From 2cf8e8674d7487aefc6a43b5e30e75339cecef12 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 29 Dec 2023 03:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-29T03:00:24.898739+00:00 --- CVE-2021/CVE-2021-270xx/CVE-2021-27064.json | 26 ++++- CVE-2021/CVE-2021-270xx/CVE-2021-27067.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28448.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28449.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28450.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28451.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28452.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28453.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28454.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28456.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28457.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28458.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28459.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28460.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28464.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28466.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28468.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28469.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28470.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28471.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28472.json | 26 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28473.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28475.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28477.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28480.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28481.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28482.json | 28 ++++- CVE-2021/CVE-2021-284xx/CVE-2021-28483.json | 28 ++++- CVE-2023/CVE-2023-234xx/CVE-2023-23431.json | 55 ++++++++++ CVE-2023/CVE-2023-234xx/CVE-2023-23432.json | 55 ++++++++++ CVE-2023/CVE-2023-234xx/CVE-2023-23433.json | 55 ++++++++++ CVE-2023/CVE-2023-234xx/CVE-2023-23434.json | 43 ++++++++ CVE-2023/CVE-2023-234xx/CVE-2023-23435.json | 55 ++++++++++ CVE-2023/CVE-2023-234xx/CVE-2023-23436.json | 55 ++++++++++ CVE-2023/CVE-2023-294xx/CVE-2023-29485.json | 109 +++++++++++++++++++- CVE-2023/CVE-2023-294xx/CVE-2023-29486.json | 109 +++++++++++++++++++- CVE-2023/CVE-2023-312xx/CVE-2023-31292.json | 20 ++++ CVE-2023/CVE-2023-312xx/CVE-2023-31298.json | 20 ++++ CVE-2023/CVE-2023-313xx/CVE-2023-31301.json | 20 ++++ CVE-2023/CVE-2023-433xx/CVE-2023-43314.json | 20 ++-- CVE-2023/CVE-2023-466xx/CVE-2023-46624.json | 47 ++++++++- CVE-2023/CVE-2023-517xx/CVE-2023-51764.json | 10 +- CVE-2023/CVE-2023-71xx/CVE-2023-7143.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-71xx/CVE-2023-7144.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-71xx/CVE-2023-7145.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-71xx/CVE-2023-7146.json | 88 ++++++++++++++++ README.md | 85 +++++++-------- 47 files changed, 1705 insertions(+), 161 deletions(-) create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23431.json create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23432.json create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23433.json create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23434.json create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23435.json create mode 100644 CVE-2023/CVE-2023-234xx/CVE-2023-23436.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31292.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31298.json create mode 100644 CVE-2023/CVE-2023-313xx/CVE-2023-31301.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7143.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7144.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7145.json create mode 100644 CVE-2023/CVE-2023-71xx/CVE-2023-7146.json diff --git a/CVE-2021/CVE-2021-270xx/CVE-2021-27064.json b/CVE-2021/CVE-2021-270xx/CVE-2021-27064.json index 57513540386..ff4f591489a 100644 --- a/CVE-2021/CVE-2021-270xx/CVE-2021-27064.json +++ b/CVE-2021/CVE-2021-270xx/CVE-2021-27064.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27064", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:15.343", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:38.447", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-270xx/CVE-2021-27067.json b/CVE-2021/CVE-2021-270xx/CVE-2021-27067.json index 4c9d39f1b03..df199f7eec7 100644 --- a/CVE-2021/CVE-2021-270xx/CVE-2021-27067.json +++ b/CVE-2021/CVE-2021-270xx/CVE-2021-27067.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27067", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:15.407", - "lastModified": "2022-06-28T14:11:45.273", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:38.650", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28448.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28448.json index 74e730e5313..823091b46c9 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28448.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28448.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28448", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.017", - "lastModified": "2021-04-21T01:42:14.957", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:38.850", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28449.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28449.json index ae8b252d41e..a8759699387 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28449.