From 3e0dc91c5d73b222d7c5e3ce72a46fb4c0d93c7c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 2 Nov 2023 21:00:23 +0000 Subject: [PATCH] Auto-Update: 2023-11-02T21:00:19.350421+00:00 --- CVE-2022/CVE-2022-368xx/CVE-2022-36895.json | 16 ++- CVE-2022/CVE-2022-368xx/CVE-2022-36896.json | 16 ++- CVE-2022/CVE-2022-368xx/CVE-2022-36897.json | 16 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36904.json | 9 +- CVE-2022/CVE-2022-369xx/CVE-2022-36915.json | 16 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36916.json | 16 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36917.json | 16 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36918.json | 16 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36919.json | 21 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36920.json | 21 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36921.json | 21 ++- CVE-2022/CVE-2022-369xx/CVE-2022-36922.json | 16 ++- CVE-2022/CVE-2022-386xx/CVE-2022-38663.json | 16 ++- CVE-2022/CVE-2022-386xx/CVE-2022-38664.json | 16 ++- CVE-2022/CVE-2022-386xx/CVE-2022-38665.json | 4 +- CVE-2022/CVE-2022-386xx/CVE-2022-38666.json | 31 ++++- CVE-2023/CVE-2023-213xx/CVE-2023-21364.json | 73 ++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21365.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21366.json | 73 ++++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21367.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21368.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21369.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21370.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21371.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21394.json | 68 +++++++++- CVE-2023/CVE-2023-213xx/CVE-2023-21395.json | 68 +++++++++- CVE-2023/CVE-2023-310xx/CVE-2023-31016.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31017.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31018.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31019.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31020.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31021.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31022.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31023.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31026.json | 55 ++++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31027.json | 55 ++++++++ CVE-2023/CVE-2023-404xx/CVE-2023-40401.json | 78 ++++++++++- CVE-2023/CVE-2023-56xx/CVE-2023-5633.json | 110 +++++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5724.json | 135 ++++++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5725.json | 135 ++++++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5726.json | 104 ++++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5727.json | 105 ++++++++++++++- CVE-2023/CVE-2023-57xx/CVE-2023-5728.json | 135 ++++++++++++++++++-- CVE-2023/CVE-2023-57xx/CVE-2023-5746.json | 99 +++++++++++++- CVE-2023/CVE-2023-59xx/CVE-2023-5923.json | 88 +++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5924.json | 88 +++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5925.json | 88 +++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5926.json | 88 +++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5927.json | 88 +++++++++++++ CVE-2023/CVE-2023-59xx/CVE-2023-5928.json | 88 +++++++++++++ README.md | 80 +++++++----- 51 files changed, 2843 insertions(+), 173 deletions(-) create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31016.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31017.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31018.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31019.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31020.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31021.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31022.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31023.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31026.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31027.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5923.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5924.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5925.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5926.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5927.json create mode 100644 CVE-2023/CVE-2023-59xx/CVE-2023-5928.json diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json index 7e0aaa7a007..0cb4987c198 100644 --- a/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json +++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36895", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:09.503", - "lastModified": "2023-10-25T18:17:12.813", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:36.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json index 62e530766ef..c60d72bf1cd 100644 --- a/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json +++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36896", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:09.557", - "lastModified": "2023-10-25T18:17:12.870", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:32.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json index 5439b2f4c4d..4ebcfdbe2b1 100644 --- a/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json +++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36897", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:09.613", - "lastModified": "2023-10-25T18:17:12.943", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:25.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json index 3330b86882e..b59b1bb8639 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36904", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:09.973", - "lastModified": "2023-10-25T18:17:13.437", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:57:37.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -79,7 +79,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json index 969f1a949f5..cb21050b6d7 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36915", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:11.810", - "lastModified": "2023-10-25T18:17:14.073", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:47.