From 3c7dd7730ea999354824e18eab72a73b739c86c5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 6 Nov 2023 19:00:23 +0000 Subject: [PATCH] Auto-Update: 2023-11-06T19:00:19.482398+00:00 --- CVE-2010/CVE-2010-38xx/CVE-2010-3872.json | 54 ++++++++++++- CVE-2022/CVE-2022-390xx/CVE-2022-39046.json | 9 ++- CVE-2023/CVE-2023-212xx/CVE-2023-21296.json | 68 +++++++++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21297.json | 68 +++++++++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21298.json | 68 +++++++++++++++- CVE-2023/CVE-2023-212xx/CVE-2023-21299.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21300.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21301.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21302.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21303.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21304.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21305.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21306.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21307.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21308.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21309.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21310.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21311.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21312.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21313.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21314.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21315.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21316.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21317.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21318.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21319.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21320.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21321.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21323.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21324.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21325.json | 68 +++++++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21326.json | 68 +++++++++++++++- CVE-2023/CVE-2023-314xx/CVE-2023-31417.json | 70 +++++++++++++++- CVE-2023/CVE-2023-314xx/CVE-2023-31418.json | 90 ++++++++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39936.json | 58 ++++++++++++- CVE-2023/CVE-2023-406xx/CVE-2023-40660.json | 63 +++++++++++++++ CVE-2023/CVE-2023-406xx/CVE-2023-40661.json | 63 +++++++++++++++ CVE-2023/CVE-2023-443xx/CVE-2023-44398.json | 59 ++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45827.json | 59 ++++++++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4535.json | 67 +++++++++++++++ CVE-2023/CVE-2023-461xx/CVE-2023-46134.json | 62 +++++++++++++- CVE-2023/CVE-2023-462xx/CVE-2023-46210.json | 47 ++++++++++- CVE-2023/CVE-2023-462xx/CVE-2023-46251.json | 63 +++++++++++++++ CVE-2023/CVE-2023-464xx/CVE-2023-46451.json | 68 ++++++++++++++-- CVE-2023/CVE-2023-467xx/CVE-2023-46725.json | 8 +- CVE-2023/CVE-2023-467xx/CVE-2023-46728.json | 59 ++++++++++++++ CVE-2023/CVE-2023-470xx/CVE-2023-47094.json | 68 +++++++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47095.json | 68 +++++++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47096.json | 68 +++++++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47097.json | 68 +++++++++++++++- CVE-2023/CVE-2023-470xx/CVE-2023-47098.json | 68 +++++++++++++++- CVE-2023/CVE-2023-47xx/CVE-2023-4700.json | 59 ++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5435.json | 58 +++++++++++-- CVE-2023/CVE-2023-54xx/CVE-2023-5436.json | 58 +++++++++++-- CVE-2023/CVE-2023-54xx/CVE-2023-5437.json | 58 +++++++++++-- CVE-2023/CVE-2023-54xx/CVE-2023-5438.json | 58 +++++++++++-- CVE-2023/CVE-2023-54xx/CVE-2023-5439.json | 58 +++++++++++-- CVE-2023/CVE-2023-54xx/CVE-2023-5464.json | 58 +++++++++++-- CVE-2023/CVE-2023-56xx/CVE-2023-5624.json | 58 ++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5783.json | 16 ++-- CVE-2023/CVE-2023-57xx/CVE-2023-5786.json | 71 ++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5787.json | 69 ++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5789.json | 83 +++++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5793.json | 76 +++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5794.json | 69 ++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5795.json | 69 ++++++++++++++-- CVE-2023/CVE-2023-58xx/CVE-2023-5873.json | 56 ++++++++++++- README.md | 61 ++++++++------ 68 files changed, 4046 insertions(+), 268 deletions(-) create mode 100644 CVE-2023/CVE-2023-406xx/CVE-2023-40660.json create mode 100644 CVE-2023/CVE-2023-406xx/CVE-2023-40661.json create mode 100644 CVE-2023/CVE-2023-443xx/CVE-2023-44398.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45827.json create mode 100644 CVE-2023/CVE-2023-45xx/CVE-2023-4535.json create mode 100644 CVE-2023/CVE-2023-462xx/CVE-2023-46251.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46728.json create mode 100644 CVE-2023/CVE-2023-47xx/CVE-2023-4700.json diff --git a/CVE-2010/CVE-2010-38xx/CVE-2010-3872.json b/CVE-2010/CVE-2010-38xx/CVE-2010-3872.json index 585b5dee35e..7e3682e49e8 100644 --- a/CVE-2010/CVE-2010-38xx/CVE-2010-3872.json +++ b/CVE-2010/CVE-2010-38xx/CVE-2010-3872.json @@ -2,7 +2,7 @@ "id": "CVE-2010-3872", "sourceIdentifier": "secalert@redhat.com", "published": "2010-11-22T12:54:10.300", - "lastModified": "2017-08-17T01:33:04.167", + "lastModified": "2023-11-06T18:15:08.113", "vulnStatus": "Modified", "descriptions": [ { @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -112,6 +134,28 @@ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00005.html", "source": "secalert@redhat.com" }, + { + "url": "http://osvdb.org/69275", + "source": "secalert@redhat.com" + }, + { + "url": "http://secunia.com/advisories/42288", + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42302", + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/42815", + "source": "secalert@redhat.com" + }, { "url": "http://www.debian.org/security/2010/dsa-2140", "source": "secalert@redhat.com" @@ -142,6 +186,14 @@ "url": "http://www.vupen.com/english/advisories/2011/0031", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/security/cve/CVE-2010-3872", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248172", + "source": "secalert@redhat.com" + }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63303", "source": "secalert@redhat.com" diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json index 567d9b6e9ca..8ac8ec0c4a6 100644 --- a/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json +++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39046.json @@ -2,8 +2,8 @@ "id": "CVE-2022-39046", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-31T06:15:07.467", - "lastModified": "2023-10-04T10:15:09.780", - "vulnStatus": "Modified", + "lastModified": "2023-11-06T17:33:06.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -240,7 +240,10 @@ "references": [ { "url": "https://security.gentoo.org/glsa/202310-03", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20221104-0002/", diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21296.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21296.json index f153a6371bf..060877d5623 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21296.