From 313f426e91dea2513b775b4a86b7516ea7e0dd2b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 31 Oct 2023 17:00:22 +0000 Subject: [PATCH] Auto-Update: 2023-10-31T17:00:18.922735+00:00 --- CVE-2009/CVE-2009-19xx/CVE-2009-1955.json | 165 +++++++- CVE-2014/CVE-2014-02xx/CVE-2014-0231.json | 439 ++++++++++---------- CVE-2021/CVE-2021-305xx/CVE-2021-30560.json | 8 +- CVE-2023/CVE-2023-00xx/CVE-2023-0028.json | 17 +- CVE-2023/CVE-2023-04xx/CVE-2023-0493.json | 27 +- CVE-2023/CVE-2023-225xx/CVE-2023-22518.json | 47 +++ CVE-2023/CVE-2023-237xx/CVE-2023-23767.json | 93 ++++- CVE-2023/CVE-2023-244xx/CVE-2023-24410.json | 32 ++ CVE-2023/CVE-2023-250xx/CVE-2023-25032.json | 47 ++- CVE-2023/CVE-2023-311xx/CVE-2023-31124.json | 9 +- CVE-2023/CVE-2023-311xx/CVE-2023-31130.json | 47 ++- CVE-2023/CVE-2023-311xx/CVE-2023-31147.json | 9 +- CVE-2023/CVE-2023-312xx/CVE-2023-31212.json | 32 ++ CVE-2023/CVE-2023-315xx/CVE-2023-31581.json | 70 +++- CVE-2023/CVE-2023-315xx/CVE-2023-31582.json | 69 ++- CVE-2023/CVE-2023-320xx/CVE-2023-32067.json | 45 +- CVE-2023/CVE-2023-339xx/CVE-2023-33927.json | 32 ++ CVE-2023/CVE-2023-340xx/CVE-2023-34048.json | 240 ++++++++++- CVE-2023/CVE-2023-340xx/CVE-2023-34056.json | 245 ++++++++++- CVE-2023/CVE-2023-340xx/CVE-2023-34085.json | 62 ++- CVE-2023/CVE-2023-344xx/CVE-2023-34446.json | 61 ++- CVE-2023/CVE-2023-344xx/CVE-2023-34447.json | 67 ++- CVE-2023/CVE-2023-358xx/CVE-2023-35879.json | 32 ++ CVE-2023/CVE-2023-360xx/CVE-2023-36085.json | 66 ++- CVE-2023/CVE-2023-365xx/CVE-2023-36508.json | 32 ++ CVE-2023/CVE-2023-372xx/CVE-2023-37243.json | 55 +++ CVE-2023/CVE-2023-372xx/CVE-2023-37283.json | 82 +++- CVE-2023/CVE-2023-379xx/CVE-2023-37966.json | 32 ++ CVE-2023/CVE-2023-380xx/CVE-2023-38041.json | 73 +++- CVE-2023/CVE-2023-400xx/CVE-2023-40050.json | 67 +++ CVE-2023/CVE-2023-424xx/CVE-2023-42425.json | 24 ++ CVE-2023/CVE-2023-426xx/CVE-2023-42658.json | 67 +++ CVE-2023/CVE-2023-444xx/CVE-2023-44487.json | 6 +- CVE-2023/CVE-2023-451xx/CVE-2023-45160.json | 6 +- CVE-2023/CVE-2023-458xx/CVE-2023-45821.json | 62 ++- CVE-2023/CVE-2023-462xx/CVE-2023-46200.json | 51 ++- CVE-2023/CVE-2023-462xx/CVE-2023-46208.json | 63 ++- CVE-2023/CVE-2023-462xx/CVE-2023-46209.json | 51 ++- CVE-2023/CVE-2023-462xx/CVE-2023-46211.json | 51 ++- CVE-2023/CVE-2023-462xx/CVE-2023-46235.json | 63 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46236.json | 59 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46237.json | 59 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46239.json | 63 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46240.json | 63 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46245.json | 55 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46248.json | 59 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46249.json | 71 ++++ CVE-2023/CVE-2023-462xx/CVE-2023-46250.json | 63 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46255.json | 59 +++ CVE-2023/CVE-2023-462xx/CVE-2023-46256.json | 63 +++ CVE-2023/CVE-2023-464xx/CVE-2023-46468.json | 69 ++- CVE-2023/CVE-2023-465xx/CVE-2023-46509.json | 80 +++- CVE-2023/CVE-2023-465xx/CVE-2023-46569.json | 74 +++- CVE-2023/CVE-2023-465xx/CVE-2023-46570.json | 74 +++- CVE-2023/CVE-2023-467xx/CVE-2023-46722.json | 67 +++ CVE-2023/CVE-2023-467xx/CVE-2023-46723.json | 55 +++ CVE-2023/CVE-2023-469xx/CVE-2023-46992.json | 20 + CVE-2023/CVE-2023-469xx/CVE-2023-46993.json | 20 + CVE-2023/CVE-2023-57xx/CVE-2023-5739.json | 20 + README.md | 109 ++--- 60 files changed, 3546 insertions(+), 402 deletions(-) create mode 100644 CVE-2023/CVE-2023-225xx/CVE-2023-22518.json create mode 100644 CVE-2023/CVE-2023-244xx/CVE-2023-24410.json create mode 100644 CVE-2023/CVE-2023-312xx/CVE-2023-31212.json create mode 100644 CVE-2023/CVE-2023-339xx/CVE-2023-33927.json create mode 100644 CVE-2023/CVE-2023-358xx/CVE-2023-35879.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36508.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37243.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37966.json create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40050.json create mode 100644 CVE-2023/CVE-2023-424xx/CVE-2023-42425.json create mode 100644 CVE-2023/CVE-2023-426xx/CVE-2023-42658.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46235.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46236.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46237.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46239.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46240.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46245.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46248.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46249.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46250.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46255.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46256.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46722.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46723.json create mode 100644 CVE-2023/CVE-2023-469xx/CVE-2023-46992.json create mode 100644 CVE-2023/CVE-2023-469xx/CVE-2023-46993.json create mode 100644 CVE-2023/CVE-2023-57xx/CVE-2023-5739.json diff --git a/CVE-2009/CVE-2009-19xx/CVE-2009-1955.json b/CVE-2009/CVE-2009-19xx/CVE-2009-1955.json index 4fb85015a1e..d903d1b9277 100644 --- a/CVE-2009/CVE-2009-19xx/CVE-2009-1955.json +++ b/CVE-2009/CVE-2009-19xx/CVE-2009-1955.json @@ -2,8 +2,8 @@ "id": "CVE-2009-1955", "sourceIdentifier": "cve@mitre.org", "published": "2009-06-08T01:00:00.687", - "lastModified": "2021-06-06T11:15:15.550", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:53:39.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -185,6 +185,23 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.2.0", + "versionEndExcluding": "2.2.12", + "matchCriteriaId": "8BBBCFC4-2CFE-42A2-BE6F-2710EB3921A9" + } + ] + } + ] } ], "references": [ @@ -220,6 +237,90 @@ "Third Party Advisory" ] }, + { + "url": "http://secunia.com/advisories/34724", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35284", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35360", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35395", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35444", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35487", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35565", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35710", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35797", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/35843", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/36473", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/37221", + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, { "url": "http://security.gentoo.org/glsa/glsa-200907-03.xml", "source": "cve@mitre.org", @@ -409,11 +510,19 @@ }, { "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", @@ -425,35 +534,67 @@ }, { "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", diff --git a/CVE-2014/CVE-2014-02xx/CVE-2014-0231.json b/CVE-2014/CVE-2014-02xx/CVE-2014-0231.json index f8213ecee7b..5df8718e789 100644 --- a/CVE-2014/CVE-2014-02xx/CVE-2014-0231.json +++ b/CVE-2014/CVE-2014-02xx/CVE-2014-0231.json @@ -2,8 +2,8 @@ "id": "CVE-2014-0231", "sourceIdentifier": "secalert@redhat.com", "published": "2014-07-20T11:12:48.980", - "lastModified": "2021-06-06T11:15:18.623", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:05:27.