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json index aab200a8004..4cc2f34ec72 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36916", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:12.053", - "lastModified": "2023-10-25T18:17:14.127", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:52.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json index e97902d26fd..48dafe20623 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36917", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:12.297", - "lastModified": "2023-10-25T18:17:14.187", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:51:56.150", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json index dbf3de35c4e..243520f2486 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36918", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:12.547", - "lastModified": "2023-10-25T18:17:14.247", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:00.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json index 73544d6fa8b..8a27de8ac40 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36919", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:12.907", - "lastModified": "2023-10-25T18:17:14.307", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:10.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -67,7 +79,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%281%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json index 66f98d19712..8887334f519 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36920", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:13.320", - "lastModified": "2023-10-25T18:17:14.373", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:17.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -67,7 +79,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json index 09e10e29bab..8b28025a7a4 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36921", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:13.640", - "lastModified": "2023-10-25T18:17:14.427", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:20.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -67,7 +79,10 @@ }, { "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json index e11f3458938..998c19c248f 100644 --- a/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json +++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36922", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-07-27T15:15:13.877", - "lastModified": "2023-10-25T18:17:14.483", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:24.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json index c47a4a8d6ae..210ebe4cabd 100644 --- a/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json +++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38663", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-08-23T17:15:15.257", - "lastModified": "2023-10-25T18:17:14.640", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:29.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json index b0f227c3935..7aa03c49d6d 100644 --- a/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json +++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38664", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-08-23T17:15:15.310", - "lastModified": "2023-10-25T18:17:14.717", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:52:32.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "configurations": [ { "nodes": [ diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json index 97dfd56680f..e1cf8e11b50 100644 --- a/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json +++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38665", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-08-23T17:15:15.363", - "lastModified": "2023-10-25T18:17:14.773", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:53:03.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json index f2b2aca68bf..fcf8c41d8b0 100644 --- a/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json +++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json @@ -2,12 +2,16 @@ "id": "CVE-2022-38666", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2022-11-15T20:15:11.193", - "lastModified": "2023-10-25T18:17:14.833", - "vulnStatus": "Modified", + "lastModified": "2023-11-02T20:53:11.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features." + }, + { + "lang": "es", + "value": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 y versiones anteriores deshabilita incondicionalmente el certificado SSL/TLS y la validaci\u00f3n del nombre de host para varias funciones." } ], "metrics": { @@ -34,6 +38,18 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], "configurations": [ { "nodes": [ @@ -55,11 +71,18 @@ "references": [ { "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21364.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21364.json index 887d95182b5..38f758fc60e 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21364.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21364.json @@ -2,19 +2,84 @@ "id": "CVE-2023-21364", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:51.883", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:40:26.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En ContactsProvider, existe un posible bucle de bloqueo debido al agotamiento de los recursos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local persistente en la aplicaci\u00f3n Tel\u00e9fono con privilegios de ejecuci\u00f3n del Usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21365.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21365.json index 8442e05ce0a..d36b2d00e12 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21365.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21365.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21365", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:51.927", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:40:11.