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21296.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21296", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:47.803", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:29:14.137", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En Permission, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21297.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21297.json index eda52f80be6..c12eb995153 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21297.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21297.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21297", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:47.843", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:36:33.883", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En SEPolicy, existe una forma posible de acceder a la direcci\u00f3n MAC de f\u00e1brica debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21298.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21298.json index f3129bd648b..08c8d0ba6c1 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21298.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21298.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21298", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:47.887", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:45:14.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Slice, existe una posible divulgaci\u00f3n de aplicaciones instaladas debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21299.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21299.json index e477028f5f9..b318f107684 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21299.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21299.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21299", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:47.930", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:45:22.607", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Manager, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21300.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21300.json index 67261743c3a..9e5c244d334 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21300.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21300.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21300", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:47.973", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:45:39.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En PackageManager, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21301.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21301.json index c8e70627e9b..c008486e963 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21301.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21301.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21301", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.020", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:46:31.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En ActivityManagerService, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21302.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21302.json index d56c1a653b8..06265d60c38 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21302.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21302.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21302", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.060", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:46:49.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Manager, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21303.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21303.json index 80770b61c61..8cac6c94e17 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21303.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21303.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21303", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.107", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:46:58.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content, aqu\u00ed hay una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21304.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21304.json index 863e319be99..c5b4b6c142a 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21304.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21304.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21304", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.153", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:47:04.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content Service, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21305.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21305.json index b152cd33b9f..089bbea2ce8 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21305.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21305.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21305", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.197", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:47:11.310", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21306.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21306.json index 582890c2fd5..056e40376cb 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21306.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21306.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21306", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.233", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:47:19.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En ContentService, existe una forma posible de leer los proveedores de contenido de sincronizaci\u00f3n instalados debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21307.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21307.json index de91d8ac417..7ddf0e5836f 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21307.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21307.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21307", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.277", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:47:35.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una forma posible para que un dispositivo Bluetooth emparejado acceda a un identificador a largo plazo para un dispositivo Android debido a una omisi\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21308.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21308.json index 9ddf94350c4..77c01785039 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21308.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21308.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21308", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.323", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:47:46.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Composer, existe una posible lectura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21309.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21309.json index f01c52e1839..05342743f46 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21309.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21309.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21309", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.367", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:48:07.