11-22T16:15:13.657", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json index c0fbc83e4be..400126e4104 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5667.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5667", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:13.820", - "lastModified": "2023-11-22T16:15:13.820", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json index 708a015c714..9d9ac53be91 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5704.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5704", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.003", - "lastModified": "2023-11-22T16:15:14.003", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5706.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5706.json index d2867ade248..c8ddb367298 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5706.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5706.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5706", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.167", - "lastModified": "2023-11-22T16:15:14.167", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5708.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5708.json index 60a7457e7bf..5dd882e6f06 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5708.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5708", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.387", - "lastModified": "2023-11-22T16:15:14.387", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5715.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5715.json index aea6014d5c0..5f69e3244a2 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5715.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5715.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5715", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.550", - "lastModified": "2023-11-22T16:15:14.550", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:52.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json index 6d3131d57ef..4b2b15279e5 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5742.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5742", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.720", - "lastModified": "2023-11-22T16:15:14.720", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5815.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5815.json index 7ae4b4df193..4eaec65b2ec 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5815.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5815.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5815", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:14.877", - "lastModified": "2023-11-22T16:15:14.877", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5822.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5822.json index aa916b3c43c..cac4ab865ab 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5822.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5822.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5822", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.043", - "lastModified": "2023-11-22T16:15:15.043", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6007.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6007.json index f0bac620337..428e1cd2c3a 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6007.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6007.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6007", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.210", - "lastModified": "2023-11-22T16:15:15.210", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6008.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6008.json index 21e2f1baea9..eec1023e8f6 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6008.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6008.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6008", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.473", - "lastModified": "2023-11-22T16:15:15.473", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6009.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6009.json index 0a22846b10f..9ddba7bf4a4 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6009.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6009.