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28449.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28449", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.077", - "lastModified": "2021-04-21T01:37:51.280", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.030", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28450.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28450.json index 7ca81040c65..bdf9be0dd2e 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28450.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28450.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28450", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.140", - "lastModified": "2021-04-19T23:29:18.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.210", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft SharePoint Denial of Service Update" + "value": "Microsoft SharePoint Denial of Service Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28451.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28451.json index 6897f754b33..6e74ec3d0ba 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28451.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28451.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28451", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.220", - "lastModified": "2021-04-19T23:43:01.933", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.393", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28454." + "value": "Microsoft Excel Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28452.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28452.json index ee4a2eacd46..012b7538761 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28452.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28452.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28452", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.280", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.563", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28453.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28453.json index f47b76eb33b..631155daeb8 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28453.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28453.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28453", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.343", - "lastModified": "2021-06-04T18:36:55.787", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.757", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28454.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28454.json index 85e392425fd..6d5fea5cc0a 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28454.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28454.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28454", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.407", - "lastModified": "2021-04-20T22:21:37.963", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:39.943", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28451." + "value": "Microsoft Excel Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28456.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28456.json index f87693575f9..e3366f7597b 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28456.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28456.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28456", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.470", - "lastModified": "2021-04-20T22:20:18.460", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:40.137", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28457.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28457.json index 9d92f50574a..e8c76dd26c2 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28457.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28457.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28457", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.530", - "lastModified": "2021-04-20T22:19:36.837", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:40.310", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28469, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28458.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28458.json index eadbb86b282..f7040f4e403 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28458.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28458.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28458", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.610", - "lastModified": "2022-05-03T16:04:40.443", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:40.487", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28459.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28459.json index 3c6fdd1df2f..54e9ee93d0e 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28459.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28459.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28459", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.673", - "lastModified": "2021-04-20T21:52:18.740", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:40.660", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28460.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28460.json index 9d6e34b6323..5705c18a04c 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28460.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28460.