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En libcore, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21310.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21310.json index a72286b11ed..b002edd28d4 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21310.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21310.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21310", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.407", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:54:24.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento del b\u00fafer del mont\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21311.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21311.json index af67a41725e..6bcc33841e8 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21311.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21311.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21311", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.453", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:54:31.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Settings, existe una forma posible de controlar la configuraci\u00f3n de DNS privada de un usuario secundario debido a una omisi\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21312.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21312.json index 109a5e2d914..eb9db8456ca 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21312.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21312.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21312", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.497", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:54:42.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En IntentResolver, existe una posible lectura de medios entre usuarios debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21313.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21313.json index 3cc581e1a11..8ae2c791d82 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21313.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21313.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21313", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.537", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:55:11.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Core, existe una forma posible de desviar llamadas sin el conocimiento del usuario debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21314.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21314.json index 16fc890a65d..6d5800f8bd6 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21314.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21314.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21314", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.583", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:55:37.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21315.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21315.json index f8853417c0e..1d0edae26a0 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21315.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21315.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21315", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.623", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:55:47.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth, existe una posible lectura fuera de los l\u00edmites debido a un desbordamiento del b\u00fafer del mont\u00f3n. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n remota (pr\u00f3xima/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21316.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21316.json index df9483658f7..e9b0ad3226f 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21316.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21316.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21316", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.670", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:56:10.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21317.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21317.json index 3910d6f4f56..939dd70dbdb 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21317.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21317.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21317", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.713", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:57:32.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En ContentService, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21318.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21318.json index 89e191d2c98..5d45e697e5e 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21318.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21318.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21318", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.757", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:57:41.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Content, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21319.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21319.json index 38fe969272b..3b468c39cb0 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21319.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21319.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21319", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.800", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:57:47.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En UsageStatsService, existe una forma posible de leer aplicaciones de terceros instaladas debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21320.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21320.json index c4abc8bfef1..ed5d65f3973 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21320.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21320.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21320", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.840", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:57:55.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Device Policy, existe una manera posible de verificar si una aplicaci\u00f3n de administraci\u00f3n en particular est\u00e1 registrada en el dispositivo debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21321.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21321.json index 1b98530d68e..93e4eaecdc6 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21321.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21321.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21321", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.890", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:58:03.540", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Manager, existe una posible divulgaci\u00f3n de configuraci\u00f3n entre usuarios debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21323.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21323.json index 761c3d10138..4e7dce1ff20 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21323.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21323.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21323", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.937", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:58:14.793", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Activity Manager, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21324.