From 362a412ac6eda6eefdbc0e105a2eafb6c1bfd6b8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 22 Sep 2023 12:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-09-22T12:00:25.395624+00:00 --- CVE-2023/CVE-2023-437xx/CVE-2023-43760.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43761.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43762.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43763.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43764.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43765.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43766.json | 8 ++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43767.json | 8 ++++++-- CVE-2023/CVE-2023-47xx/CVE-2023-4716.json | 8 ++++++-- CVE-2023/CVE-2023-47xx/CVE-2023-4774.json | 8 ++++++-- README.md | 17 +++++++++++++---- 11 files changed, 73 insertions(+), 24 deletions(-) diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json index 3fbbe29de0b..d907e845f73 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43760", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.240", - "lastModified": "2023-09-22T05:15:09.240", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s de un archivo PE32 difuso. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json index 282a39356cb..f19f082abbf 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43761", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.457", - "lastModified": "2023-09-22T05:15:09.457", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio (bucle infinito). Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json index 1dbcf3331ce..8f98da0483e 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43762", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.530", - "lastModified": "2023-09-22T05:15:09.530", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Ejecuci\u00f3n Remota de C\u00f3digo No Autenticado a trav\u00e9s del servidor web (backend), n\u00famero 1 de 2. Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json index 99c77a92317..2db067f0bd8 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43763", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.630", - "lastModified": "2023-09-22T05:15:09.630", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten XSS a trav\u00e9s de un par\u00e1metro no validado en endpoint. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json index 1672b36410c..856a042f524 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43764", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.720", - "lastModified": "2023-09-22T05:15:09.720", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Ejecuci\u00f3n Remota de C\u00f3digo No Autenticado a trav\u00e9s del servidor web (backend), n\u00famero 2 de 2. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json index c0562a22bb4..b727821e86a 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43765", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.793", - "lastModified": "2023-09-22T05:15:09.793", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio en el componente aeelf. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json index 1ad1364f988..4b55305479f 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43766", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.867", - "lastModified": "2023-09-22T05:15:09.867", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la escalada de privilegios Locales a trav\u00e9s del controlador de descompresi\u00f3n de archivos lhz. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json index 6a5b01a64cd..d2e8b29fea4 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json @@ -2,12 +2,16 @@ "id": "CVE-2023-43767", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T05:15:09.937", - "lastModified": "2023-09-22T05:15:09.937", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:59:53.233", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1." + }, + { + "lang": "es", + "value": "Ciertos productos WithSecure permiten la Denegaci\u00f3n de Servicio a trav\u00e9s del controlador de descompresi\u00f3n del archivo aepack. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 y posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4716.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4716.json index 75f71507ffe..b992a774512 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4716.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4716.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4716", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-22T06:15:11.007", - "lastModified": "2023-09-22T06:15:11.007", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:55:29.813", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Media Library Assistant para WordPress es vulnerable a Stored Cross-Site Scripting a trav\u00e9s del c\u00f3digo corto 'mla_gallery' en versiones hasta la 3.10 inclusive debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4774.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4774.json index 93dd26aa909..dd7ba09d4c5 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4774.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4774.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4774", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-22T06:15:11.277", - "lastModified": "2023-09-22T06:15:11.277", - "vulnStatus": "Received", + "lastModified": "2023-09-22T10:55:22.703", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP-Matomo Integration (WP-Piwik) para WordPress es vulnerable a Stored Cross-Site Scriptings a trav\u00e9s del c\u00f3digo corto 'wp-piwik' en versiones hasta la 1.0.28 inclusive debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida del usuario atributos proporcionados. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/README.md b/README.md index c9388f81652..c2d9985c9e6 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-22T10:00:24.771298+00:00 +2023-09-22T12:00:25.395624+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-22T09:15:09.497000+00:00 +2023-09-22T10:59:53.233000+00:00 ``` ### Last Data Feed Release @@ -40,9 +40,18 @@ Recently added CVEs: `0` ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `10` -* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-22T09:15:09.497`) +* [CVE-2023-4774](CVE-2023/CVE-2023-47xx/CVE-2023-4774.json) (`2023-09-22T10:55:22.703`) +* [CVE-2023-4716](CVE-2023/CVE-2023-47xx/CVE-2023-4716.json) (`2023-09-22T10:55:29.813`) +* [CVE-2023-43760](CVE-2023/CVE-2023-437xx/CVE-2023-43760.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43761](CVE-2023/CVE-2023-437xx/CVE-2023-43761.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43762](CVE-2023/CVE-2023-437xx/CVE-2023-43762.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43763](CVE-2023/CVE-2023-437xx/CVE-2023-43763.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43764](CVE-2023/CVE-2023-437xx/CVE-2023-43764.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43765](CVE-2023/CVE-2023-437xx/CVE-2023-43765.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43766](CVE-2023/CVE-2023-437xx/CVE-2023-43766.json) (`2023-09-22T10:59:53.233`) +* [CVE-2023-43767](CVE-2023/CVE-2023-437xx/CVE-2023-43767.json) (`2023-09-22T10:59:53.233`) ## Download and Usage