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28460", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.733", - "lastModified": "2021-04-20T20:48:26.880", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:40.890", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28464.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28464.json index da3c897d833..98e2eac9cca 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28464.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28464.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28464", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.797", - "lastModified": "2021-04-20T20:44:06.537", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:41.093", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28466.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28466.json index 1aa6567795d..913ea075cde 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28466.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28466.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28466", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.860", - "lastModified": "2021-04-20T17:44:45.897", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:41.263", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28468." + "value": "Raw Image Extension Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28468.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28468.json index dca8781fecf..da531ddfb5a 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28468.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28468.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28468", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.923", - "lastModified": "2021-04-20T17:43:03.470", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:41.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Raw Image Extension Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28466." + "value": "Raw Image Extension Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28469.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28469.json index 7c4a645b140..beed2264129 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28469.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28469.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28469", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:20.970", - "lastModified": "2021-04-20T17:19:28.657", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:41.620", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28473, CVE-2021-28475, CVE-2021-28477." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28470.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28470.json index 709da0bf1e2..83220341146 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28470.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28470.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28470", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.030", - "lastModified": "2021-04-20T17:18:02.883", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:41.797", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28471.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28471.json index e04f472d8c4..834eddd7784 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28471.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28471.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28471", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.093", - "lastModified": "2021-04-20T17:14:00.667", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.010", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28472.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28472.json index 4092ba6d3c0..d8b18e197ab 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28472.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28472.json @@ -2,8 +2,8 @@ "id": "CVE-2021-28472", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.203", - "lastModified": "2021-04-20T16:54:20.610", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.177", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28473.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28473.json index c3c28f05eae..6cbf8f5e58d 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28473.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28473.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28473", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.267", - "lastModified": "2021-04-16T21:21:43.403", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.373", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28475, CVE-2021-28477." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28475.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28475.json index c5c532ed3b5..19c78694988 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28475.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28475.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28475", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.343", - "lastModified": "2021-04-16T21:22:07.843", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.540", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28477." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28477.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28477.json index e2cf2f9a24b..a36edfcca16 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28477.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28477.