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Contacts, existe un posible bucle de bloqueo debido al agotamiento de los recursos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local en la aplicaci\u00f3n Tel\u00e9fono con privilegios de ejecuci\u00f3n del Usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21366.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21366.json index 6c2853c0274..9a55c3dad15 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21366.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21366.json @@ -2,19 +2,84 @@ "id": "CVE-2023-21366", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:51.973", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:39:50.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Scudo, existe una forma posible para que un atacante prediga patrones de asignaci\u00f3n de mont\u00f3n debido a una implementaci\u00f3n/dise\u00f1o inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21367.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21367.json index 7c81f27b24e..ed979ead5da 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21367.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21367.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21367", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:52.023", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:39:14.803", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Scudo, existe una manera posible de explotar ciertos problemas de lectura/escritura del mont\u00f3n OOB debido a una implementaci\u00f3n/dise\u00f1o inseguro. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21368.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21368.json index 90a56384f9c..1f5dbab730f 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21368.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21368.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21368", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:52.070", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:39:30.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Audio, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21369.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21369.json index 247ac6435e0..ad7d3f75efa 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21369.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21369.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21369", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:52.117", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:38:51.333", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation." + }, + { + "lang": "es", + "value": "En Usage Access, existe una forma posible de mostrar una pantalla de alternancia de restricci\u00f3n de acceso de uso de Configuraci\u00f3n debido a una omisi\u00f3n de permisos. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21370.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21370.json index a40d1c7d3b4..366c357bffc 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21370.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21370.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21370", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:52.157", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:38:36.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En la API Security Element, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21371.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21371.json index f4038cf115d..723cea7dfeb 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21371.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21371.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21371", "sourceIdentifier": "security@android.com", "published": "2023-10-30T17:15:52.203", - "lastModified": "2023-10-30T17:20:42.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:38:18.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Secure Element, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21394.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21394.json index 543060029f2..2bfa7299669 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21394.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21394.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21394", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.813", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:38:00.393", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Telecomm, existe una posible omisi\u00f3n de un l\u00edmite de seguridad multiusuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-213xx/CVE-2023-21395.json b/CVE-2023/CVE-2023-213xx/CVE-2023-21395.json index 24a3a189d51..e4e98339e5c 100644 --- a/CVE-2023/CVE-2023-213xx/CVE-2023-21395.json +++ b/CVE-2023/CVE-2023-213xx/CVE-2023-21395.json @@ -2,19 +2,79 @@ "id": "CVE-2023-21395", "sourceIdentifier": "security@android.com", "published": "2023-10-30T18:15:09.857", - "lastModified": "2023-10-30T18:21:38.740", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:37:40.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation." + }, + { + "lang": "es", + "value": "En Bluetooth existe una posible lectura fuera de los l\u00edmites debido a un use after free. Esto podr\u00eda dar lugar a la divulgaci\u00f3n remota de informaci\u00f3n a trav\u00e9s de Bluetooth sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", + "versionEndExcluding": "14.0", + "matchCriteriaId": "530F3220-8957-4F6C-9790-2D4A4CC4122B" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14", - "source": "security@android.com" + "source": "security@android.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json new file mode 100644 index 00000000000..5c7fa2c651c --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31016.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31016", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:40.947", + "lastModified": "2023-11-02T19:15:40.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31017.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31017.json new file mode 100644 index 00000000000..7f9539257ed --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31017.