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,173 +63,16 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", - "versionEndIncluding": "2.4.9", - "matchCriteriaId": "F904BC7C-28C2-471F-BCE4-7D312F85B303" + "versionStartIncluding": "2.2.0", + "versionEndExcluding": "2.2.29", + "matchCriteriaId": "E3EB5B9F-5ED4-411A-81BF-80EC785BA718" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*", - "matchCriteriaId": "D623D8C0-65D2-4269-A1D4-5CB3899F44C8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", - "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", - "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", - "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", - "matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", - "matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", - "matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", - "matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", - "matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", - "matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", - "matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", - "matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", - "matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", - "matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", - "matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*", - "matchCriteriaId": "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*", - "matchCriteriaId": "062C20A0-05A0-4164-8330-DF6ADFE607F4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*", - "matchCriteriaId": "D345BA35-93BB-406F-B5DC-86E49FB29C22" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*", - "matchCriteriaId": "7ED4892F-C829-4BEA-AB82-6A78F6F2426D" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*", - "matchCriteriaId": "00128AAD-E746-4DCD-8676-1381E5232220" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*", - "matchCriteriaId": "FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*", - "matchCriteriaId": "5252544F-7BDD-42EE-856E-B351B4B6D381" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*", - "matchCriteriaId": "58375DE5-F7EC-400D-84A2-CD70B72C4F63" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*", - "matchCriteriaId": "15233815-C037-41BB-A447-A078F83A93F6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*", - "matchCriteriaId": "5444C583-CF83-4ECD-8DF8-66D8C1FCF096" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", - "matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", - "matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", - "matchCriteriaId": "EAA27058-BACF-4F94-8E3C-7D38EC302EC1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", - "matchCriteriaId": "8FEAB0DF-04A9-4F99-8666-0BADC5D642B8" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", - "matchCriteriaId": "E7D924D1-8A36-4C43-9E56-52814F9A6350" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*", - "matchCriteriaId": "DFA089AB-AF28-4AE1-AE39-6D1B8192A3DF" + "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.4.0", + "versionEndExcluding": "2.4.10", + "matchCriteriaId": "E3FCC21C-9F25-4641-AB44-6ECB2AB2BC14" } ] } @@ -239,11 +82,17 @@ "references": [ { "url": "http://advisories.mageia.org/MGASA-2014-0304.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://advisories.mageia.org/MGASA-2014-0305.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://httpd.apache.org/security/vulnerabilities_24.html", @@ -255,175 +104,343 @@ }, { "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://marc.info/?l=bugtraq&m=143403519711434&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://marc.info/?l=bugtraq&m=144493176821532&w=2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/60536", + "source": "secalert@redhat.com", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.debian.org/security/2014/dsa-2989", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/68742", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Not Applicable", + "VDB Entry" + ] }, { "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://puppet.com/security/cve/cve-2014-0231", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://security.gentoo.org/glsa/201504-03", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/HT204659", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-305xx/CVE-2021-30560.json b/CVE-2021/CVE-2021-305xx/CVE-2021-30560.json index b613d64cc0e..6240a3faa9a 100644 --- a/CVE-2021/CVE-2021-305xx/CVE-2021-30560.json +++ b/CVE-2021/CVE-2021-305xx/CVE-2021-30560.json @@ -2,8 +2,8 @@ "id": "CVE-2021-30560", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2021-08-03T19:15:08.127", - "lastModified": "2022-10-27T20:10:36.440", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-31T15:15:08.450", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -155,6 +155,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.gentoo.org/glsa/202310-23", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://www.debian.org/security/2022/dsa-5216", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json index 9f5927c066e..5ac38f32e35 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0028.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0028", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-01T01:15:12.627", - "lastModified": "2023-10-10T08:15:09.673", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T15:54:51.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,19 +17,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 6.1, + "baseScore": 5.4, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 2.3, "impactScore": 2.7 }, { @@ -87,7 +87,10 @@ "references": [ { "url": "https://github.com/linagora/Twake/pull/2678/commits/c0708c397e199c68cea0db9f59d29d7dbdcdde7b", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/bfd935f4-2d1d-4d3f-8b59-522abe7dd065", diff --git a/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json b/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json index 4572fa231c4..2eb5209eb74 100644 --- a/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json +++ b/CVE-2023/CVE-2023-04xx/CVE-2023-0493.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0493", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-26T23:15:15.920", - "lastModified": "2023-10-10T08:15:09.813", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:03:55.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,8 +56,18 @@ }, "weaknesses": [ { - "source": "security@huntr.dev", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, + { + "source": "security@huntr.dev", + "type": "Secondary", "description": [ { "lang": "en", @@ -87,11 +97,18 @@ "references": [ { "url": "http://packetstormsecurity.com/files/171732/BTCPay-Server-1.7.4-HTML-Injection.html", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/btcpayserver/btcpayserver/pull/4545/commits/02070d65836cd24627929b3403efbae8de56039a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/3a73b45c-6f3e-4536-a327-cdfdbc59896f", diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json new file mode 100644 index 00000000000..e722112b601 --- /dev/null +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22518.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-22518", + "sourceIdentifier": "security@atlassian.com", + "published": "2023-10-31T15:15:08.573", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@atlassian.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907", + "source": "security@atlassian.com" + }, + { + "url": "https://jira.atlassian.com/browse/CONFSERVER-93142", + "source": "security@atlassian.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json index fa2bcfd630f..3a8694143fe 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23767", "sourceIdentifier": "product-cna@github.com", "published": "2023-10-25T18:17:23.870", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T16:37:18.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 1.4 + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -50,22 +80,73 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.18", + "matchCriteriaId": "F47A9A9F-36D7-4CCF-A97C-571DA1AAF244" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.11", + "matchCriteriaId": "0982CD39-136D-4D3F-9878-61405943D6E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.9.6", + "matchCriteriaId": "293B7C5B-C544-4426-A68E-F3FFB293CFBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.10.0", + "versionEndExcluding": "3.10.3", + "matchCriteriaId": "226320D4-C315-4868-A1DB-1E5E53B7798F" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24410.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24410.json new file mode 100644 index 00000000000..236bde6b2fa --- /dev/null +++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24410.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-24410", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:08.640", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin \u2013 Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/fluentform/wordpress-fluentform-plugin-4-3-25-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json index f29cc9d765e..5ba1c0e3d21 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25032", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-25T18:17:24.597", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-31T16:43:57.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:printfriendly:print\\,_pdf\\,_email_by_printfriendly:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.5.1", + "matchCriteriaId": "C2445B5E-DD02-4CFE-A0DC-741499164AFE" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json index 576b5c378b0..a0a6930b298 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31124.