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28477", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.407", - "lastModified": "2021-04-16T21:22:20.597", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.733", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Visual Studio Code Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28457, CVE-2021-28469, CVE-2021-28473, CVE-2021-28475." + "value": "Visual Studio Code Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,8 +17,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28480.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28480.json index 7f9a19af7d1..da86350647a 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28480.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28480.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28480", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.470", - "lastModified": "2021-04-14T13:00:04.313", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:42.943", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28481, CVE-2021-28482, CVE-2021-28483." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28481.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28481.json index 8c4765c0563..d1e79d99c8c 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28481.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28481.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28481", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.530", - "lastModified": "2021-04-14T12:58:49.327", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:43.157", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28482, CVE-2021-28483." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28482.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28482.json index 1a2dafbb0ce..3ed242f11e2 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28482.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28482.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28482", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.577", - "lastModified": "2021-04-14T12:58:09.203", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:43.337", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28483.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28483.json index a6895692190..bcea489381b 100644 --- a/CVE-2021/CVE-2021-284xx/CVE-2021-28483.json +++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28483.json @@ -2,12 +2,12 @@ "id": "CVE-2021-28483", "sourceIdentifier": "secure@microsoft.com", "published": "2021-04-13T20:15:21.640", - "lastModified": "2021-04-14T13:01:40.160", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-29T01:15:43.510", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482." + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "secure@microsoft.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 } ], "cvssMetricV2": [ diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json new file mode 100644 index 00000000000..4ecfe614ba0 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23431.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23431", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:43.803", + "lastModified": "2023-12-29T02:15:43.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23431/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json new file mode 100644 index 00000000000..3816aa12296 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23432.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23432", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:44.063", + "lastModified": "2023-12-29T02:15:44.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23432/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json new file mode 100644 index 00000000000..dc374a3af35 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23433.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23433", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:44.253", + "lastModified": "2023-12-29T02:15:44.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23433/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json new file mode 100644 index 00000000000..ec80cbec1c0 --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23434.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-23434", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:44.437", + "lastModified": "2023-12-29T02:15:44.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23434/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json new file mode 100644 index 00000000000..83a8ec4762b --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23435.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23435", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:44.597", + "lastModified": "2023-12-29T02:15:44.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23435/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json b/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json new file mode 100644 index 00000000000..715582c4f3d --- /dev/null +++ b/CVE-2023/CVE-2023-234xx/CVE-2023-23436.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-23436", + "sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "published": "2023-12-29T02:15:44.783", + "lastModified": "2023-12-29T02:15:44.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://www.hihonor.com/global/security/cve-2023-23436/", + "source": "3836d913-7555-4dd0-a509-f5667fdf5fe4" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29485.