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31017", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.033", + "lastModified": "2023-11-02T19:15:41.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31018.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31018.json new file mode 100644 index 00000000000..e3f1f55894d --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31018.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31018", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.103", + "lastModified": "2023-11-02T19:15:41.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31019.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31019.json new file mode 100644 index 00000000000..c4d56396121 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31019.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31019", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.180", + "lastModified": "2023-11-02T19:15:41.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31020.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31020.json new file mode 100644 index 00000000000..c7bd7c420b1 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31020.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31020", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.247", + "lastModified": "2023-11-02T19:15:41.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31021.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31021.json new file mode 100644 index 00000000000..3596f8060ad --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31021.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31021", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.313", + "lastModified": "2023-11-02T19:15:41.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31022.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31022.json new file mode 100644 index 00000000000..db0b693b504 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31022.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31022", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.380", + "lastModified": "2023-11-02T19:15:41.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31023.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31023.json new file mode 100644 index 00000000000..fb4e460389a --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31023.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31023", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.453", + "lastModified": "2023-11-02T19:15:41.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-822" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31026.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31026.json new file mode 100644 index 00000000000..e61187353a5 --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31026.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31026", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.527", + "lastModified": "2023-11-02T19:15:41.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31027.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31027.json new file mode 100644 index 00000000000..8a8ef5fb16a --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31027.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-31027", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2023-11-02T19:15:41.597", + "lastModified": "2023-11-02T19:15:41.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5491", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40401.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40401.json index eb9fa31306d..cc0807f4db7 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40401.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40401.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40401", "sourceIdentifier": "product-security@apple.com", "published": "2023-10-25T19:15:09.110", - "lastModified": "2023-10-26T00:15:10.237", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-02T19:43:45.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,85 @@ "value": "El problema se solucion\u00f3 con comprobaciones de permisos adicionales. Este problema se solucion\u00f3 en macOS Ventura 13.6.1. Un atacante puede acceder a las claves de acceso sin autenticaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.6.1", + "matchCriteriaId": "85B6F336-AA76-4706-AD68-BCDFFB48358B" + } + ] + } + ] + } + ], "references": [ { "url": "http://seclists.org/fulldisclosure/2023/Oct/26", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://support.apple.com/en-us/HT213985", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://support.apple.com/kb/HT213985", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json index 3c5143a2088..c2568b308c6 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5633.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5633", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-23T22:15:09.430", - "lastModified": "2023-10-24T12:45:02.747", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:48:33.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -38,14 +58,96 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6", + "matchCriteriaId": "9D42A7C6-CE38-4D73-B7AC-615F6D53F783" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc1:*:*:*:*:*:*", + "matchCriteriaId": "84267A4F-DBC2-444F-B41D-69E15E1BEC97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "FB440208-241C-4246-9A83-C1715C0DAA6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "0DC421F1-3D5A-4BEF-BF76-4E468985D20B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "00AB783B-BE05-40E8-9A55-6AA457D95031" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "E7C78D0A-C4A2-4D41-B726-8979E33AD0F9" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-5633", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245663", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5724.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5724.json index 0cb166db0dc..9737a188e42 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5724.