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31124", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-25T22:15:09.680", - "lastModified": "2023-10-08T09:15:11.727", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:05:56.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -147,7 +147,10 @@ }, { "url": "https://security.gentoo.org/glsa/202310-09", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json index 5d787e68c10..37c4074ceed 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31130.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31130", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-25T22:15:09.760", - "lastModified": "2023-10-08T09:15:11.833", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:06:01.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,22 +56,22 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-124" + "value": "CWE-787" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-124" } ] } @@ -112,6 +112,26 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] } ], "references": [ @@ -131,7 +151,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", @@ -151,11 +174,17 @@ }, { "url": "https://security.gentoo.org/glsa/202310-09", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5419", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31147.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31147.json index 25d694f50d6..672e4a8f6f5 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31147.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31147.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31147", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-25T22:15:09.833", - "lastModified": "2023-10-08T09:15:11.940", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:06:05.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -147,7 +147,10 @@ }, { "url": "https://security.gentoo.org/glsa/202310-09", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31212.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31212.json new file mode 100644 index 00000000000..be9c2c1fc25 --- /dev/null +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31212.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-31212", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:08.707", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-form-entries/wordpress-contact-form-entries-plugin-1-3-0-auth-sql-injection-sqli-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json index 102e496fd2a..74a6d1c21b5 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31581", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-25T18:17:27.727", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-31T15:09:09.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 que Dromara Sureness anterior a v1.0.8 utilizaba una clave codificada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dromara:sureness:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.8", + "matchCriteriaId": "E7545D77-A1B3-4DBA-8747-D603CA4F3011" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/dromara/sureness/issues/164", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json index 6bf20a66314..a0e188dda0b 100644 --- a/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json +++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31582", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-25T18:17:27.777", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:18:04.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,74 @@ "value": "jose4j anterior a v0.9.3 permite a los atacantes establecer un recuento bajo de iteraciones de 1000 o menos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-331" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.9.3", + "matchCriteriaId": "502B2D51-9679-44C2-B7C6-8CD095FE6478" + } + ] + } + ] + } + ], "references": [ { "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json index 68cb8336861..bd16abea93a 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32067.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32067", "sourceIdentifier": "security-advisories@github.com", "published": "2023-05-25T23:15:09.380", - "lastModified": "2023-10-08T09:15:12.030", - "vulnStatus": "Modified", + "lastModified": "2023-10-31T16:06:09.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -56,17 +56,17 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-400" + "value": "NVD-CWE-noinfo" } ] }, { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Secondary", "description": [ { @@ -112,6 +112,26 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] } ], "references": [ @@ -131,7 +151,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00034.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Z5XFNXTNPTCBBVXFDNZQVLLIE6VRBY/", @@ -151,11 +174,17 @@ }, { "url": "https://security.gentoo.org/glsa/202310-09", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5419", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33927.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33927.json new file mode 100644 index 00000000000..0c16ed9cc46 --- /dev/null +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33927.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-33927", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:08.773", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin \u2013 MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects Multiple Page Generator Plugin \u2013 MPG: from n/a through 3.3.19.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-3-19-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json index 0ea820a2f1e..07d95d5d5ec 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34048", "sourceIdentifier": "security@vmware.com", "published": "2023-10-25T18:17:27.897", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:18:23.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@vmware.com", "type": "Secondary", @@ -38,10 +58,224 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "5.5", + "matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json index 6053b5a34a7..2ea78297675 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34056", "sourceIdentifier": "security@vmware.com", "published": "2023-10-25T18:17:27.953", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:18:37.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@vmware.com", "type": "Secondary", @@ -38,10 +58,229 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndIncluding": "5.5", + "matchCriteriaId": "561A702A-DB0C-4E67-AF6C-9994B99DA56C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "5FA81CCD-A05E-498C-820E-21980E92132F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:a:*:*:*:*:*:*", + "matchCriteriaId": "0EE83406-A3D9-4F75-A1A6-63831CEBEEC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:b:*:*:*:*:*:*", + "matchCriteriaId": "FB563627-C9CF-4D8A-B882-9AB65EAE9E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:c:*:*:*:*:*:*", + "matchCriteriaId": "DCA03B2A-48B2-48AD-B8EB-9D7BB2016819" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:d:*:*:*:*:*:*", + "matchCriteriaId": "A2392D0F-D7A2-4E01-9212-1BA6C895AEBF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "6D731C1A-9FE5-461C-97E2-6F45E4CBABE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "8725E544-2A94-4829-A683-1ECCE57A74A6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "0FC6765A-6584-45A8-9B21-4951D2EA8939" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "85DD238C-EF73-44F0-928E-A94FF5C4B378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2:*:*:*:*:*:*", + "matchCriteriaId": "F4CA36C1-732E-41AE-B847-F7411B753F3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2a:*:*:*:*:*:*", + "matchCriteriaId": "0DA882B6-D811-4E4B-B614-2D48F0B9036E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2b:*:*:*:*:*:*", + "matchCriteriaId": "8D30A78E-16D0-4A2E-A2F8-F6073698243E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2c:*:*:*:*:*:*", + "matchCriteriaId": "188E103E-9568-4CE0-A984-141B2A9E82D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update2d:*:*:*:*:*:*", + "matchCriteriaId": "B266439F-E911-4C95-9D27-88DF96DDCCD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3:*:*:*:*:*:*", + "matchCriteriaId": "6508A908-EF14-4A72-AC75-5DA6F8B98A0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3a:*:*:*:*:*:*", + "matchCriteriaId": "3BAD2012-5C82-4EA9-A780-9BF1DA5A18AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3c:*:*:*:*:*:*", + "matchCriteriaId": "58597F18-0B23-4D21-9ABA-D9773958F10E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3d:*:*:*:*:*:*", + "matchCriteriaId": "ADF46C54-313B-4742-A074-EEA0A6554680" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3e:*:*:*:*:*:*", + "matchCriteriaId": "9587F800-57BC-44B6-870E-95691684FC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3f:*:*:*:*:*:*", + "matchCriteriaId": "AD148A75-5076-416D-AFD6-0F281DA0A82B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3g:*:*:*:*:*:*", + "matchCriteriaId": "956CEA8C-F8C4-41BD-85B4-44FE3A772E50" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3h:*:*:*:*:*:*", + "matchCriteriaId": "008AEA0F-116B-4AF8-B3A7-3041CCE25235" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3i:*:*:*:*:*:*", + "matchCriteriaId": "EE486B2F-AED4-4FCE-A674-DFC25844FEFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3j:*:*:*:*:*:*", + "matchCriteriaId": "4F73AA9E-51E9-4FA0-813D-AD05FDC3EF94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3k:*:*:*:*:*:*", + "matchCriteriaId": "455DD46E-A071-476D-8914-767485E45F35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3l:*:*:*:*:*:*", + "matchCriteriaId": "3A422D04-48DF-4A16-94F8-D5702CC2782D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3m:*:*:*:*:*:*", + "matchCriteriaId": "806E9219-CDF4-4E62-978E-334E96A94BA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:7.0:update3n:*:*:*:*:*:*", + "matchCriteriaId": "34D8B182-4E71-4655-8DD8-743A3EF6DC8B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:-:*:*:*:*:*:*", + "matchCriteriaId": "CC974CA1-88D3-42E4-BF1F-28870F8171B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:a:*:*:*:*:*:*", + "matchCriteriaId": "EFE63984-F69B-4593-9AEC-D179D6D98B08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:b:*:*:*:*:*:*", + "matchCriteriaId": "34D1F3B3-8E3F-4E4D-8EE6-2F593663B5CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:c:*:*:*:*:*:*", + "matchCriteriaId": "16F3D992-9F48-4604-9AAF-DC2D1CE98BE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1:*:*:*:*:*:*", + "matchCriteriaId": "C745A7E6-4760-48CD-B7C4-1C2C20217F21" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1a:*:*:*:*:*:*", + "matchCriteriaId": "A5522514-8ED9-45DB-9036-33FE40D77E7D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1b:*:*:*:*:*:*", + "matchCriteriaId": "8C27C660-E917-4944-8B4C-41D9622B76D7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1c:*:*:*:*:*:*", + "matchCriteriaId": "56CFB469-B3E6-4503-A47C-D18206D4D19A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:vcenter_server:8.0:update1d:*:*:*:*:*:*", + "matchCriteriaId": "67024A43-9E13-4F4E-B711-731792DA3840" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json index 24dc3e79561..c062ef44d18 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34085", "sourceIdentifier": "responsible-disclosure@pingidentity.com", "published": "2023-10-25T18:17:28.010", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:19:06.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsible-disclosure@pingidentity.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsible-disclosure@pingidentity.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionEndIncluding": "11.3.0", + "matchCriteriaId": "94AC65E4-D19B-4D50-A109-B6DA1F15E7E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244", - "source": "responsible-disclosure@pingidentity.com" + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", - "source": "responsible-disclosure@pingidentity.com" + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json index 31ade4dcfef..9acea4088a5 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34446", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:28.077", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:19:32.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:combodo:itop:3.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "A3C0CBE4-6077-4FAD-9680-5306E52EB3E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json index 2e6dbab80ed..fd2a0aaf792 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34447", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:28.147", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-31T15:21:59.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.4", + "matchCriteriaId": "9189E922-30ED-4E69-9B1F-6AD643A37BF7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35879.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35879.json new file mode 100644 index 00000000000..e4d874fb39f --- /dev/null +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35879.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-35879", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:08.837", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-78-shop-manager-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json index ee7f3be2eba..c263e648ef7 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-36085", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-25T18:17:28.223", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:22:17.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,69 @@ "value": "SisqualWFM 7.1.319.103 a 7.1.319.111 para Android tiene una vulnerabilidad de inyecci\u00f3n de encabezado de host en su endpoint \"/sisqualIdentityServer/core/\". Al modificar el encabezado del host HTTP, un atacante puede cambiar los enlaces de las p\u00e1ginas web e incluso redirigir a los usuarios a ubicaciones arbitrarias o maliciosas. Esto puede provocar ataques de phishing, distribuci\u00f3n de malware y acceso no autorizado a recursos confidenciales." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sisqualwfm:sisqualwfm:*:*:*:*:*:android:*:*", + "versionStartIncluding": "7.1.319.103", + "versionEndExcluding": "7.1.319.111", + "matchCriteriaId": "2E2D8E46-F675-48EC-99D0-2F4A30BB9C32" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36508.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36508.json new file mode 100644 index 00000000000..70abc68db90 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36508.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-36508", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:08.927", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection.This issue affects Contact Form to DB by BestWebSoft \u2013 Messages Database Plugin For WordPress: from n/a through 1.7.1.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/contact-form-to-db/wordpress-contact-form-to-db-by-bestwebsoft-plugin-1-7-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37243.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37243.json new file mode 100644 index 00000000000..a35ad2e866c --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37243.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37243", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2023-10-31T15:15:08.993", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The C:\\Windows\\Temp\\Agent.Package.Availability\\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\\Windows\\Temp\\Agent.Package.Availability folder inherits permissions from C:\\Windows\\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-379" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0010.md", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json index c554a3675a1..92d4ae08bfc 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37283", "sourceIdentifier": "responsible-disclosure@pingidentity.com", "published": "2023-10-25T18:17:28.270", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:22:46.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "responsible-disclosure@pingidentity.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "responsible-disclosure@pingidentity.com", "type": "Secondary", @@ -50,14 +80,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0", + "versionEndIncluding": "10.3.12", + "matchCriteriaId": "1580F4CC-0AE6-4ABF-8EF5-2AF53973DBC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.1.0", + "versionEndIncluding": "11.1.7", + "matchCriteriaId": "7122A4D7-4BFF-4AA5-876B-CA325B3A2293" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.2.0", + "versionEndIncluding": "11.2.6", + "matchCriteriaId": "116C42D0-F1AD-4C81-B17C-6114A83A091B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pingidentity:pingfederate:11.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2597FA08-FAC8-4F50-9289-B02B33CAD460" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244", - "source": "responsible-disclosure@pingidentity.com" + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", - "source": "responsible-disclosure@pingidentity.com" + "source": "responsible-disclosure@pingidentity.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37966.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37966.json new file mode 100644 index 00000000000..c41e88316bc --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37966.