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21324.json index 2cf69e241fa..c9e0d88de7f 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21324.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21324.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21324", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:48.983", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:58:25.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Installer, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21325.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21325.json index 8f958b562e5..88281188911 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21325.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21325.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21325", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:49.027", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:58:39.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Settings, existe una manera posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21326.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21326.json index 35d8c586b8e..aeb3326712c 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21326.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21326.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21326", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:49.070", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:58:57.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Package Manager Service, existe una forma posible de determinar si una aplicaci\u00f3n est\u00e1 instalada, sin permisos de consulta, debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json index 2e373082d22..ccab8d4d5c2 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31417", "sourceIdentifier": "bressers@elastic.co", "published": "2023-10-26T18:15:08.500", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:43:10.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -50,14 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndIncluding": "7.17.12", + "matchCriteriaId": "F7C6A492-CB85-4518-923D-891BC5AC2E15" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.9.1", + "matchCriteriaId": "64EE17C0-C05C-45E6-938D-0AAC9D554CFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json index 61c6531b6ae..6639c7bef6c 100644 --- a/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json +++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31418", "sourceIdentifier": "bressers@elastic.co", "published": "2023-10-26T18:15:08.587", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:36:24.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -50,14 +80,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.17.12", + "matchCriteriaId": "B7782710-73A4-4698-872E-CD9FE4362872" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.8.2", + "matchCriteriaId": "40A93493-7FF2-46D1-8855-40B7CA831C47" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.13.3", + "matchCriteriaId": "9311B386-FAD0-4DB8-A059-DAA46549F1D8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:elastic_cloud_enterprise:3.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20740FCD-DA43-49EF-B2E9-C85DFD13881A" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39936.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39936.json index 04fa1a2a7ff..fc6a0d850bf 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39936.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39936.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39936", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-10-26T20:15:08.573", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:13:06.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ashlar:graphite:*:*:*:*:*:*:*:*", + "versionEndIncluding": "13.0.48", + "matchCriteriaId": "618E7AD7-12A1-4296-B7A5-A8ED75706334" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-03", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json new file mode 100644 index 00000000000..2e80fac0f1d --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40660.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-40660", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-06T17:15:11.757", + "lastModified": "2023-11-06T17:15:11.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en los paquetes OpenSC que permiten una posible omisi\u00f3n del PIN. Cuando un token/tarjeta es autenticado por un proceso, puede realizar operaciones criptogr\u00e1ficas en otros procesos cuando se pasa un pin vac\u00edo de longitud cero. Este problema plantea un riesgo de seguridad, particularmente para el inicio de sesi\u00f3n/desbloqueo de pantalla del sistema operativo y para tokens peque\u00f1os conectados permanentemente a las maquinas. Adem\u00e1s, el token puede rastrear internamente el estado de inicio de sesi\u00f3n. Esta falla permite que un atacante obtenga acceso no autorizado, lleve a cabo acciones maliciosas o comprometa el sistema sin que el usuario se de cuenta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-40660", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json new file mode 100644 index 00000000000..f9a383ec49b --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40661.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-40661", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-06T17:15:11.830", + "lastModified": "2023-11-06T17:15:11.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow \r\ncompromise key generation, certificate loading, and other card management operations during enrollment." + }, + { + "lang": "es", + "value": "Se identificaron varias vulnerabilidades de memoria dentro de los paquetes OpenSC, particularmente en el proceso de inscripci\u00f3n de tarjetas usando pkcs15-init cuando un usuario o administrador registra tarjetas. Para aprovechar estas fallas, un atacante debe tener acceso f\u00edsico al sistema inform\u00e1tico y emplear un dispositivo USB o una tarjeta inteligente hechos a medida para manipular las respuestas a las APDU. Esta manipulaci\u00f3n puede permitir potencialmente comprometer la generaci\u00f3n de claves, la carga de certificados y otras operaciones de administraci\u00f3n de tarjetas durante la inscripci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-40661", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240913", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44398.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44398.json new file mode 100644 index 00000000000..82edd3837da --- /dev/null +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44398.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-44398", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-06T18:15:08.380", + "lastModified": "2023-11-06T18:15:08.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Exiv2/exiv2/commit/e884a0955359107f4031c74a07406df7e99929a5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45827.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45827.json new file mode 100644 index 00000000000..50536a173de --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45827.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45827", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-06T18:15:08.467", + "lastModified": "2023-11-06T18:15:08.