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5724.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5724", "sourceIdentifier": "security@mozilla.org", "published": "2023-10-25T18:17:44.113", - "lastModified": "2023-10-29T11:15:07.857", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:17:36.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,152 @@ "value": "Los controladores no siempre son resistentes a las llamadas de \"dibujo\" extremadamente grandes y, en algunos casos, este escenario podr\u00eda haber provocado un bloqueo. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0", + "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4", + "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4.1", + "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1836705", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5535", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5538", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5725.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5725.json index 71ce18db78d..4c972ba7443 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5725.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5725.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5725", "sourceIdentifier": "security@mozilla.org", "published": "2023-10-25T18:17:44.160", - "lastModified": "2023-10-29T11:15:07.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:28:43.127", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,152 @@ "value": "Una WebExtension maliciosa instalada podr\u00eda abrir URL arbitrarias, que en las circunstancias adecuadas podr\u00edan aprovecharse para recopilar datos confidenciales del usuario. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0", + "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4", + "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4.1", + "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1845739", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5535", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5538", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5726.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5726.json index f2ebfb69a15..b97bc674d7f 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5726.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5726.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5726", "sourceIdentifier": "security@mozilla.org", "published": "2023-10-25T18:17:44.213", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-02T19:57:30.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,113 @@ "value": "Un sitio web podr\u00eda haber oscurecido la notificaci\u00f3n de pantalla completa utilizando el cuadro de di\u00e1logo de apertura de archivo. Esto podr\u00eda haber generado confusi\u00f3n en los usuarios y posibles ataques de suplantaci\u00f3n de identidad. *Nota: Este problema solo afect\u00f3 a los sistemas operativos macOS. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0", + "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4", + "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4.1", + "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846205", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5727.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5727.json index 9d4b8074554..dc4cd2f0857 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5727.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5727.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5727", "sourceIdentifier": "security@mozilla.org", "published": "2023-10-25T18:17:44.263", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-11-02T20:09:22.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,114 @@ "value": "La advertencia de archivo ejecutable no se present\u00f3 al descargar archivos .msix, .msixbundle, .appx, y .appxbundle, que pueden ejecutar comandos en el ordenador de un usuario. *Nota: Este problema solo afect\u00f3 a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0", + "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4", + "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4.1", + "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1847180", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5728.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5728.json index 2a556dcae0f..c6af6730429 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5728.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5728.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5728", "sourceIdentifier": "security@mozilla.org", "published": "2023-10-25T18:17:44.310", - "lastModified": "2023-10-29T11:15:07.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T20:12:56.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,39 +14,152 @@ "value": "Durante la recolecci\u00f3n de la \"basura\" se realizaron operaciones adicionales en un objeto que no deber\u00eda realizarse. Esto podr\u00eda haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 119, Firefox ESR < 115.4 y Thunderbird < 115.4.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "119.0", + "matchCriteriaId": "CEB4CF7F-BEB2-4B06-962E-88A3995F19D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4", + "matchCriteriaId": "824ABA9E-88FF-4933-BBD8-2BFFF914739E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", + "versionEndExcluding": "115.4.1", + "matchCriteriaId": "6B50AE0E-325C-422E-8622-7A479CB51DF2" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1852729", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00037.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00042.html", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5535", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5538", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-45/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-46/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-47/", - "source": "security@mozilla.org" + "source": "security@mozilla.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5746.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5746.json index 304aef2c20e..4f3e9708d1e 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5746.