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-37966", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-31T15:15:09.153", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.This issue affects User Activity Log: from n/a through 1.6.2.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/user-activity-log/wordpress-user-activity-log-plugin-1-6-2-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json index 0115d420689..2174b5f0451 100644 --- a/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38041", "sourceIdentifier": "support@hackerone.com", "published": "2023-10-25T18:17:28.757", - "lastModified": "2023-10-25T20:32:16.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:09:45.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -38,10 +60,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.6", + "matchCriteriaId": "CD3A3874-0C90-4B5B-B8DF-EA2D6AC13183" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40050.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40050.json new file mode 100644 index 00000000000..9443c651662 --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40050.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-40050", + "sourceIdentifier": "security@progress.com", + "published": "2023-10-31T15:15:09.227", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Upload profile either\nthrough API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec\ncheck command with maliciously crafted profile allows remote code execution. \n\n\n\n\n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Automate-CVE-2023-40050", + "source": "security@progress.com" + }, + { + "url": "https://docs.chef.io/automate/profiles/", + "source": "security@progress.com" + }, + { + "url": "https://docs.chef.io/release_notes_automate/", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42425.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42425.json new file mode 100644 index 00000000000..08d9eccf4b3 --- /dev/null +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42425.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42425", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T15:15:09.340", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://turing.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/stevenliuturing/306bb689737cec5d3a5760c34d65932c", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42658.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42658.json new file mode 100644 index 00000000000..7d317f9697f --- /dev/null +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42658.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-42658", + "sourceIdentifier": "security@progress.com", + "published": "2023-10-31T15:15:09.393", + "lastModified": "2023-10-31T16:15:09.010", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-917" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://community.progress.com/s/article/Product-Alert-Bulletin-October-2023-CHEF-Inspec-CVE-2023-42658", + "source": "security@progress.com" + }, + { + "url": "https://docs.chef.io/inspec/cli/", + "source": "security@progress.com" + }, + { + "url": "https://docs.chef.io/release_notes_inspec/", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json index 84b98e683f3..0f96755c5ec 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44487", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T14:15:10.883", - "lastModified": "2023-10-31T07:15:10.257", + "lastModified": "2023-10-31T16:15:09.080", "vulnStatus": "Undergoing Analysis", "cisaExploitAdd": "2023-10-10", "cisaActionDue": "2023-10-31", @@ -2508,6 +2508,10 @@ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", "source": "cve@mitre.org" }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", + "source": "cve@mitre.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json index 1309fdc5726..43721d7aae5 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json @@ -2,16 +2,16 @@ "id": "CVE-2023-45160", "sourceIdentifier": "security@1e.com", "published": "2023-10-05T16:15:12.167", - "lastModified": "2023-10-31T11:15:08.773", + "lastModified": "2023-10-31T15:15:09.460", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "\nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094\u00a0\n\nThis has also been fixed in Mac Client releases v8.1.2.121 and v9.0.1.121.\n\n" + "value": "\nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094\u00a0\n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. v9.0 Mac client release is still pending." }, { "lang": "es", - "value": "En la versi\u00f3n afectada de 1E Client, un usuario normal podr\u00eda subvertir archivos de recursos de instrucciones descargados, por ejemplo, para sustituirlos por un script da\u00f1ino, reemplazando un archivo de script de recursos creado por una instrucci\u00f3n en tiempo de ejecuci\u00f3n con un script malicioso. El directorio temporal de 1E Client ahora est\u00e1 bloqueado en el parche publicado. Resoluci\u00f3n: Esto se ha solucionado en el parche Q23094." + "value": "En la versi\u00f3n afectada del 1E Client, un usuario normal podr\u00eda subvertir archivos de recursos de instrucciones descargados, por ejemplo, para sustituirlos por un script da\u00f1ino. reemplazando un archivo de script de recursos creado por una instrucci\u00f3n en tiempo de ejecuci\u00f3n con un script malicioso. El directorio temporal del 1E Client ahora est\u00e1 bloqueado en el parche publicado. Resoluci\u00f3n: Esto se solucion\u00f3 en el parche Q23094. Tambi\u00e9n se solucion\u00f3 en las versiones de cliente Mac v8.1.2.121 y v9.0.1.121." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45821.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45821.json index 993ca727a8d..eeded2f222e 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45821.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45821.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45821", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-19T21:15:08.847", - "lastModified": "2023-10-20T11:27:31.330", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-31T15:48:49.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifacthub:hub:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.16.0", + "matchCriteriaId": "19535757-82CE-47EA-B827-0273894CF9BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://artifacthub.io/packages/helm/artifact-hub/artifact-hub?modal=changelog&version=1.16.0", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/artifacthub/hub/security/advisories/GHSA-g6pq-x539-7w4j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46200.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46200.json index 0009e5673ff..45f99338b6a 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46200.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46200.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46200", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T21:15:09.617", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:23:38.027", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <=\u00a01.1.3 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado autenticado (con permisos de admin o superiores) en el complemento Stephen Darlington, Wandle Software Limited Smart App Banner en versiones <= 1.1.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wandlesoftware:smart_app_banner:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.3", + "matchCriteriaId": "7ED8B8C3-D0BE-4AEB-B681-8F0A4040F061" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-3-cross-site-scripting-xss?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46208.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46208.json index 62815d0b56b..fba3624ab08 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46208.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46208.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46208", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T21:15:09.683", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:23:46.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors \u2013 Car Dealer, Classifieds & Listing plugin <=\u00a01.4.6 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejado no autenticado en el complemento StylemixThemes Motors de Car Dealer, Classifieds & Listing en versiones <= 1.4.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stylemixthemes:motors_-_car_dealer\\,_classifieds_\\&_listing:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.6", + "matchCriteriaId": "2A867B48-88CC-4AA7-B4ED-A5F92ECD4F57" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/motors-car-dealership-classified-listings/wordpress-motors-car-dealer-classifieds-listing-plugin-1-4-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46209.