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29485.json index db5d82f3b4d..2002096d237 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29485.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29485.json @@ -2,19 +2,120 @@ "id": "CVE-2023-29485", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T01:15:32.700", - "lastModified": "2023-12-21T02:24:16.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T02:21:17.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows attackers to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las versiones 3.4.2 y anteriores del agente Heimdal Thor en Windows y 2.6.9 y anteriores en macOS, que permite a los atacantes omitir el filtrado de red, ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00f3dulo de prevenci\u00f3n de amenazas DarkLayer Guard." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.5.3", + "matchCriteriaId": "A77CAF90-FF93-4F80-9FF8-6318D80BA966" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.6.9", + "matchCriteriaId": "AF6E8BE4-9359-4FFE-AAF5-91CEF7EF892F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29486.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29486.json index 34757e4195f..62448b8ee52 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29486.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29486.json @@ -2,19 +2,120 @@ "id": "CVE-2023-29486", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-21T01:15:32.790", - "lastModified": "2023-12-21T02:24:16.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T02:20:40.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las versiones 3.4.2 y anteriores al 3.7.0 del agente Heimdal Thor en Windows, que permite a los atacantes omitir las restricciones de acceso USB, ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del componente antivirus de pr\u00f3xima generaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.0", + "matchCriteriaId": "81ED23F2-9637-4AB3-949C-7A7BE73A6BF9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heimdalsecurity:thor:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.6.9", + "matchCriteriaId": "AF6E8BE4-9359-4FFE-AAF5-91CEF7EF892F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://medium.com/%40drabek.a/weaknesses-in-heimdal-thors-line-of-products-9d0e5095fb93", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json new file mode 100644 index 00000000000..52755f8ad67 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31292.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31292", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T02:15:44.983", + "lastModified": "2023-12-29T02:15:44.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via \"Back Button Refresh\" attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0051/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json new file mode 100644 index 00000000000..c60b1eb0f04 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31298.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31298", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T02:15:45.037", + "lastModified": "2023-12-29T02:15:45.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0060/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json b/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json new file mode 100644 index 00000000000..f6a4a4e122a --- /dev/null +++ b/CVE-2023/CVE-2023-313xx/CVE-2023-31301.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-31301", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-29T02:15:45.080", + "lastModified": "2023-12-29T02:15:45.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://herolab.usd.de/en/security-advisories/usd-2022-0059/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43314.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43314.json index 7e5873beb48..dc84c864d57 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43314.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43314.json @@ -2,12 +2,12 @@ "id": "CVE-2023-43314", "sourceIdentifier": "security@zyxel.com.tw", "published": "2023-09-27T23:15:12.057", - "lastModified": "2023-11-07T04:21:20.897", + "lastModified": "2023-12-29T01:15:43.687", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0\u00a0could allow an authenticated attacker with administrator privileges to cause a denial of service condition via a crafted uid.\n\n" + "value": "The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0\u00a0could allow an authenticated attacker to cause a denial of service condition via a crafted uid.\n\n" }, { "lang": "es", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "security@zyxel.com.tw", "type": "Primary", "cvssData": { "version": "3.1", @@ -37,23 +37,23 @@ "impactScore": 3.6 }, { - "source": "96e50032-ad0d-4058-a115-4d2c13821f9f", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 4.9, - "baseSeverity": "MEDIUM" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 1.2, + "exploitabilityScore": 3.9, "impactScore": 3.6 } ] @@ -70,7 +70,7 @@ ] }, { - "source": "96e50032-ad0d-4058-a115-4d2c13821f9f", + "source": "security@zyxel.com.tw", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46624.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46624.json index a5031614037..686b048bd30 100644 --- a/CVE-2023/CVE-2023-466xx/CVE-2023-46624.json +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46624.