From 3f537c4525314a7eb58a35dc7a841d50f3c698d9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 19 Sep 2023 20:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-19T20:00:24.755970+00:00 --- CVE-2020/CVE-2020-119xx/CVE-2020-11978.json | 8 +- CVE-2020/CVE-2020-139xx/CVE-2020-13927.json | 8 +- CVE-2023/CVE-2023-225xx/CVE-2023-22513.json | 8 +- CVE-2023/CVE-2023-260xx/CVE-2023-26067.json | 8 +- CVE-2023/CVE-2023-260xx/CVE-2023-26068.json | 8 +- CVE-2023/CVE-2023-294xx/CVE-2023-29499.json | 75 ++++++++++++++++-- CVE-2023/CVE-2023-326xx/CVE-2023-32636.json | 67 +++++++++++++++- CVE-2023/CVE-2023-37xx/CVE-2023-3712.json | 84 +++++++++++++++++++-- CVE-2023/CVE-2023-389xx/CVE-2023-38912.json | 70 +++++++++++++++-- CVE-2023/CVE-2023-392xx/CVE-2023-39285.json | 68 ++++++++++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39286.json | 68 ++++++++++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40955.json | 84 ++++++++++++++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40956.json | 68 ++++++++++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40957.json | 84 ++++++++++++++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40958.json | 84 ++++++++++++++++++++- CVE-2023/CVE-2023-410xx/CVE-2023-41011.json | 80 +++++++++++++++++++- CVE-2023/CVE-2023-411xx/CVE-2023-41160.json | 73 ++++++++++++++++-- CVE-2023/CVE-2023-415xx/CVE-2023-41592.json | 80 ++++++++++++++++++-- CVE-2023/CVE-2023-423xx/CVE-2023-42362.json | 67 +++++++++++++++- CVE-2023/CVE-2023-46xx/CVE-2023-4669.json | 77 +++++++++++++++++-- CVE-2023/CVE-2023-46xx/CVE-2023-4676.json | 31 +++++++- CVE-2023/CVE-2023-47xx/CVE-2023-4702.json | 65 ++++++++++++++-- CVE-2023/CVE-2023-49xx/CVE-2023-4965.json | 65 ++++++++++++++-- CVE-2023/CVE-2023-49xx/CVE-2023-4987.json | 8 +- README.md | 70 +++++++---------- 25 files changed, 1274 insertions(+), 134 deletions(-) diff --git a/CVE-2020/CVE-2020-119xx/CVE-2020-11978.json b/CVE-2020/CVE-2020-119xx/CVE-2020-11978.json index 4fca57d6158..750a45bb990 100644 --- a/CVE-2020/CVE-2020-119xx/CVE-2020-11978.json +++ b/CVE-2020/CVE-2020-119xx/CVE-2020-11978.json @@ -2,8 +2,8 @@ "id": "CVE-2020-11978", "sourceIdentifier": "security@apache.org", "published": "2020-07-17T00:15:10.337", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-19T18:15:16.607", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-01-18", "cisaActionDue": "2022-07-18", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -107,6 +107,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "source": "security@apache.org", diff --git a/CVE-2020/CVE-2020-139xx/CVE-2020-13927.json b/CVE-2020/CVE-2020-139xx/CVE-2020-13927.json index 58b20624fc4..03dc954790a 100644 --- a/CVE-2020/CVE-2020-139xx/CVE-2020-13927.json +++ b/CVE-2020/CVE-2020-139xx/CVE-2020-13927.json @@ -2,8 +2,8 @@ "id": "CVE-2020-13927", "sourceIdentifier": "security@apache.org", "published": "2020-11-10T16:15:11.807", - "lastModified": "2022-07-12T17:42:04.277", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-19T18:15:16.797", + "vulnStatus": "Modified", "cisaExploitAdd": "2022-01-18", "cisaActionDue": "2022-07-18", "cisaRequiredAction": "Apply updates per vendor instructions.", @@ -107,6 +107,10 @@ "VDB Entry" ] }, + { + "url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22513.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22513.json index f59195e03e2..62e078aca82 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22513.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22513.json @@ -2,12 +2,16 @@ "id": "CVE-2023-22513", "sourceIdentifier": "security@atlassian.com", "published": "2023-09-19T17:15:08.017", - "lastModified": "2023-09-19T17:57:31.250", + "lastModified": "2023-09-19T19:15:51.607", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes ([https://confluence.atlassian.com/bitbucketserver/release-notes]). You can download the latest version of Bitbucket Data Center and Server from the download center ([https://www.atlassian.com/software/bitbucket/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program" + "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program" + }, + { + "lang": "es", + "value": "Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo) de Alta gravedad se introdujo en la versi\u00f3n 8.0.0 de Bitbucket Data Center and Server. Esta vulnerabilidad RCE (ejecuci\u00f3n remota de c\u00f3digo), con una puntuaci\u00f3n CVSS de 8,5, permite a un atacante autenticado ejecutar c\u00f3digo arbitrario que tiene un alto impacto en la confidencialidad, un alto impacto en la integridad, un alto impacto en la disponibilidad y no requiere interacci\u00f3n del usuario. Atlassian recomienda que los clientes de Bitbucket Data Center y Server actualicen a la \u00faltima versi\u00f3n; si no puede hacerlo, actualice su instancia a una de las versiones fijas admitidas especificadas: Bitbucket Data Center y Server 8.9: actualice a una versi\u00f3n superior o igual a 8.9.5 Bitbucket Data Center y Server 8.10: actualice a una versi\u00f3n mayor o igual a 8.10.5 Bitbucket Data Center y Server 8.11: actualice a una versi\u00f3n mayor o igual a 8.11.4 Bitbucket Data Center y Server 8.12: actualice a una versi\u00f3n mayor o igual a 8.12.2 Bitbucket Data Center y Server 8.13: actualice a una versi\u00f3n mayor o igual a 8.13.1 Bitbucket Data Center y Server 8.14: actualice a una versi\u00f3n mayor o igual a 8.14.0 Bitbucket Data Versi\u00f3n de Center y Server >= 8.0 y < 8.9: actualice a cualquiera de las versiones de correcci\u00f3n enumeradas. Consulte las notas de la versi\u00f3n ([https://confluence.atlassian.com/bitbucketserver/release-notes]). Puede descargar la \u00faltima versi\u00f3n de Bitbucket Data Center and Server desde el centro de descargas ([https://www.atlassian.com/software/bitbucket/download-archives]). Esta vulnerabilidad fue descubierta por un usuario privado y reportada a trav\u00e9s de nuestro programa Bug Bounty." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26067.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26067.json index 6a92c2bb568..6619ac4136a 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26067.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26067.