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46209.json index fabd2838068..d86e02db2fd 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46209.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46209.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46209", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T21:15:09.760", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:23:52.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus \u2013 Unlimited grid plugin <=\u00a01.3.2 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad reflejada de Cross-Site Scripting (XSS) no autenticado en el complemento G5Theme Grid Plus de Unlimited grid <= versiones 1.3.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:g5theme:grid-plus:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.2", + "matchCriteriaId": "28DB4DB0-AC9E-412C-B5E6-115D61BB003F" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/grid-plus/wordpress-grid-plus-plugin-1-3-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46211.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46211.json index a1f43b415a3..04ca1107f75 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46211.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46211.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46211", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-27T21:15:09.827", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:23:59.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <=\u00a03.19.14 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado autenticado (con permisos de colaborador o superiores) en el complemento Brainstorm Force Ultimate Addons for WPBakery Page Builder en versiones <= 3.19.14." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:ultimate_addons_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.19.15", + "matchCriteriaId": "FEB87CF2-FE9F-412F-B17D-625377354526" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ultimate_vc_addons/wordpress-ultimate-addons-for-wpbakery-page-builder-plugin-3-19-14-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46235.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46235.json new file mode 100644 index 00000000000..a6ad5da6f83 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46235.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46235", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T15:15:09.547", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FOGProject/fogproject/commit/2e2421f19620669b9930f72fb73a8dbc5efe4980", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-cvf7-7mvq-5694", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46236.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46236.json new file mode 100644 index 00000000000..11c976d0675 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46236.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46236", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T15:15:09.630", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FOGProject/fogproject/commit/9125f35ff649a3e7fd7771b1c8e5add3c726f763", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-8qg4-9363-873h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46237.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46237.json new file mode 100644 index 00000000000..5d0675b23ae --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46237.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46237", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T15:15:09.707", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/FOGProject/fogproject/commit/68d73740d7d40aee77cfda3fb8199d58bf04f48b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/FOGProject/fogproject/security/advisories/GHSA-ffp9-rhfm-98c2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46239.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46239.json new file mode 100644 index 00000000000..c55ec8163d3 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46239.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46239", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.543", + "lastModified": "2023-10-31T16:15:09.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-248" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/releases/tag/v0.37.3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46240.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46240.json new file mode 100644 index 00000000000..2711ab14289 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46240.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46240", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.617", + "lastModified": "2023-10-31T16:15:09.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://codeigniter4.github.io/userguide/general/errors.html#error-reporting", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/codeigniter4/CodeIgniter4/commit/423569fc31e29f51635a2e59c89770333f0e7563", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-hwxf-qxj7-7rfj", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46245.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46245.json new file mode 100644 index 00000000000..591d6da640a --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46245.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46245", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.697", + "lastModified": "2023-10-31T16:15:09.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46248.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46248.json new file mode 100644 index 00000000000..634fe112ec7 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46248.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46248", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.777", + "lastModified": "2023-10-31T16:15:09.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user's machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can't promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-15" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sourcegraph/cody/pull/1414", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sourcegraph/cody/security/advisories/GHSA-8wmq-fwv7-xmwq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46249.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46249.json new file mode 100644 index 00000000000..971b9d69b64 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46249.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-46249", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.853", + "lastModified": "2023-10-31T16:15:09.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user, and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/goauthentik/authentik/commit/261879022d25016d58867cf1f24e90b81ad618d0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/commit/ea75741ec22ecef34bc7073f1163e17a8a2bf9fc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-rjvp-29xq-f62w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46250.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46250.json new file mode 100644 index 00000000000..c6ebbce716a --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46250.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46250", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:09.930", + "lastModified": "2023-10-31T16:15:09.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/py-pdf/pypdf/pull/2264", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46255.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46255.json new file mode 100644 index 00000000000..4833e42ee1c --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46255.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46255", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:10.007", + "lastModified": "2023-10-31T16:15:10.007", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0 patches this issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/authzed/spicedb/commit/ae50421b80f895e4c98d999b18e06b6f1e6f1cf8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-jg7w-cxjv-98c2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46256.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46256.json new file mode 100644 index 00000000000..6007d8dee16 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46256.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46256", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:10.080", + "lastModified": "2023-10-31T16:15:10.