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46624", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-19T22:15:07.673", - "lastModified": "2023-12-20T13:50:37.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-29T02:56:36.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:parcelpro:parcel_pro:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.11", + "matchCriteriaId": "5D422A1A-B9E0-4941-8112-4787CC8F2489" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/woo-parcel-pro/wordpress-parcel-pro-plugin-1-6-3-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json index f7c9a3df532..3dd32f524a6 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51764.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51764", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T05:15:08.273", - "lastModified": "2023-12-26T21:15:07.783", + "lastModified": "2023-12-29T02:15:45.130", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -36,6 +36,14 @@ "url": "https://fahrplan.events.ccc.de/congress/2023/fahrplan/events/11782.html", "source": "cve@mitre.org" }, + { + "url": "https://github.com/duy-31/CVE-2023-51764", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/eeenvik1/CVE-2023-51764", + "source": "cve@mitre.org" + }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json new file mode 100644 index 00000000000..952a205a69b --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7143.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7143", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T01:15:43.917", + "lastModified": "2023-12-29T01:15:43.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h4md153v63n/CVEs/blob/main/Client_Details_System/Client_Details_System-Blind_Cross_Site_Scripting.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249146", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249146", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json new file mode 100644 index 00000000000..e0ce38cfd96 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7144.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7144", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T01:15:44.137", + "lastModified": "2023-12-29T01:15:44.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/4HDWrBHGCf9e", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249147", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249147", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json new file mode 100644 index 00000000000..43ed4bd4ba7 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7145.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7145", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T02:15:45.180", + "lastModified": "2023-12-29T02:15:45.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/LEbo1ypfzfQh", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249148", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249148", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json b/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json new file mode 100644 index 00000000000..9f96d290674 --- /dev/null +++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7146.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7146", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-29T02:15:45.387", + "lastModified": "2023-12-29T02:15:45.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/jRqEcVBTsZh4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249149", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249149", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ed6be22fd7a..b8b3a51a56b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-29T00:55:26.382121+00:00 +2023-12-29T03:00:24.898739+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-29T00:15:50.740000+00:00 +2023-12-29T02:56:36.643000+00:00 ``` ### Last Data Feed Release @@ -23,60 +23,63 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-12-28T01:00:28.273762+00:00 +2023-12-29T01:00:28.272932+00:00 ``` ### Total Number of included CVEs ```plain -234380 +234393 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `13` -* [CVE-2023-50448](CVE-2023/CVE-2023-504xx/CVE-2023-50448.json) (`2023-12-28T23:15:43.500`) -* [CVE-2023-52083](CVE-2023/CVE-2023-520xx/CVE-2023-52083.json) (`2023-12-28T23:15:43.557`) -* [CVE-2023-52084](CVE-2023/CVE-2023-520xx/CVE-2023-52084.json) (`2023-12-28T23:15:43.777`) -* [CVE-2023-52152](CVE-2023/CVE-2023-521xx/CVE-2023-52152.json) (`2023-12-28T23:15:44.197`) -* [CVE-2023-7139](CVE-2023/CVE-2023-71xx/CVE-2023-7139.json) (`2023-12-28T23:15:44.263`) -* [CVE-2023-7140](CVE-2023/CVE-2023-71xx/CVE-2023-7140.json) (`2023-12-28T23:15:44.623`) -* [CVE-2023-50104](CVE-2023/CVE-2023-501xx/CVE-2023-50104.json) (`2023-12-29T00:15:50.233`) -* [CVE-2023-52085](CVE-2023/CVE-2023-520xx/CVE-2023-52085.json) (`2023-12-29T00:15:50.300`) -* [CVE-2023-7141](CVE-2023/CVE-2023-71xx/CVE-2023-7141.json) (`2023-12-29T00:15:50.517`) -* [CVE-2023-7142](CVE-2023/CVE-2023-71xx/CVE-2023-7142.json) (`2023-12-29T00:15:50.740`) +* [CVE-2023-7143](CVE-2023/CVE-2023-71xx/CVE-2023-7143.json) (`2023-12-29T01:15:43.917`) +* [CVE-2023-7144](CVE-2023/CVE-2023-71xx/CVE-2023-7144.json) (`2023-12-29T01:15:44.137`) +* [CVE-2023-23431](CVE-2023/CVE-2023-234xx/CVE-2023-23431.json) (`2023-12-29T02:15:43.803`) +* [CVE-2023-23432](CVE-2023/CVE-2023-234xx/CVE-2023-23432.json) (`2023-12-29T02:15:44.063`) +* [CVE-2023-23433](CVE-2023/CVE-2023-234xx/CVE-2023-23433.json) (`2023-12-29T02:15:44.253`) +* [CVE-2023-23434](CVE-2023/CVE-2023-234xx/CVE-2023-23434.json) (`2023-12-29T02:15:44.437`) +* [CVE-2023-23435](CVE-2023/CVE-2023-234xx/CVE-2023-23435.json) (`2023-12-29T02:15:44.597`) +* [CVE-2023-23436](CVE-2023/CVE-2023-234xx/CVE-2023-23436.json) (`2023-12-29T02:15:44.783`) +* [CVE-2023-31292](CVE-2023/CVE-2023-312xx/CVE-2023-31292.json) (`2023-12-29T02:15:44.983`) +* [CVE-2023-31298](CVE-2023/CVE-2023-312xx/CVE-2023-31298.json) (`2023-12-29T02:15:45.037`) +* [CVE-2023-31301](CVE-2023/CVE-2023-313xx/CVE-2023-31301.json) (`2023-12-29T02:15:45.080`) +* [CVE-2023-7145](CVE-2023/CVE-2023-71xx/CVE-2023-7145.json) (`2023-12-29T02:15:45.180`) +* [CVE-2023-7146](CVE-2023/CVE-2023-71xx/CVE-2023-7146.json) (`2023-12-29T02:15:45.387`) ### CVEs