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5746.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5746", "sourceIdentifier": "security@synology.com", "published": "2023-10-25T18:17:44.770", - "lastModified": "2023-10-25T20:31:55.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-02T19:01:11.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@synology.com", "type": "Secondary", @@ -40,7 +60,7 @@ }, "weaknesses": [ { - "source": "security@synology.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -48,12 +68,83 @@ "value": "CWE-134" } ] + }, + { + "source": "security@synology.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:synology:bc500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.5-0185", + "matchCriteriaId": "606E80D6-82AA-42EB-AD3F-DFB34847F7E4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:synology:bc500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5FD618BD-29BD-4F43-9BEF-F73065247580" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:synology:tc500_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.5-0185", + "matchCriteriaId": "18086F22-1F7B-4B3D-BF18-DFA3B0DD6783" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:synology:tc500:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582C2C89-3351-4DC6-B40A-7E2E4CA6AFEA" + } + ] + } + ] } ], "references": [ { "url": "https://www.synology.com/en-global/security/advisory/Synology_SA_23_11", - "source": "security@synology.com" + "source": "security@synology.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5923.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5923.json new file mode 100644 index 00000000000..435a490f6a2 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5923.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5923", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T19:15:41.673", + "lastModified": "2023-11-02T19:15:41.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%201.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244323", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244323", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5924.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5924.json new file mode 100644 index 00000000000..0d54958e203 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5924.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5924", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T19:15:41.747", + "lastModified": "2023-11-02T19:15:41.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%202.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244324", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244324", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5925.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5925.json new file mode 100644 index 00000000000..eac6094775a --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5925.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5925", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T20:15:10.103", + "lastModified": "2023-11-02T20:15:10.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%203.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244325", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244325", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5926.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5926.json new file mode 100644 index 00000000000..af6c9a556ab --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5926.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5926", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T20:15:10.183", + "lastModified": "2023-11-02T20:15:10.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%204.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244326", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244326", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5927.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5927.json new file mode 100644 index 00000000000..849b6d71e53 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5927.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5927", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T20:15:10.257", + "lastModified": "2023-11-02T20:15:10.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%205.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244327", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244327", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5928.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5928.json new file mode 100644 index 00000000000..7b21043e10d --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5928.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5928", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-11-02T20:15:10.337", + "lastModified": "2023-11-02T20:15:10.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Simple%20Student%20Information%20System/Simple%20Student%20Information%20System%20-%20vuln%206.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.244328", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.244328", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 06d04910dda..099b18cfe46 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-02T19:00:19.346614+00:00 +2023-11-02T21:00:19.350421+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-02T18:32:10.630000+00:00 +2023-11-02T20:57:37.993000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229639 +229655 