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + }, + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PX4/PX4-Autopilot/blob/main/src/drivers/distance_sensor/lightware_laser_serial/parser.cpp#L87", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/PX4/PX4-Autopilot/security/advisories/GHSA-5hvv-q2r5-rppw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46468.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46468.json index 05f5e660ed9..f45cab71a41 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46468.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46468.json @@ -2,19 +2,80 @@ "id": "CVE-2023-46468", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-28T01:15:51.747", - "lastModified": "2023-10-29T01:44:12.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:24:37.917", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function." + }, + { + "lang": "es", + "value": "Un problema en juzawebCMS v.3.4 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado para la funci\u00f3n de complemento personalizado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:juzaweb:cms:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.4", + "matchCriteriaId": "39DD43BB-A90F-4299-9196-19559CB1A955" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.sumor.top/index.php/archives/875/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46509.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46509.json index 27c8395d831..1bb10b0d570 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46509.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46509.json @@ -2,19 +2,91 @@ "id": "CVE-2023-46509", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-27T21:15:09.897", - "lastModified": "2023-10-29T01:44:22.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:24:07.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component." + }, + { + "lang": "es", + "value": "Un problema en Contec SolarView Compact v.6.0 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente texteditor.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:contec:solarview_compact_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0", + "matchCriteriaId": "D2E7C145-F26C-45C8-8234-67F42BD795F3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:contec:solarview_compact:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B677303-DBF0-44EF-B33C-1C0EAEF82135" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/ATonysan/d6f72e9eb90407d64bed4566aa80afb1#file-cve-2023-46509", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46569.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46569.json index 35b7cd303af..803d09331d6 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46569.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46569.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46569", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-28T02:15:07.583", - "lastModified": "2023-10-29T01:44:12.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:24:49.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h." + }, + { + "lang": "es", + "value": "Existe una lectura fuera de los l\u00edmites en radare2 v.5.8.9 y anteriores en la funci\u00f3n print_insn32_fpu de libr/arch/p/nds32/nds32-dis.h." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.9.0", + "matchCriteriaId": "0E042C08-7911-4974-A2A6-95F0EFD10809" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/gandalf4a/afeaf8cc958f95876f0ee245b8a002e8", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/radareorg/radare2/issues/22334", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46570.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46570.json index c2c510d9f20..425144dc183 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46570.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46570.json @@ -2,23 +2,87 @@ "id": "CVE-2023-46570", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-28T02:15:07.637", - "lastModified": "2023-10-29T01:44:12.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-31T15:24:57.817", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h." + }, + { + "lang": "es", + "value": "Existe una lectura fuera de los l\u00edmites en radare2 v.5.8.9 y anteriores en la funci\u00f3n print_insn32 de libr/arch/p/nds32/nds32-dis.h." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:radare:radare2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.9.0", + "matchCriteriaId": "0E042C08-7911-4974-A2A6-95F0EFD10809" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/gandalf4a/d7fa58f1b3418ef08ad244acccc10ba6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/radareorg/radare2/issues/22333", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46722.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46722.json new file mode 100644 index 00000000000..9ad89ba5366 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46722.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-46722", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:10.157", + "lastModified": "2023-10-31T16:15:10.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed4978316104de5ccdaa66d8b9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxw-6c5v-c42f", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46723.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46723.json new file mode 100644 index 00000000000..9c1ca2e4d46 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46723.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46723", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-31T16:15:10.233", + "lastModified": "2023-10-31T16:15:10.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-538" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/paijp/lte-pic32-writer/security/advisories/GHSA-9qgg-ph2v-v4mh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46992.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46992.json new file mode 100644 index 00000000000..23b70721ae5 --- /dev/null +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46992.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46992", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T15:15:09.787", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset serveral critical passwords without authentication by visiting specific pages." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R/readme.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-469xx/CVE-2023-46993.json b/CVE-2023/CVE-2023-469xx/CVE-2023-46993.json new file mode 100644 index 00000000000..4a60d30a2db --- /dev/null +++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46993.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-46993", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-31T15:15:09.830", + "lastModified": "2023-10-31T15:35:00.293", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/AuroraHaaash/vul_report/blob/main/TOTOLINK%20A3300R-Command%20Injection/readme.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5739.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5739.json new file mode 100644 index 00000000000..1d4049940c1 --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5739.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5739", + "sourceIdentifier": "hp-security-alert@hp.com", + "published": "2023-10-31T16:15:10.307", + "lastModified": "2023-10-31T16:15:10.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.hp.com/us-en/document/ish_8128401-8128440-16", + "source": "hp-security-alert@hp.