modified in the last Commit -Recently modified CVEs: `137` +Recently modified CVEs: `33` -* [CVE-2021-34519](CVE-2021/CVE-2021-345xx/CVE-2021-34519.json) (`2023-12-28T23:15:40.263`) -* [CVE-2021-34520](CVE-2021/CVE-2021-345xx/CVE-2021-34520.json) (`2023-12-28T23:15:40.443`) -* [CVE-2021-34521](CVE-2021/CVE-2021-345xx/CVE-2021-34521.json) (`2023-12-28T23:15:40.643`) -* [CVE-2021-34522](CVE-2021/CVE-2021-345xx/CVE-2021-34522.json) (`2023-12-28T23:15:40.847`) -* [CVE-2021-34523](CVE-2021/CVE-2021-345xx/CVE-2021-34523.json) (`2023-12-28T23:15:41.100`) -* [CVE-2021-34525](CVE-2021/CVE-2021-345xx/CVE-2021-34525.json) (`2023-12-28T23:15:41.353`) -* [CVE-2021-34527](CVE-2021/CVE-2021-345xx/CVE-2021-34527.json) (`2023-12-28T23:15:41.593`) -* [CVE-2021-34528](CVE-2021/CVE-2021-345xx/CVE-2021-34528.json) (`2023-12-28T23:15:41.993`) -* [CVE-2021-34529](CVE-2021/CVE-2021-345xx/CVE-2021-34529.json) (`2023-12-28T23:15:42.230`) -* [CVE-2021-36928](CVE-2021/CVE-2021-369xx/CVE-2021-36928.json) (`2023-12-28T23:15:42.460`) -* [CVE-2021-36929](CVE-2021/CVE-2021-369xx/CVE-2021-36929.json) (`2023-12-28T23:15:42.783`) -* [CVE-2021-36931](CVE-2021/CVE-2021-369xx/CVE-2021-36931.json) (`2023-12-28T23:15:43.020`) -* [CVE-2021-36934](CVE-2021/CVE-2021-369xx/CVE-2021-36934.json) (`2023-12-28T23:15:43.247`) -* [CVE-2021-27068](CVE-2021/CVE-2021-270xx/CVE-2021-27068.json) (`2023-12-29T00:15:47.750`) -* [CVE-2021-28455](CVE-2021/CVE-2021-284xx/CVE-2021-28455.json) (`2023-12-29T00:15:47.940`) -* [CVE-2021-31177](CVE-2021/CVE-2021-311xx/CVE-2021-31177.json) (`2023-12-29T00:15:48.423`) -* [CVE-2021-31180](CVE-2021/CVE-2021-311xx/CVE-2021-31180.json) (`2023-12-29T00:15:48.643`) -* [CVE-2021-31204](CVE-2021/CVE-2021-312xx/CVE-2021-31204.json) (`2023-12-29T00:15:49.127`) -* [CVE-2022-43680](CVE-2022/CVE-2022-436xx/CVE-2022-43680.json) (`2023-12-29T00:15:49.437`) -* [CVE-2023-1183](CVE-2023/CVE-2023-11xx/CVE-2023-1183.json) (`2023-12-29T00:15:49.557`) -* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-29T00:15:49.697`) -* [CVE-2023-38703](CVE-2023/CVE-2023-387xx/CVE-2023-38703.json) (`2023-12-29T00:15:49.813`) -* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-29T00:15:49.930`) -* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-29T00:15:50.043`) -* [CVE-2023-50044](CVE-2023/CVE-2023-500xx/CVE-2023-50044.json) (`2023-12-29T00:15:50.170`) +* [CVE-2021-28454](CVE-2021/CVE-2021-284xx/CVE-2021-28454.json) (`2023-12-29T01:15:39.943`) +* [CVE-2021-28456](CVE-2021/CVE-2021-284xx/CVE-2021-28456.json) (`2023-12-29T01:15:40.137`) +* [CVE-2021-28457](CVE-2021/CVE-2021-284xx/CVE-2021-28457.json) (`2023-12-29T01:15:40.310`) +* [CVE-2021-28458](CVE-2021/CVE-2021-284xx/CVE-2021-28458.json) (`2023-12-29T01:15:40.487`) +* [CVE-2021-28459](CVE-2021/CVE-2021-284xx/CVE-2021-28459.json) (`2023-12-29T01:15:40.660`) +* [CVE-2021-28460](CVE-2021/CVE-2021-284xx/CVE-2021-28460.json) (`2023-12-29T01:15:40.890`) +* [CVE-2021-28464](CVE-2021/CVE-2021-284xx/CVE-2021-28464.json) (`2023-12-29T01:15:41.093`) +* [CVE-2021-28466](CVE-2021/CVE-2021-284xx/CVE-2021-28466.json) (`2023-12-29T01:15:41.263`) +* [CVE-2021-28468](CVE-2021/CVE-2021-284xx/CVE-2021-28468.json) (`2023-12-29T01:15:41.433`) +* [CVE-2021-28469](CVE-2021/CVE-2021-284xx/CVE-2021-28469.json) (`2023-12-29T01:15:41.620`) +* [CVE-2021-28470](CVE-2021/CVE-2021-284xx/CVE-2021-28470.json) (`2023-12-29T01:15:41.797`) +* [CVE-2021-28471](CVE-2021/CVE-2021-284xx/CVE-2021-28471.json) (`2023-12-29T01:15:42.010`) +* [CVE-2021-28472](CVE-2021/CVE-2021-284xx/CVE-2021-28472.json) (`2023-12-29T01:15:42.177`) +* [CVE-2021-28473](CVE-2021/CVE-2021-284xx/CVE-2021-28473.json) (`2023-12-29T01:15:42.373`) +* [CVE-2021-28475](CVE-2021/CVE-2021-284xx/CVE-2021-28475.json) (`2023-12-29T01:15:42.540`) +* [CVE-2021-28477](CVE-2021/CVE-2021-284xx/CVE-2021-28477.json) (`2023-12-29T01:15:42.733`) +* [CVE-2021-28480](CVE-2021/CVE-2021-284xx/CVE-2021-28480.json) (`2023-12-29T01:15:42.943`) +* [CVE-2021-28481](CVE-2021/CVE-2021-284xx/CVE-2021-28481.json) (`2023-12-29T01:15:43.157`) +* [CVE-2021-28482](CVE-2021/CVE-2021-284xx/CVE-2021-28482.json) (`2023-12-29T01:15:43.337`) +* [CVE-2021-28483](CVE-2021/CVE-2021-284xx/CVE-2021-28483.json) (`2023-12-29T01:15:43.510`) +* [CVE-2023-43314](CVE-2023/CVE-2023-433xx/CVE-2023-43314.json) (`2023-12-29T01:15:43.687`) +* [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2023-12-29T02:15:45.130`) +* [CVE-2023-29486](CVE-2023/CVE-2023-294xx/CVE-2023-29486.json) (`2023-12-29T02:20:40.423`) +* [CVE-2023-29485](CVE-2023/CVE-2023-294xx/CVE-2023-29485.json) (`2023-12-29T02:21:17.843`) +* [CVE-2023-46624](CVE-2023/CVE-2023-466xx/CVE-2023-46624.json) (`2023-12-29T02:56:36.643`) ## Download and Usage