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json new file mode 100644 index 00000000000..111879d1110 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4535.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4535", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-06T17:15:12.083", + "lastModified": "2023-11-06T17:15:12.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de lectura fuera de los l\u00edmites en los paquetes OpenSC dentro del controlador MyEID al manejar el cifrado de clave sim\u00e9trica. Explotar esta falla requiere que un atacante tenga acceso f\u00edsico a la computadora y a un dispositivo USB o tarjeta inteligente especialmente manipulado. Esta falla permite al atacante manipular las respuestas de APDU y potencialmente obtener acceso no autorizado a datos confidenciales, comprometiendo la seguridad del sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.4, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4535", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240914", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46134.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46134.json index ff67cdc39dd..8f1adb675c0 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46134.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46134.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46134", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T21:15:10.167", - "lastModified": "2023-10-25T23:05:15.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:14:17.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.7.0", + "matchCriteriaId": "68AC5647-6905-43A2-86CB-2F15885EC755" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/man-group/dtale/commit/bf8c54ab2490803f45f0652a9a0e221a94d39668", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/man-group/dtale/security/advisories/GHSA-jq6c-r9xf-qxjm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46210.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46210.json index e4f23683c1f..6369fec7dec 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46210.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46210.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46210", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-31T08:15:07.803", - "lastModified": "2023-10-31T12:58:31.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:16:17.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webcource:wc_captcha:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4", + "matchCriteriaId": "A4E70854-F36C-4EE8-9629-0CD78446A62B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wc-captcha/wordpress-wc-captcha-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46251.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46251.json new file mode 100644 index 00000000000..d05bacfc510 --- /dev/null +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46251.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46251", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-06T18:15:08.547", + "lastModified": "2023-11-06T18:15:08.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": " MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_):\n- _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mybb/mybb/commit/6dcaf0b4db6254f1833fe8dae295d9ddc2219276", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/mybb/mybb/security/advisories/GHSA-wj33-q7vj-9fr8", + "source": "security-advisories@github.com" + }, + { + "url": "https://mybb.com/versions/1.8.37/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46451.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46451.json index eb392614b14..a2cc4f6e93b 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46451.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46451.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46451", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-31T07:15:11.020", - "lastModified": "2023-10-31T12:58:31.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:15:09.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,73 @@ "value": "Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6D0B90AE-6DFA-40B1-A97C-B445F29F3EB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sajaljat/CVE-2023-46451", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://youtu.be/f8B3_m5YfqI", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46725.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46725.json index 751c6630164..a1644093a43 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46725.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46725.json @@ -2,12 +2,16 @@ "id": "CVE-2023-46725", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-02T15:15:08.847", - "lastModified": "2023-11-02T18:21:28.383", + "lastModified": "2023-11-06T17:15:11.917", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability." + "value": "FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability." + }, + { + "lang": "es", + "value": "FoodCoopShop es un software de c\u00f3digo abierto para cooperativas de alimentos y tiendas locales. Las versiones que comienzan con 3.2.0 anteriores a 3.6.1 son vulnerables a server-side request forgery. En el m\u00f3dulo de Network, una cuenta de fabricante puede usar el endpoint `/api/updateProducts.json` para hacer que el servidor env\u00ede una solicitud a un host arbitrario. Esto significa que el servidor se puede utilizar como proxy en la red interna donde se encuentra el servidor. Adem\u00e1s, las comprobaciones de una imagen v\u00e1lida no son adecuadas, lo que genera un problema de tiempo de verificaci\u00f3n de uso. Por ejemplo, al usar un servidor personalizado que devuelve 200 en solicitudes HEAD, luego devuelve una imagen v\u00e1lida en la primera solicitud GET y luego una redirecci\u00f3n 302 al destino final en la segunda solicitud GET, el servidor copiar\u00e1 cualquier archivo que est\u00e9 en el destino de la redirecci\u00f3n, haciendo Esta es una SSRF completa. La versi\u00f3n 3.6.1 corrige esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json new file mode 100644 index 00000000000..0ebbac14cd0 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46728.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46728", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-06T18:15:08.637", + "lastModified": "2023-11-06T18:15:08.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47094.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47094.json index b0e4107836d..165353ae698 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47094.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47094.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47094", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T00:15:09.380", - "lastModified": "2023-11-01T22:15:08.793", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:59:03.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Account Plans pesta\u00f1a de System Settings en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo nombre del Plan mientras editan los detalles del plan de Cuenta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47094", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47095.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47095.json index 77ed0fd99bf..51234d2fae6 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47095.