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `16` -* [CVE-2023-46925](CVE-2023/CVE-2023-469xx/CVE-2023-46925.json) (`2023-11-02T17:15:11.567`) -* [CVE-2023-4217](CVE-2023/CVE-2023-42xx/CVE-2023-4217.json) (`2023-11-02T17:15:11.610`) -* [CVE-2023-5035](CVE-2023/CVE-2023-50xx/CVE-2023-5035.json) (`2023-11-02T17:15:11.677`) -* [CVE-2023-5846](CVE-2023/CVE-2023-58xx/CVE-2023-5846.json) (`2023-11-02T17:15:11.747`) +* [CVE-2023-31016](CVE-2023/CVE-2023-310xx/CVE-2023-31016.json) (`2023-11-02T19:15:40.947`) +* [CVE-2023-31017](CVE-2023/CVE-2023-310xx/CVE-2023-31017.json) (`2023-11-02T19:15:41.033`) +* [CVE-2023-31018](CVE-2023/CVE-2023-310xx/CVE-2023-31018.json) (`2023-11-02T19:15:41.103`) +* [CVE-2023-31019](CVE-2023/CVE-2023-310xx/CVE-2023-31019.json) (`2023-11-02T19:15:41.180`) +* [CVE-2023-31020](CVE-2023/CVE-2023-310xx/CVE-2023-31020.json) (`2023-11-02T19:15:41.247`) +* [CVE-2023-31021](CVE-2023/CVE-2023-310xx/CVE-2023-31021.json) (`2023-11-02T19:15:41.313`) +* [CVE-2023-31022](CVE-2023/CVE-2023-310xx/CVE-2023-31022.json) (`2023-11-02T19:15:41.380`) +* [CVE-2023-31023](CVE-2023/CVE-2023-310xx/CVE-2023-31023.json) (`2023-11-02T19:15:41.453`) +* [CVE-2023-31026](CVE-2023/CVE-2023-310xx/CVE-2023-31026.json) (`2023-11-02T19:15:41.527`) +* [CVE-2023-31027](CVE-2023/CVE-2023-310xx/CVE-2023-31027.json) (`2023-11-02T19:15:41.597`) +* [CVE-2023-5923](CVE-2023/CVE-2023-59xx/CVE-2023-5923.json) (`2023-11-02T19:15:41.673`) +* [CVE-2023-5924](CVE-2023/CVE-2023-59xx/CVE-2023-5924.json) (`2023-11-02T19:15:41.747`) +* [CVE-2023-5925](CVE-2023/CVE-2023-59xx/CVE-2023-5925.json) (`2023-11-02T20:15:10.103`) +* [CVE-2023-5926](CVE-2023/CVE-2023-59xx/CVE-2023-5926.json) (`2023-11-02T20:15:10.183`) +* [CVE-2023-5927](CVE-2023/CVE-2023-59xx/CVE-2023-5927.json) (`2023-11-02T20:15:10.257`) +* [CVE-2023-5928](CVE-2023/CVE-2023-59xx/CVE-2023-5928.json) (`2023-11-02T20:15:10.337`) ### CVEs modified in the last Commit -Recently modified CVEs: `49` +Recently modified CVEs: `34` -* [CVE-2023-42845](CVE-2023/CVE-2023-428xx/CVE-2023-42845.json) (`2023-11-02T18:08:38.750`) -* [CVE-2023-42438](CVE-2023/CVE-2023-424xx/CVE-2023-42438.json) (`2023-11-02T18:10:51.867`) -* [CVE-2023-42846](CVE-2023/CVE-2023-428xx/CVE-2023-42846.json) (`2023-11-02T18:13:54.607`) -* [CVE-2023-42847](CVE-2023/CVE-2023-428xx/CVE-2023-42847.json) (`2023-11-02T18:14:06.320`) -* [CVE-2023-1177](CVE-2023/CVE-2023-11xx/CVE-2023-1177.json) (`2023-11-02T18:15:08.913`) -* [CVE-2023-43800](CVE-2023/CVE-2023-438xx/CVE-2023-43800.json) (`2023-11-02T18:15:09.043`) -* [CVE-2023-43801](CVE-2023/CVE-2023-438xx/CVE-2023-43801.json) (`2023-11-02T18:15:09.133`) -* [CVE-2023-43802](CVE-2023/CVE-2023-438xx/CVE-2023-43802.json) (`2023-11-02T18:15:09.217`) -* [CVE-2023-43803](CVE-2023/CVE-2023-438xx/CVE-2023-43803.json) (`2023-11-02T18:15:09.303`) -* [CVE-2023-5126](CVE-2023/CVE-2023-51xx/CVE-2023-5126.json) (`2023-11-02T18:15:22.590`) -* [CVE-2023-42849](CVE-2023/CVE-2023-428xx/CVE-2023-42849.json) (`2023-11-02T18:16:45.047`) -* [CVE-2023-38469](CVE-2023/CVE-2023-384xx/CVE-2023-38469.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-38470](CVE-2023/CVE-2023-384xx/CVE-2023-38470.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-38471](CVE-2023/CVE-2023-384xx/CVE-2023-38471.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-38472](CVE-2023/CVE-2023-384xx/CVE-2023-38472.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-45338](CVE-2023/CVE-2023-453xx/CVE-2023-45338.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-45345](CVE-2023/CVE-2023-453xx/CVE-2023-45345.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-45346](CVE-2023/CVE-2023-453xx/CVE-2023-45346.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-45347](CVE-2023/CVE-2023-453xx/CVE-2023-45347.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-46725](CVE-2023/CVE-2023-467xx/CVE-2023-46725.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-38473](CVE-2023/CVE-2023-384xx/CVE-2023-38473.json) (`2023-11-02T18:21:28.383`) -* [CVE-2023-42850](CVE-2023/CVE-2023-428xx/CVE-2023-42850.json) (`2023-11-02T18:25:04.260`) -* [CVE-2023-42852](CVE-2023/CVE-2023-428xx/CVE-2023-42852.json) (`2023-11-02T18:25:16.560`) -* [CVE-2023-5740](CVE-2023/CVE-2023-57xx/CVE-2023-5740.json) (`2023-11-02T18:26:46.600`) -* [CVE-2023-5744](CVE-2023/CVE-2023-57xx/CVE-2023-5744.json) (`2023-11-02T18:32:10.630`) +* [CVE-2022-36921](CVE-2022/CVE-2022-369xx/CVE-2022-36921.json) (`2023-11-02T20:52:20.690`) +* [CVE-2022-36922](CVE-2022/CVE-2022-369xx/CVE-2022-36922.json) (`2023-11-02T20:52:24.460`) +* [CVE-2022-38663](CVE-2022/CVE-2022-386xx/CVE-2022-38663.json) (`2023-11-02T20:52:29.600`) +* [CVE-2022-38664](CVE-2022/CVE-2022-386xx/CVE-2022-38664.json) (`2023-11-02T20:52:32.417`) +* [CVE-2022-38665](CVE-2022/CVE-2022-386xx/CVE-2022-38665.json) (`2023-11-02T20:53:03.907`) +* [CVE-2022-38666](CVE-2022/CVE-2022-386xx/CVE-2022-38666.json) (`2023-11-02T20:53:11.360`) +* [CVE-2022-36904](CVE-2022/CVE-2022-369xx/CVE-2022-36904.json) (`2023-11-02T20:57:37.993`) +* [CVE-2023-5746](CVE-2023/CVE-2023-57xx/CVE-2023-5746.json) (`2023-11-02T19:01:11.237`) +* [CVE-2023-40401](CVE-2023/CVE-2023-404xx/CVE-2023-40401.json) (`2023-11-02T19:43:45.520`) +* [CVE-2023-5726](CVE-2023/CVE-2023-57xx/CVE-2023-5726.json) (`2023-11-02T19:57:30.190`) +* [CVE-2023-5727](CVE-2023/CVE-2023-57xx/CVE-2023-5727.json) (`2023-11-02T20:09:22.683`) +* [CVE-2023-5728](CVE-2023/CVE-2023-57xx/CVE-2023-5728.json) (`2023-11-02T20:12:56.233`) +* [CVE-2023-5724](CVE-2023/CVE-2023-57xx/CVE-2023-5724.json) (`2023-11-02T20:17:36.167`) +* [CVE-2023-5725](CVE-2023/CVE-2023-57xx/CVE-2023-5725.json) (`2023-11-02T20:28:43.127`) +* [CVE-2023-21395](CVE-2023/CVE-2023-213xx/CVE-2023-21395.json) (`2023-11-02T20:37:40.020`) +* [CVE-2023-21394](CVE-2023/CVE-2023-213xx/CVE-2023-21394.json) (`2023-11-02T20:38:00.393`) +* [CVE-2023-21371](CVE-2023/CVE-2023-213xx/CVE-2023-21371.json) (`2023-11-02T20:38:18.707`) +* [CVE-2023-21370](CVE-2023/CVE-2023-213xx/CVE-2023-21370.json) (`2023-11-02T20:38:36.647`) +* [CVE-2023-21369](CVE-2023/CVE-2023-213xx/CVE-2023-21369.json) (`2023-11-02T20:38:51.333`) +* [CVE-2023-21367](CVE-2023/CVE-2023-213xx/CVE-2023-21367.json) (`2023-11-02T20:39:14.803`) +* [CVE-2023-21368](CVE-2023/CVE-2023-213xx/CVE-2023-21368.json) (`2023-11-02T20:39:30.460`) +* [CVE-2023-21366](CVE-2023/CVE-2023-213xx/CVE-2023-21366.json) (`2023-11-02T20:39:50.183`) +* [CVE-2023-21365](CVE-2023/CVE-2023-213xx/CVE-2023-21365.json) (`2023-11-02T20:40:11.590`) +* [CVE-2023-21364](CVE-2023/CVE-2023-213xx/CVE-2023-21364.json) (`2023-11-02T20:40:26.690`) +* [CVE-2023-5633](CVE-2023/CVE-2023-56xx/CVE-2023-5633.json) (`2023-11-02T20:48:33.403`) ## Download and Usage