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6009", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.643", - "lastModified": "2023-11-22T16:15:15.643", - "vulnStatus": "Received", + "lastModified": "2023-11-22T18:15:09.720", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://packetstormsecurity.com/files/175871/WordPress-UserPro-5.1.x-Password-Reset-Authentication-Bypass-Escalation.html", + "source": "security@wordfence.com" + }, { "url": "https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681", "source": "security@wordfence.com" diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6156.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6156.json new file mode 100644 index 00000000000..b32a76872cf --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6156.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6156", + "sourceIdentifier": "security@checkmk.com", + "published": "2023-11-22T17:15:22.537", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-140" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/16221", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6157.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6157.json new file mode 100644 index 00000000000..4ff552b3484 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6157.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6157", + "sourceIdentifier": "security@checkmk.com", + "published": "2023-11-22T17:15:22.847", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-140" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/16221", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6160.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6160.json index 2b46d7413b9..038cd12c9f4 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6160.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6160.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6160", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.810", - "lastModified": "2023-11-22T16:15:15.810", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6164.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6164.json index 353e25cdef9..8bfc414d993 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6164.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6164.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6164", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-22T16:15:15.970", - "lastModified": "2023-11-22T16:15:15.970", - "vulnStatus": "Received", + "lastModified": "2023-11-22T17:31:47.393", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json index 522d7f3902f..c1b22b7c819 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6204.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6204", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.687", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.410", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "On some systems\u2014depending on the graphics settings and drivers\u2014it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "On some systems\u2014depending on the graphics settings and drivers\u2014it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "En algunos sistemas, dependiendo de la configuraci\u00f3n de gr\u00e1ficos y los controladores, era posible forzar una lectura fuera de los l\u00edmites y filtrar datos de memoria en las im\u00e1genes creadas en el elemento del lienzo. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json index e724c990a84..f2b9aed9b91 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6205.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6205", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.737", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.460", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "Era posible provocar el uso de un MessagePort despu\u00e9s de que ya se hab\u00eda liberado, lo que podr\u00eda haber provocado un fallo explotable. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json index eb9f5d2a52f..cac4fb762ac 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6206.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6206", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.787", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.510", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "La animaci\u00f3n de desvanecimiento negro al salir de la pantalla completa es aproximadamente la duraci\u00f3n del retraso anti-clickjacking en las solicitudes de permiso. Era posible utilizar este hecho para sorprender a los usuarios atray\u00e9ndolos a hacer clic en el lugar donde el bot\u00f3n de concesi\u00f3n de permiso estar\u00eda a punto de aparecer. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json index c8ed32cdae3..9ebe662422b 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6207.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6207", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.843", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.563", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "La mala gesti\u00f3n de la propiedad provoc\u00f3 un uso despu\u00e9s de la liberaci\u00f3n en ReadableByteStreams. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json index 2f85f4a9aa2..7fce0f7fdeb 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6208.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6208", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.900", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.613", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.\n*This bug only affects Thunderbird on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.\n*This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "Al usar X11, el texto seleccionado por la p\u00e1gina usando la API de selecci\u00f3n se copiaba err\u00f3neamente en la selecci\u00f3n principal, un almacenamiento temporal similar al portapapeles. *Este error s\u00f3lo afecta a Thunderbird en X11. Otros sistemas no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json index c9d3b0eab63..6486bd1ce35 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6209.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6209", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:07.957", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.650", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "Las URL relativas que comenzaban con tres barras se analizaban incorrectamente y se pod\u00eda utilizar una parte de path-traversal \"/../\" en la ruta para anular el host especificado. Esto podr\u00eda contribuir a problemas de seguridad en los sitios web. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json index e832acea6ed..641596bbe0a 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6212.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6212", "sourceIdentifier": "security@mozilla.org", "published": "2023-11-21T15:15:08.110", - "lastModified": "2023-11-21T16:30:00.600", + "lastModified": "2023-11-22T17:15:26.693", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0." + "value": "Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5." + }, + { + "lang": "es", + "value": "Errores de seguridad de la memoria presentes en Firefox 119, Firefox 115.4 y Thunderbird 115.4. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 120, Firefox < 115.5 y Thunderbird < 115.5.0." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json new file mode 100644 index 00000000000..3d3f64d5990 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6263.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6263", + "sourceIdentifier": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", + "published": "2023-11-22T18:15:09.780", + "lastModified": "2023-11-22T18:15:09.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Network Optix NxCloud before 23.1.0.40440.\u00a0It was possible to add a fake VMS server to NxCloud by using the exact\u00a0identification of a legitimate VMS server. As result, it was possible to\u00a0retrieve authorization headers from legitimate users when the\u00a0legitimate client connects to the fake VMS server.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://networkoptix.atlassian.net/wiki/spaces/CHS/blog/2023/09/22/3074195467/vulnerability+2023-09-21+-+Server+Spoofing", + "source": "96d4e157-0bf0-48b3-8efd-382c68caf4e0" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 85da7a468a3..c858c35b122 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-22T17:04:02.956733+00:00 +2023-11-22T19:00:19.986892+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-22T17:00:04.210000+00:00 +2023-11-22T18:45:31.787000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231346 +231372 ``` ### CVEs added in the last Commit -Recently added CVEs: `49` +Recently added CVEs: `26` -* [CVE-2023-5387](CVE-2023/CVE-2023-53xx/CVE-2023-5387.json) (`2023-11-22T16:15:11.863`) -* [CVE-2023-5411](CVE-2023/CVE-2023-54xx/CVE-2023-5411.json) (`2023-11-22T16:15:12.023`) -* [CVE-2023-5415](CVE-2023/CVE-2023-54xx/CVE-2023-5415.json) (`2023-11-22T16:15:12.177`) -* [CVE-2023-5416](CVE-2023/CVE-2023-54xx/CVE-2023-5416.json) (`2023-11-22T16:15:12.340`) -* [CVE-2023-5417](CVE-2023/CVE-2023-54xx/CVE-2023-5417.json) (`2023-11-22T16:15:12.500`) -* [CVE-2023-5419](CVE-2023/CVE-2023-54xx/CVE-2023-5419.json) (`2023-11-22T16:15:12.660`) -* [CVE-2023-5465](CVE-2023/CVE-2023-54xx/CVE-2023-5465.json) (`2023-11-22T16:15:12.810`) -* [CVE-2023-5466](CVE-2023/CVE-2023-54xx/CVE-2023-5466.json) (`2023-11-22T16:15:12.970`) -* [CVE-2023-5469](CVE-2023/CVE-2023-54xx/CVE-2023-5469.json) (`2023-11-22T16:15:13.130`) -* [CVE-2023-5537](CVE-2023/CVE-2023-55xx/CVE-2023-5537.json) (`2023-11-22T16:15:13.310`) -* [CVE-2023-5662](CVE-2023/CVE-2023-56xx/CVE-2023-5662.json) (`2023-11-22T16:15:13.490`) -* [CVE-2023-5664](CVE-2023/CVE-2023-56xx/CVE-2023-5664.json) (`2023-11-22T16:15:13.657`) -* [CVE-2023-5667](CVE-2023/CVE-2023-56xx/CVE-2023-5667.json) (`2023-11-22T16:15:13.820`) -* [CVE-2023-5704](CVE-2023/CVE-2023-57xx/CVE-2023-5704.json) (`2023-11-22T16:15:14.003`) -* [CVE-2023-5706](CVE-2023/CVE-2023-57xx/CVE-2023-5706.json) (`2023-11-22T16:15:14.167`) -* [CVE-2023-5708](CVE-2023/CVE-2023-57xx/CVE-2023-5708.json) (`2023-11-22T16:15:14.387`) -* [CVE-2023-5715](CVE-2023/CVE-2023-57xx/CVE-2023-5715.json) (`2023-11-22T16:15:14.550`) -* [CVE-2023-5742](CVE-2023/CVE-2023-57xx/CVE-2023-5742.json) (`2023-11-22T16:15:14.720`) -* [CVE-2023-5815](CVE-2023/CVE-2023-58xx/CVE-2023-5815.json) (`2023-11-22T16:15:14.877`) -* [CVE-2023-5822](CVE-2023/CVE-2023-58xx/CVE-2023-5822.json) (`2023-11-22T16:15:15.043`) -* [CVE-2023-6007](CVE-2023/CVE-2023-60xx/CVE-2023-6007.json) (`2023-11-22T16:15:15.210`) -* [CVE-2023-6008](CVE-2023/CVE-2023-60xx/CVE-2023-6008.json) (`2023-11-22T16:15:15.473`) -* [CVE-2023-6009](CVE-2023/CVE-2023-60xx/CVE-2023-6009.json) (`2023-11-22T16:15:15.643`) -* [CVE-2023-6160](CVE-2023/CVE-2023-61xx/CVE-2023-6160.json) (`2023-11-22T16:15:15.810`) -* [CVE-2023-6164](CVE-2023/CVE-2023-61xx/CVE-2023-6164.json) (`2023-11-22T16:15:15.970`) +* [CVE-2023-20240](CVE-2023/CVE-2023-202xx/CVE-2023-20240.json) (`2023-11-22T17:15:18.520`) +* [CVE-2023-20241](CVE-2023/CVE-2023-202xx/CVE-2023-20241.json) (`2023-11-22T17:15:18.740`) +* [CVE-2023-43082](CVE-2023/CVE-2023-430xx/CVE-2023-43082.json) (`2023-11-22T17:15:18.940`) +* [CVE-2023-45377](CVE-2023/CVE-2023-453xx/CVE-2023-45377.json) (`2023-11-22T17:15:22.083`) +* [CVE-2023-47312](CVE-2023/CVE-2023-473xx/CVE-2023-47312.json) (`2023-11-22T17:15:22.207`) +* [CVE-2023-47313](CVE-2023/CVE-2023-473xx/CVE-2023-47313.json) (`2023-11-22T17:15:22.260`) +* [CVE-2023-47314](CVE-2023/CVE-2023-473xx/CVE-2023-47314.json) (`2023-11-22T17:15:22.327`) +* [CVE-2023-47315](CVE-2023/CVE-2023-473xx/CVE-2023-47315.json) (`2023-11-22T17:15:22.377`) +* [CVE-2023-47316](CVE-2023/CVE-2023-473xx/CVE-2023-47316.json) (`2023-11-22T17:15:22.490`) +* [CVE-2023-6156](CVE-2023/CVE-2023-61xx/CVE-2023-6156.json) (`2023-11-22T17:15:22.537`) +* [CVE-2023-6157](CVE-2023/CVE-2023-61xx/CVE-2023-6157.json) (`2023-11-22T17:15:22.847`) +* [CVE-2023-25986](CVE-2023/CVE-2023-259xx/CVE-2023-25986.json) (`2023-11-22T18:15:08.087`) +* [CVE-2023-25987](CVE-2023/CVE-2023-259xx/CVE-2023-25987.json) (`2023-11-22T18:15:08.283`) +* [CVE-2023-43887](CVE-2023/CVE-2023-438xx/CVE-2023-43887.json) (`2023-11-22T18:15:08.747`) +* [CVE-2023-46357](CVE-2023/CVE-2023-463xx/CVE-2023-46357.json) (`2023-11-22T18:15:08.797`) +* [CVE-2023-47014](CVE-2023/CVE-2023-470xx/CVE-2023-47014.json) (`2023-11-22T18:15:08.840`) +* [CVE-2023-47250](CVE-2023/CVE-2023-472xx/CVE-2023-47250.json) (`2023-11-22T18:15:08.883`) +* [CVE-2023-47251](CVE-2023/CVE-2023-472xx/CVE-2023-47251.json) (`2023-11-22T18:15:08.930`) +* [CVE-2023-47467](CVE-2023/CVE-2023-474xx/CVE-2023-47467.json) (`2023-11-22T18:15:08.980`) +* [CVE-2023-47755](CVE-2023/CVE-2023-477xx/CVE-2023-47755.json) (`2023-11-22T18:15:09.037`) +* [CVE-2023-47758](CVE-2023/CVE-2023-477xx/CVE-2023-47758.json) (`2023-11-22T18:15:09.253`) +* [CVE-2023-47765](CVE-2023/CVE-2023-477xx/CVE-2023-47765.json) (`2023-11-22T18:15:09.440`) +* [CVE-2023-48106](CVE-2023/CVE-2023-481xx/CVE-2023-48106.json) (`2023-11-22T18:15:09.630`) +* [CVE-2023-48646](CVE-2023/CVE-2023-486xx/CVE-2023-48646.json) (`2023-11-22T18:15:09.670`) +* [CVE-2023-6263](CVE-2023/CVE-2023-62xx/CVE-2023-6263.json) (`2023-11-22T18:15:09.780`) ### CVEs modified in the last Commit -Recently modified CVEs: `58` +Recently modified CVEs: `114` -* [CVE-2023-47043](CVE-2023/CVE-2023-470xx/CVE-2023-47043.json) (`2023-11-22T15:18:48.790`) -* [CVE-2023-47042](CVE-2023/CVE-2023-470xx/CVE-2023-47042.json) (`2023-11-22T15:18:59.623`) -* [CVE-2023-47041](CVE-2023/CVE-2023-470xx/CVE-2023-47041.json) (`2023-11-22T15:19:08.407`) -* [CVE-2023-47040](CVE-2023/CVE-2023-470xx/CVE-2023-47040.json) (`2023-11-22T15:19:16.977`) -* [CVE-2023-44335](CVE-2023/CVE-2023-443xx/CVE-2023-44335.json) (`2023-11-22T15:19:44.233`) -* [CVE-2023-44334](CVE-2023/CVE-2023-443xx/CVE-2023-44334.json) (`2023-11-22T15:19:55.047`) -* [CVE-2023-44329](CVE-2023/CVE-2023-443xx/CVE-2023-44329.json) (`2023-11-22T15:20:17.657`) -* [CVE-2023-44328](CVE-2023/CVE-2023-443xx/CVE-2023-44328.json) (`2023-11-22T15:20:27.367`) -* [CVE-2023-44327](CVE-2023/CVE-2023-443xx/CVE-2023-44327.json) (`2023-11-22T15:20:36.613`) -* [CVE-2023-47054](CVE-2023/CVE-2023-470xx/CVE-2023-47054.json) (`2023-11-22T15:21:35.057`) -* [CVE-2023-47053](CVE-2023/CVE-2023-470xx/CVE-2023-47053.json) (`2023-11-22T15:21:44.843`) -* [CVE-2023-47051](CVE-2023/CVE-2023-470xx/CVE-2023-47051.json) (`2023-11-22T15:22:00.933`) -* [CVE-2023-47052](CVE-2023/CVE-2023-470xx/CVE-2023-47052.json) (`2023-11-22T15:22:07.817`) -* [CVE-2023-47050](CVE-2023/CVE-2023-470xx/CVE-2023-47050.json) (`2023-11-22T15:22:30.630`) -* [CVE-2023-47049](CVE-2023/CVE-2023-470xx/CVE-2023-47049.json) (`2023-11-22T15:22:40.007`) -* [CVE-2023-47048](CVE-2023/CVE-2023-470xx/CVE-2023-47048.json) (`2023-11-22T15:22:49.797`) -* [CVE-2023-47047](CVE-2023/CVE-2023-470xx/CVE-2023-47047.json) (`2023-11-22T15:22:58.927`) -* [CVE-2023-47046](CVE-2023/CVE-2023-470xx/CVE-2023-47046.json) (`2023-11-22T15:23:13.010`) -* [CVE-2023-45960](CVE-2023/CVE-2023-459xx/CVE-2023-45960.json) (`2023-11-22T16:15:09.180`) -* [CVE-2023-46964](CVE-2023/CVE-2023-469xx/CVE-2023-46964.json) (`2023-11-22T16:15:09.337`) -* [CVE-2023-44372](CVE-2023/CVE-2023-443xx/CVE-2023-44372.json) (`2023-11-22T16:58:26.867`) -* [CVE-2023-44371](CVE-2023/CVE-2023-443xx/CVE-2023-44371.json) (`2023-11-22T16:58:39.573`) -* [CVE-2023-44367](CVE-2023/CVE-2023-443xx/CVE-2023-44367.json) (`2023-11-22T16:58:57.527`) -* [CVE-2023-44366](CVE-2023/CVE-2023-443xx/CVE-2023-44366.json) (`2023-11-22T16:59:23.277`) -* [CVE-2023-44365](CVE-2023/CVE-2023-443xx/CVE-2023-44365.json) (`2023-11-22T17:00:04.210`) +* [CVE-2023-47071](CVE-2023/CVE-2023-470xx/CVE-2023-47071.json) (`2023-11-22T17:51:28.373`) +* [CVE-2023-47070](CVE-2023/CVE-2023-470xx/CVE-2023-47070.json) (`2023-11-22T17:51:55.537`) +* [CVE-2023-47069](CVE-2023/CVE-2023-470xx/CVE-2023-47069.json) (`2023-11-22T17:52:15.793`) +* [CVE-2023-48657](CVE-2023/CVE-2023-486xx/CVE-2023-48657.json) (`2023-11-22T17:53:34.483`) +* [CVE-2023-47068](CVE-2023/CVE-2023-470xx/CVE-2023-47068.json) (`2023-11-22T17:53:51.743`) +* [CVE-2023-47067](CVE-2023/CVE-2023-470xx/CVE-2023-47067.json) (`2023-11-22T17:54:19.510`) +* [CVE-2023-48658](CVE-2023/CVE-2023-486xx/CVE-2023-48658.json) (`2023-11-22T17:54:32.743`) +* [CVE-2023-48659](CVE-2023/CVE-2023-486xx/CVE-2023-48659.json) (`2023-11-22T17:54:40.517`) +* [CVE-2023-47066](CVE-2023/CVE-2023-470xx/CVE-2023-47066.json) (`2023-11-22T17:55:17.360`) +* [CVE-2023-47687](CVE-2023/CVE-2023-476xx/CVE-2023-47687.json) (`2023-11-22T17:56:23.700`) +* [CVE-2023-47686](CVE-2023/CVE-2023-476xx/CVE-2023-47686.json) (`2023-11-22T17:56:36.503`) +* [CVE-2023-47025](CVE-2023/CVE-2023-470xx/CVE-2023-47025.json) (`2023-11-22T17:56:48.987`) +* [CVE-2023-24229](CVE-2023/CVE-2023-242xx/CVE-2023-24229.json) (`2023-11-22T18:15:07.990`) +* [CVE-2023-2437](CVE-2023/CVE-2023-24xx/CVE-2023-2437.json) (`2023-11-22T18:15:08.473`) +* [CVE-2023-2446](CVE-2023/CVE-2023-24xx/CVE-2023-2446.json) (`2023-11-22T18:15:08.533`) +* [CVE-2023-2448](CVE-2023/CVE-2023-24xx/CVE-2023-2448.json) (`2023-11-22T18:15:08.603`) +* [CVE-2023-2449](CVE-2023/CVE-2023-24xx/CVE-2023-2449.json) (`2023-11-22T18:15:08.663`) +* [CVE-2023-6009](CVE-2023/CVE-2023-60xx/CVE-2023-6009.json) (`2023-11-22T18:15:09.720`) +* [CVE-2023-47511](CVE-2023/CVE-2023-475xx/CVE-2023-47511.json) (`2023-11-22T18:23:46.350`) +* [CVE-2023-48134](CVE-2023/CVE-2023-481xx/CVE-2023-48134.json) (`2023-11-22T18:23:58.633`) +* [CVE-2023-48056](CVE-2023/CVE-2023-480xx/CVE-2023-48056.json) (`2023-11-22T18:24:16.740`) +* [CVE-2023-48055](CVE-2023/CVE-2023-480xx/CVE-2023-48055.json) (`2023-11-22T18:24:27.087`) +* [CVE-2023-4706](CVE-2023/CVE-2023-47xx/CVE-2023-4706.json) (`2023-11-22T18:26:48.233`) +* [CVE-2023-47514](CVE-2023/CVE-2023-475xx/CVE-2023-47514.json) (`2023-11-22T18:31:02.543`) +* [CVE-2023-5079](CVE-2023/CVE-2023-50xx/CVE-2023-5079.json) (`2023-11-22T18:45:31.787`) ## Download and Usage