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47095.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47095", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T00:15:09.423", - "lastModified": "2023-11-01T22:15:08.847", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:59:07.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Custom fields de Edit Virtual Server bajo System Customization en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo Etiqueta de Lote mientras se muestran detalles del Servidor Virtual." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47095", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47096.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47096.json index 6adf506ac5a..61907d4fe6f 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47096.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47096.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47096", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T00:15:09.467", - "lastModified": "2023-11-01T22:15:08.897", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:59:17.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Cloudmin Services Client bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo maestro de servicios Cloudmin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47096", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47097.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47097.json index 5ea37223e0d..3b06bd9f66e 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47097.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47097.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47097", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T00:15:09.507", - "lastModified": "2023-11-01T22:15:08.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:29:34.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Server Template bajo System Setting en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del campo nombre de la Plantilla mientras crean plantillas de servidor." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47097", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47098.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47098.json index 81e41bf4093..f03c520fb8e 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47098.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47098.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47098", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T00:15:09.547", - "lastModified": "2023-11-01T22:15:08.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:59:35.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Manage Extra Admins bajo Administration Options en Virtualmin 7.7 permite a atacantes remotos inyectar script web o HTML arbitrarion a trav\u00e9s del nombre real o el campo de descripci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:virtualmin:virtualmin:7.7:*:*:*:*:*:*:*", + "matchCriteriaId": "39D7B952-7F2D-48ED-893F-DDC5039B3DC9" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/pavanughade43/Virtualmin-7.7/blob/main/CVE-2023-47098", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4700.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4700.json new file mode 100644 index 00000000000..4002d1ff449 --- /dev/null +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4700.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4700", + "sourceIdentifier": "cve@gitlab.com", + "published": "2023-11-06T18:15:08.730", + "lastModified": "2023-11-06T18:15:08.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/421937", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2129826", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5435.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5435.json index 4d529a172bd..2980e9c2e6b 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5435.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5435.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5435", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:08.930", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:59:35.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:up_down_image_slideshow_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "12.1", + "matchCriteriaId": "71FDC7B1-C298-4F4A-8E22-F6ADC0A3856E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/up-down-image-slideshow-gallery/trunk/up-down-image-slideshow-gallery.php?rev=2827173#L208", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985497/up-down-image-slideshow-gallery#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5436.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5436.json index 8be3205b903..d7e837bfc20 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5436.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5436", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:09.003", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:59:27.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:vertical_marquee_plugin:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.2", + "matchCriteriaId": "30121826-44AE-4420-A565-FF24476F5F4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/vertical-marquee-plugin/trunk/vertical-marquee-plugin.php?rev=2827080#L170", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985561/vertical-marquee-plugin#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5437.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5437.json index 42cbd59ef53..458c7a3f2cf 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5437.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5437.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5437", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:09.077", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:58:37.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:wp_fade_in_text_news:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "12.1", + "matchCriteriaId": "AF7EC2A1-B2CF-427B-8EA5-6DDD45D5C23C" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-fade-in-text-news/trunk/wp-fade-in-text-news.php?rev=2827202#L236", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985398/wp-fade-in-text-news#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5438.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5438.json index 347092236fc..74956e72ff1 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5438.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5438.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5438", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:09.147", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:58:06.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:wp_image_slideshow:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "12.1", + "matchCriteriaId": "D149F38E-FE77-4223-991F-0D3E666E8332" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-image-slideshow/trunk/wp-image-slideshow.php?rev=2827205#L189", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985394/wp-image-slideshow#file2", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5439.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5439.json index 0ba6c25a5fe..e30dad1672e 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5439.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5439.