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4713a35a06e..47669467871 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-31T15:00:19.053523+00:00 +2023-10-31T17:00:18.922735+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-31T14:59:13.137000+00:00 +2023-10-31T16:53:39.643000+00:00 ``` ### Last Data Feed Release @@ -29,68 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229369 +229396 ``` ### CVEs added in the last Commit -Recently added CVEs: `26` +Recently added CVEs: `27` -* [CVE-2023-4610](CVE-2023/CVE-2023-46xx/CVE-2023-4610.json) (`2023-10-31T14:15:12.053`) -* [CVE-2023-28777](CVE-2023/CVE-2023-287xx/CVE-2023-28777.json) (`2023-10-31T14:15:11.627`) -* [CVE-2023-46976](CVE-2023/CVE-2023-469xx/CVE-2023-46976.json) (`2023-10-31T14:15:11.697`) -* [CVE-2023-46977](CVE-2023/CVE-2023-469xx/CVE-2023-46977.json) (`2023-10-31T14:15:11.737`) -* [CVE-2023-46978](CVE-2023/CVE-2023-469xx/CVE-2023-46978.json) (`2023-10-31T14:15:11.780`) -* [CVE-2023-46979](CVE-2023/CVE-2023-469xx/CVE-2023-46979.json) (`2023-10-31T14:15:11.820`) -* [CVE-2023-4250](CVE-2023/CVE-2023-42xx/CVE-2023-4250.json) (`2023-10-31T14:15:11.857`) -* [CVE-2023-4251](CVE-2023/CVE-2023-42xx/CVE-2023-4251.json) (`2023-10-31T14:15:11.920`) -* [CVE-2023-4390](CVE-2023/CVE-2023-43xx/CVE-2023-4390.json) (`2023-10-31T14:15:11.990`) -* [CVE-2023-4823](CVE-2023/CVE-2023-48xx/CVE-2023-4823.json) (`2023-10-31T14:15:12.103`) -* [CVE-2023-4836](CVE-2023/CVE-2023-48xx/CVE-2023-4836.json) (`2023-10-31T14:15:12.160`) -* [CVE-2023-5098](CVE-2023/CVE-2023-50xx/CVE-2023-5098.json) (`2023-10-31T14:15:12.230`) -* [CVE-2023-5211](CVE-2023/CVE-2023-52xx/CVE-2023-5211.json) (`2023-10-31T14:15:12.297`) -* [CVE-2023-5229](CVE-2023/CVE-2023-52xx/CVE-2023-5229.json) (`2023-10-31T14:15:12.363`) -* [CVE-2023-5237](CVE-2023/CVE-2023-52xx/CVE-2023-5237.json) (`2023-10-31T14:15:12.453`) -* [CVE-2023-5238](CVE-2023/CVE-2023-52xx/CVE-2023-5238.json) (`2023-10-31T14:15:12.557`) -* [CVE-2023-5243](CVE-2023/CVE-2023-52xx/CVE-2023-5243.json) (`2023-10-31T14:15:12.633`) -* [CVE-2023-5307](CVE-2023/CVE-2023-53xx/CVE-2023-5307.json) (`2023-10-31T14:15:12.713`) -* [CVE-2023-5360](CVE-2023/CVE-2023-53xx/CVE-2023-5360.json) (`2023-10-31T14:15:12.773`) -* [CVE-2023-5458](CVE-2023/CVE-2023-54xx/CVE-2023-5458.json) (`2023-10-31T14:15:12.833`) -* [CVE-2023-5519](CVE-2023/CVE-2023-55xx/CVE-2023-5519.json) (`2023-10-31T14:15:12.893`) -* [CVE-2023-5116](CVE-2023/CVE-2023-51xx/CVE-2023-5116.json) (`2023-10-31T13:15:09.817`) -* [CVE-2023-24000](CVE-2023/CVE-2023-240xx/CVE-2023-24000.json) (`2023-10-31T14:15:11.383`) -* [CVE-2023-25045](CVE-2023/CVE-2023-250xx/CVE-2023-25045.json) (`2023-10-31T14:15:11.483`) -* [CVE-2023-25047](CVE-2023/CVE-2023-250xx/CVE-2023-25047.json) (`2023-10-31T14:15:11.560`) +* [CVE-2023-31212](CVE-2023/CVE-2023-312xx/CVE-2023-31212.json) (`2023-10-31T15:15:08.707`) +* [CVE-2023-33927](CVE-2023/CVE-2023-339xx/CVE-2023-33927.json) (`2023-10-31T15:15:08.773`) +* [CVE-2023-35879](CVE-2023/CVE-2023-358xx/CVE-2023-35879.json) (`2023-10-31T15:15:08.837`) +* [CVE-2023-36508](CVE-2023/CVE-2023-365xx/CVE-2023-36508.json) (`2023-10-31T15:15:08.927`) +* [CVE-2023-37243](CVE-2023/CVE-2023-372xx/CVE-2023-37243.json) (`2023-10-31T15:15:08.993`) +* [CVE-2023-37966](CVE-2023/CVE-2023-379xx/CVE-2023-37966.json) (`2023-10-31T15:15:09.153`) +* [CVE-2023-40050](CVE-2023/CVE-2023-400xx/CVE-2023-40050.json) (`2023-10-31T15:15:09.227`) +* [CVE-2023-42425](CVE-2023/CVE-2023-424xx/CVE-2023-42425.json) (`2023-10-31T15:15:09.340`) +* [CVE-2023-46235](CVE-2023/CVE-2023-462xx/CVE-2023-46235.json) (`2023-10-31T15:15:09.547`) +* [CVE-2023-46236](CVE-2023/CVE-2023-462xx/CVE-2023-46236.json) (`2023-10-31T15:15:09.630`) +* [CVE-2023-46237](CVE-2023/CVE-2023-462xx/CVE-2023-46237.json) (`2023-10-31T15:15:09.707`) +* [CVE-2023-46992](CVE-2023/CVE-2023-469xx/CVE-2023-46992.json) (`2023-10-31T15:15:09.787`) +* [CVE-2023-46993](CVE-2023/CVE-2023-469xx/CVE-2023-46993.json) (`2023-10-31T15:15:09.830`) +* [CVE-2023-42658](CVE-2023/CVE-2023-426xx/CVE-2023-42658.json) (`2023-10-31T15:15:09.393`) +* [CVE-2023-46239](CVE-2023/CVE-2023-462xx/CVE-2023-46239.json) (`2023-10-31T16:15:09.543`) +* [CVE-2023-46240](CVE-2023/CVE-2023-462xx/CVE-2023-46240.json) (`2023-10-31T16:15:09.617`) +* [CVE-2023-46245](CVE-2023/CVE-2023-462xx/CVE-2023-46245.json) (`2023-10-31T16:15:09.697`) +* [CVE-2023-46248](CVE-2023/CVE-2023-462xx/CVE-2023-46248.json) (`2023-10-31T16:15:09.777`) +* [CVE-2023-46249](CVE-2023/CVE-2023-462xx/CVE-2023-46249.json) (`2023-10-31T16:15:09.853`) +* [CVE-2023-46250](CVE-2023/CVE-2023-462xx/CVE-2023-46250.json) (`2023-10-31T16:15:09.930`) +* [CVE-2023-46255](CVE-2023/CVE-2023-462xx/CVE-2023-46255.json) (`2023-10-31T16:15:10.007`) +* [CVE-2023-46256](CVE-2023/CVE-2023-462xx/CVE-2023-46256.json) (`2023-10-31T16:15:10.080`) +* [CVE-2023-46722](CVE-2023/CVE-2023-467xx/CVE-2023-46722.json) (`2023-10-31T16:15:10.157`) +* [CVE-2023-46723](CVE-2023/CVE-2023-467xx/CVE-2023-46723.json) (`2023-10-31T16:15:10.233`) +* [CVE-2023-5739](CVE-2023/CVE-2023-57xx/CVE-2023-5739.json) (`2023-10-31T16:15:10.307`) ### CVEs modified in the last Commit -Recently modified CVEs: `24` +Recently modified CVEs: `32` -* [CVE-2020-28243](CVE-2020/CVE-2020-282xx/CVE-2020-28243.json) (`2023-10-31T14:15:08.770`) -* [CVE-2020-28972](CVE-2020/CVE-2020-289xx/CVE-2020-28972.json) (`2023-10-31T14:15:08.903`) -* [CVE-2020-35662](CVE-2020/CVE-2020-356xx/CVE-2020-35662.json) (`2023-10-31T14:15:09.000`) -* [CVE-2021-21996](CVE-2021/CVE-2021-219xx/CVE-2021-21996.json) (`2023-10-31T14:15:09.090`) -* [CVE-2021-25281](CVE-2021/CVE-2021-252xx/CVE-2021-25281.json) (`2023-10-31T14:15:09.857`) -* [CVE-2021-25282](CVE-2021/CVE-2021-252xx/CVE-2021-25282.json) (`2023-10-31T14:15:10.010`) -* [CVE-2021-25283](CVE-2021/CVE-2021-252xx/CVE-2021-25283.json) (`2023-10-31T14:15:10.173`) -* [CVE-2021-25284](CVE-2021/CVE-2021-252xx/CVE-2021-25284.json) (`2023-10-31T14:15:10.337`) -* [CVE-2021-31607](CVE-2021/CVE-2021-316xx/CVE-2021-31607.json) (`2023-10-31T14:15:10.507`) -* [CVE-2021-3144](CVE-2021/CVE-2021-31xx/CVE-2021-3144.json) (`2023-10-31T14:15:10.673`) -* [CVE-2021-3148](CVE-2021/CVE-2021-31xx/CVE-2021-3148.json) (`2023-10-31T14:15:10.750`) -* [CVE-2021-3197](CVE-2021/CVE-2021-31xx/CVE-2021-3197.json) (`2023-10-31T14:15:10.833`) -* [CVE-2022-22934](CVE-2022/CVE-2022-229xx/CVE-2022-22934.json) (`2023-10-31T14:15:10.927`) -* [CVE-2022-22935](CVE-2022/CVE-2022-229xx/CVE-2022-22935.json) (`2023-10-31T14:15:11.023`) -* [CVE-2022-22936](CVE-2022/CVE-2022-229xx/CVE-2022-22936.json) (`2023-10-31T14:15:11.150`) -* [CVE-2022-22941](CVE-2022/CVE-2022-229xx/CVE-2022-22941.json) (`2023-10-31T14:15:11.230`) -* [CVE-2022-22967](CVE-2022/CVE-2022-229xx/CVE-2022-22967.json) (`2023-10-31T14:15:11.293`) -* [CVE-2023-33517](CVE-2023/CVE-2023-335xx/CVE-2023-33517.json) (`2023-10-31T13:05:39.123`) -* [CVE-2023-20273](CVE-2023/CVE-2023-202xx/CVE-2023-20273.json) (`2023-10-31T14:02:38.303`) -* [CVE-2023-5718](CVE-2023/CVE-2023-57xx/CVE-2023-5718.json) (`2023-10-31T14:20:21.687`) -* [CVE-2023-46122](CVE-2023/CVE-2023-461xx/CVE-2023-46122.json) (`2023-10-31T14:52:24.573`) -* [CVE-2023-39219](CVE-2023/CVE-2023-392xx/CVE-2023-39219.json) (`2023-10-31T14:55:13.590`) -* [CVE-2023-31580](CVE-2023/CVE-2023-315xx/CVE-2023-31580.json) (`2023-10-31T14:57:36.217`) -* [CVE-2023-30912](CVE-2023/CVE-2023-309xx/CVE-2023-30912.json) (`2023-10-31T14:59:13.137`) +* [CVE-2023-34048](CVE-2023/CVE-2023-340xx/CVE-2023-34048.json) (`2023-10-31T15:18:23.553`) +* [CVE-2023-34056](CVE-2023/CVE-2023-340xx/CVE-2023-34056.json) (`2023-10-31T15:18:37.153`) +* [CVE-2023-34085](CVE-2023/CVE-2023-340xx/CVE-2023-34085.json) (`2023-10-31T15:19:06.623`) +* [CVE-2023-34446](CVE-2023/CVE-2023-344xx/CVE-2023-34446.json) (`2023-10-31T15:19:32.367`) +* [CVE-2023-34447](CVE-2023/CVE-2023-344xx/CVE-2023-34447.json) (`2023-10-31T15:21:59.647`) +* [CVE-2023-36085](CVE-2023/CVE-2023-360xx/CVE-2023-36085.json) (`2023-10-31T15:22:17.323`) +* [CVE-2023-37283](CVE-2023/CVE-2023-372xx/CVE-2023-37283.json) (`2023-10-31T15:22:46.383`) +* [CVE-2023-46200](CVE-2023/CVE-2023-462xx/CVE-2023-46200.json) (`2023-10-31T15:23:38.027`) +* [CVE-2023-46208](CVE-2023/CVE-2023-462xx/CVE-2023-46208.json) (`2023-10-31T15:23:46.123`) +* [CVE-2023-46209](CVE-2023/CVE-2023-462xx/CVE-2023-46209.json) (`2023-10-31T15:23:52.213`) +* [CVE-2023-46211](CVE-2023/CVE-2023-462xx/CVE-2023-46211.json) (`2023-10-31T15:23:59.290`) +* [CVE-2023-46509](CVE-2023/CVE-2023-465xx/CVE-2023-46509.json) (`2023-10-31T15:24:07.963`) +* [CVE-2023-46468](CVE-2023/CVE-2023-464xx/CVE-2023-46468.json) (`2023-10-31T15:24:37.917`) +* [CVE-2023-46569](CVE-2023/CVE-2023-465xx/CVE-2023-46569.json) (`2023-10-31T15:24:49.480`) +* [CVE-2023-46570](CVE-2023/CVE-2023-465xx/CVE-2023-46570.json) (`2023-10-31T15:24:57.817`) +* [CVE-2023-45821](CVE-2023/CVE-2023-458xx/CVE-2023-45821.json) (`2023-10-31T15:48:49.977`) +* [CVE-2023-0028](CVE-2023/CVE-2023-00xx/CVE-2023-0028.json) (`2023-10-31T15:54:51.573`) +* [CVE-2023-0493](CVE-2023/CVE-2023-04xx/CVE-2023-0493.json) (`2023-10-31T16:03:55.190`) +* [CVE-2023-31124](CVE-2023/CVE-2023-311xx/CVE-2023-31124.json) (`2023-10-31T16:05:56.790`) +* [CVE-2023-31130](CVE-2023/CVE-2023-311xx/CVE-2023-31130.json) (`2023-10-31T16:06:01.450`) +* [CVE-2023-31147](CVE-2023/CVE-2023-311xx/CVE-2023-31147.json) (`2023-10-31T16:06:05.103`) +* [CVE-2023-32067](CVE-2023/CVE-2023-320xx/CVE-2023-32067.json) (`2023-10-31T16:06:09.363`) +* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-31T16:15:09.080`) +* [CVE-2023-23767](CVE-2023/CVE-2023-237xx/CVE-2023-23767.json) (`2023-10-31T16:37:18.137`) +* [CVE-2023-25032](CVE-2023/CVE-2023-250xx/CVE-2023-25032.json) (`2023-10-31T16:43:57.097`) ## Download and Usage