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5439", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:09.217", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:57:50.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:wp_photo_text_slider_50:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.1", + "matchCriteriaId": "6ACF3601-2045-4A39-8642-BD9CB4728D0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-photo-text-slider-50/trunk/wp-photo-text-slider-50.php?rev=2827206#L196", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985502/wp-photo-text-slider-50#file1", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5464.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5464.json index cef3e97b6c3..13293f9af57 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5464.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5464.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5464", "sourceIdentifier": "security@wordfence.com", "published": "2023-10-31T09:15:09.290", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:52:11.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gopiplus:jquery_accordion_slideshow:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.2", + "matchCriteriaId": "B811CBFC-D031-4505-8838-0036F4EF8C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/2985511/jquery-accordion-slideshow#file0", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5624.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5624.json index 72426854e17..86d189bc6d6 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5624.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5624.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5624", "sourceIdentifier": "vulnreport@tenable.com", "published": "2023-10-26T17:15:09.923", - "lastModified": "2023-10-26T17:33:34.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:20:25.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + }, { "source": "vulnreport@tenable.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.3.0", + "matchCriteriaId": "EA9ECB6A-53EE-4FCE-B2C5-31194163DFEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.tenable.com/security/tns-2023-34", - "source": "vulnreport@tenable.com" + "source": "vulnreport@tenable.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5783.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5783.json index 607294f1dbb..59b9e03f84a 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5783.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5783.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5783", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T14:15:08.967", - "lastModified": "2023-11-06T16:54:45.093", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-06T17:03:31.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,20 +21,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 } ], "cvssMetricV30": [ diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5786.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5786.json index d7a6af01704..43af428cf80 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5786.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5786.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5786", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T16:15:08.570", - "lastModified": "2023-10-26T17:33:34.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:10:55.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-425" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:geoserver:geowebcache:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.15.1", + "matchCriteriaId": "7F2A531B-3BEC-4D77-8C54-E0F46006A82A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Qxyday/GeoServe---unauthorized", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243592", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243592", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5787.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5787.json index 1ba6c31df1e..c7027f113d7 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5787.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5787.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5787", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T16:15:08.643", - "lastModified": "2023-10-26T17:33:34.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T17:06:02.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:longmenedutech:score_query_system:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9136432F-DB5C-4536-9FF0-4FBEFE9FFBF6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Echosssy/-SQL-injection-exists-in-the-score-query-system/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243593", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243593", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5789.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5789.json index ce82ead793a..d472308aa7f 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5789.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5789.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5789", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T17:15:10.000", - "lastModified": "2023-10-26T17:33:34.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:31:22.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,59 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dragonpath:router_707gr1_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-10-22", + "matchCriteriaId": "DB4FC532-23CD-4E4F-A3A6-D96703E07A45" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dragonpath:router_707gr1:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9713903-6737-422B-8B28-42C0B13EA1AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1s_NzD0Z6lMvRoo9sLXqRvYRaF7XTAYBE/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243594", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243594", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5793.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5793.json index 0ccb51c0cbf..8cfdac28946 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5793.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5793.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5793", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T18:15:08.817", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:55:16.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,22 +107,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fluisity:fluisity:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-10-24", + "matchCriteriaId": "93C33CF6-8C36-4B0D-B551-B9CAB1C59219" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/flusity/flusity-CMS/commit/81252bc764e1de2422e79e36194bba1289e7a0a5", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/flusity/flusity-CMS/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "https://vuldb.com/?ctiid.243599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5794.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5794.json index 83599b9be47..e7d79811d6a 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5794.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5794.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5794", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T18:15:08.877", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:51:10.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:online_railway_catering_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB6E0FEE-D7D5-41CA-9FAE-D0B3790AE44D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/JacksonStonee/Online-Railway-Catering-System-1.0-has-a-SQL-injection-vulnerability-in-index.php/tree/main", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243600", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243600", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5795.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5795.json index 6a2115bf92a..debaf61635a 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5795.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5795.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5795", "sourceIdentifier": "cna@vuldb.com", "published": "2023-10-26T18:15:08.940", - "lastModified": "2023-10-27T12:41:08.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:56:43.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -64,6 +86,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +107,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:martmbithi:pos_system:1:0:*:*:*:*:*:*", + "matchCriteriaId": "9A45017D-A93A-4737-87FF-AF4AA97E9053" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1bjDpJdG28Q5-RGJB89Dzw6YzZ1VHN23X/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.243601", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.243601", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5873.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5873.json index 339985b6ada..c856c55f580 100644 --- a/CVE-2023/CVE-2023-58xx/CVE-2023-5873.json +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5873.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5873", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-31T09:15:09.363", - "lastModified": "2023-10-31T12:58:27.687", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-06T18:47:09.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -50,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.1.0", + "matchCriteriaId": "2E114A67-0A15-47E3-B1EC-DC3C1DFD5458" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index c1f7a0a4885..f3dea303f6b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-06T17:00:18.796772+00:00 +2023-11-06T19:00:19.482398+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-06T16:54:45.093000+00:00 +2023-11-06T18:59:35.940000+00:00 ``` ### Last Data Feed Release @@ -29,37 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229876 +229884 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `8` -* [CVE-2023-5950](CVE-2023/CVE-2023-59xx/CVE-2023-5950.json) (`2023-11-06T15:15:14.857`) -* [CVE-2023-41378](CVE-2023/CVE-2023-413xx/CVE-2023-41378.json) (`2023-11-06T16:15:42.273`) -* [CVE-2023-5678](CVE-2023/CVE-2023-56xx/CVE-2023-5678.json) (`2023-11-06T16:15:42.670`) -* [CVE-2023-5967](CVE-2023/CVE-2023-59xx/CVE-2023-5967.json) (`2023-11-06T16:15:42.810`) -* [CVE-2023-5968](CVE-2023/CVE-2023-59xx/CVE-2023-5968.json) (`2023-11-06T16:15:42.897`) -* [CVE-2023-5969](CVE-2023/CVE-2023-59xx/CVE-2023-5969.json) (`2023-11-06T16:15:42.987`) +* [CVE-2023-40660](CVE-2023/CVE-2023-406xx/CVE-2023-40660.json) (`2023-11-06T17:15:11.757`) +* [CVE-2023-40661](CVE-2023/CVE-2023-406xx/CVE-2023-40661.json) (`2023-11-06T17:15:11.830`) +* [CVE-2023-4535](CVE-2023/CVE-2023-45xx/CVE-2023-4535.json) (`2023-11-06T17:15:12.083`) +* [CVE-2023-44398](CVE-2023/CVE-2023-443xx/CVE-2023-44398.json) (`2023-11-06T18:15:08.380`) +* [CVE-2023-45827](CVE-2023/CVE-2023-458xx/CVE-2023-45827.json) (`2023-11-06T18:15:08.467`) +* [CVE-2023-46251](CVE-2023/CVE-2023-462xx/CVE-2023-46251.json) (`2023-11-06T18:15:08.547`) +* [CVE-2023-46728](CVE-2023/CVE-2023-467xx/CVE-2023-46728.json) (`2023-11-06T18:15:08.637`) +* [CVE-2023-4700](CVE-2023/CVE-2023-47xx/CVE-2023-4700.json) (`2023-11-06T18:15:08.730`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `59` -* [CVE-2023-41372](CVE-2023/CVE-2023-413xx/CVE-2023-41372.json) (`2023-11-06T15:05:29.427`) -* [CVE-2023-5116](CVE-2023/CVE-2023-51xx/CVE-2023-5116.json) (`2023-11-06T15:07:34.067`) -* [CVE-2023-44141](CVE-2023/CVE-2023-441xx/CVE-2023-44141.json) (`2023-11-06T15:08:19.577`) -* [CVE-2023-46502](CVE-2023/CVE-2023-465xx/CVE-2023-46502.json) (`2023-11-06T15:08:52.340`) -* [CVE-2023-45955](CVE-2023/CVE-2023-459xx/CVE-2023-45955.json) (`2023-11-06T15:09:24.137`) -* [CVE-2023-41960](CVE-2023/CVE-2023-419xx/CVE-2023-41960.json) (`2023-11-06T15:13:46.063`) -* [CVE-2023-47099](CVE-2023/CVE-2023-470xx/CVE-2023-47099.json) (`2023-11-06T15:28:42.143`) -* [CVE-2023-30078](CVE-2023/CVE-2023-300xx/CVE-2023-30078.json) (`2023-11-06T16:15:40.657`) -* [CVE-2023-30079](CVE-2023/CVE-2023-300xx/CVE-2023-30079.json) (`2023-11-06T16:15:42.053`) -* [CVE-2023-46668](CVE-2023/CVE-2023-466xx/CVE-2023-46668.json) (`2023-11-06T16:37:50.727`) -* [CVE-2023-46232](CVE-2023/CVE-2023-462xx/CVE-2023-46232.json) (`2023-11-06T16:52:55.210`) -* [CVE-2023-5783](CVE-2023/CVE-2023-57xx/CVE-2023-5783.json) (`2023-11-06T16:54:45.093`) +* [CVE-2023-21323](CVE-2023/CVE-2023-213xx/CVE-2023-21323.json) (`2023-11-06T17:58:14.793`) +* [CVE-2023-21324](CVE-2023/CVE-2023-213xx/CVE-2023-21324.json) (`2023-11-06T17:58:25.020`) +* [CVE-2023-21325](CVE-2023/CVE-2023-213xx/CVE-2023-21325.json) (`2023-11-06T17:58:39.620`) +* [CVE-2023-21326](CVE-2023/CVE-2023-213xx/CVE-2023-21326.json) (`2023-11-06T17:58:57.733`) +* [CVE-2023-47094](CVE-2023/CVE-2023-470xx/CVE-2023-47094.json) (`2023-11-06T17:59:03.860`) +* [CVE-2023-47095](CVE-2023/CVE-2023-470xx/CVE-2023-47095.json) (`2023-11-06T17:59:07.347`) +* [CVE-2023-47096](CVE-2023/CVE-2023-470xx/CVE-2023-47096.json) (`2023-11-06T17:59:17.963`) +* [CVE-2023-47098](CVE-2023/CVE-2023-470xx/CVE-2023-47098.json) (`2023-11-06T17:59:35.100`) +* [CVE-2023-39936](CVE-2023/CVE-2023-399xx/CVE-2023-39936.json) (`2023-11-06T18:13:06.433`) +* [CVE-2023-46451](CVE-2023/CVE-2023-464xx/CVE-2023-46451.json) (`2023-11-06T18:15:09.143`) +* [CVE-2023-46210](CVE-2023/CVE-2023-462xx/CVE-2023-46210.json) (`2023-11-06T18:16:17.633`) +* [CVE-2023-5624](CVE-2023/CVE-2023-56xx/CVE-2023-5624.json) (`2023-11-06T18:20:25.737`) +* [CVE-2023-5789](CVE-2023/CVE-2023-57xx/CVE-2023-5789.json) (`2023-11-06T18:31:22.047`) +* [CVE-2023-31418](CVE-2023/CVE-2023-314xx/CVE-2023-31418.json) (`2023-11-06T18:36:24.067`) +* [CVE-2023-31417](CVE-2023/CVE-2023-314xx/CVE-2023-31417.json) (`2023-11-06T18:43:10.680`) +* [CVE-2023-5873](CVE-2023/CVE-2023-58xx/CVE-2023-5873.json) (`2023-11-06T18:47:09.313`) +* [CVE-2023-5794](CVE-2023/CVE-2023-57xx/CVE-2023-5794.json) (`2023-11-06T18:51:10.133`) +* [CVE-2023-5464](CVE-2023/CVE-2023-54xx/CVE-2023-5464.json) (`2023-11-06T18:52:11.063`) +* [CVE-2023-5793](CVE-2023/CVE-2023-57xx/CVE-2023-5793.json) (`2023-11-06T18:55:16.087`) +* [CVE-2023-5795](CVE-2023/CVE-2023-57xx/CVE-2023-5795.json) (`2023-11-06T18:56:43.850`) +* [CVE-2023-5439](CVE-2023/CVE-2023-54xx/CVE-2023-5439.json) (`2023-11-06T18:57:50.490`) +* [CVE-2023-5438](CVE-2023/CVE-2023-54xx/CVE-2023-5438.json) (`2023-11-06T18:58:06.683`) +* [CVE-2023-5437](CVE-2023/CVE-2023-54xx/CVE-2023-5437.json) (`2023-11-06T18:58:37.057`) +* [CVE-2023-5436](CVE-2023/CVE-2023-54xx/CVE-2023-5436.json) (`2023-11-06T18:59:27.307`) +* [CVE-2023-5435](CVE-2023/CVE-2023-54xx/CVE-2023-5435.json) (`2023-11-06T18:59:35.940`) ## Download and Usage