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26067", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-10T20:15:10.387", - "lastModified": "2023-05-08T20:13:53.287", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-19T18:15:16.977", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -1401,6 +1401,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26067.pdf", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-260xx/CVE-2023-26068.json b/CVE-2023/CVE-2023-260xx/CVE-2023-26068.json index 95128d432ac..009d675f8eb 100644 --- a/CVE-2023/CVE-2023-260xx/CVE-2023-26068.json +++ b/CVE-2023/CVE-2023-260xx/CVE-2023-26068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26068", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-10T20:15:10.483", - "lastModified": "2023-05-08T20:13:40.727", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-19T18:15:17.397", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -1371,6 +1371,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174763/Lexmark-Device-Embedded-Web-Server-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29499.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29499.json index 22f71aeb411..7d8f5bd72e3 100644 --- a/CVE-2023/CVE-2023-294xx/CVE-2023-29499.json +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29499.json @@ -2,16 +2,40 @@ "id": "CVE-2023-29499", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-14T20:15:09.420", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:53:27.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en GLib. La deserializaci\u00f3n de GVariant no logra validar que la entrada se ajuste al formato esperado, lo que lleva a la denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +58,59 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.74.4", + "matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-29499", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211828", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2794", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json index a0c405a6098..f8f4c48f8f0 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32636.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32636", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-14T20:15:09.653", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:59:27.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en glib, donde el c\u00f3digo de deserializaci\u00f3n gvariant es vulnerable a una denegaci\u00f3n de servicio introducida por una validaci\u00f3n de entrada adicional agregada para resolver CVE-2023-29499. La validaci\u00f3n de la tabla de desplazamiento puede ser muy lenta. Este error no afecta a ninguna versi\u00f3n publicada de glib, pero s\u00ed afecta a los distribuidores de glib que siguieron las instrucciones de los desarrolladores de glib para respaldar la soluci\u00f3n inicial para CVE-2023-29499." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.74.4", + "matchCriteriaId": "9DF67CEA-BB12-4E90-9788-1AD9EF0FCB38" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json index 9b9eb7e3bf6..cd86254ebf3 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3712.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3712", "sourceIdentifier": "psirt@honeywell.com", "published": "2023-09-12T20:15:09.787", - "lastModified": "2023-09-12T20:41:39.640", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T19:58:56.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Archivos o Directorios Accesibles a Partes Externas en Honeywell PM43 en 32 bits, ARM (M\u00f3dulos de p\u00e1gina web de impresora) permite la escalada de privilegios. Este problema afecta a las versiones de PM43 anteriores a P10.19.050004. Actualice a la \u00faltima versi\u00f3n de firmware disponible de las respectivas impresoras a la versi\u00f3n MR19.5 (por ejemplo, P10.19.050006)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "psirt@honeywell.com", "type": "Secondary", @@ -46,18 +80,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:honeywell:pm43_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "p10.19.050004", + "matchCriteriaId": "A8838609-3252-452F-A122-F454379006BA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:honeywell:pm43:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "C5F24450-6D4D-4F32-A2E3-E06EA0466CD7" + } + ] + } + ] + } + ], "references": [ { "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004", - "source": "psirt@honeywell.com" + "source": "psirt@honeywell.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A", - "source": "psirt@honeywell.com" + "source": "psirt@honeywell.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.honeywell.com/us/en/product-security", - "source": "psirt@honeywell.com" + "source": "psirt@honeywell.com", + "tags": [ + "Not Applicable", + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38912.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38912.json index 22391704e13..7138af97cc8 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38912.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38912.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38912", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T21:15:10.560", - "lastModified": "2023-09-18T20:15:09.637", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-19T19:38:08.673", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Vulnerabilidad de inyecci\u00f3n SQL en Super Store Finder PHP Script v.3.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro de nombre de usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:superstorefinder:php_script:3.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1A5FA0BF-84F6-438B-93AA-E7CC8B77FD7A" + } + ] + } + ] + } + ], "references": [ { "url": "https://codecanyon.net/item/super-store-finder/3630922", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://packetstormsecurity.com/files/173302/Super-Store-Finder-PHP-Script-3.6-SQL-Injection.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39285.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39285.json index 3e5bdf91146..7fd913844bb 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39285.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39285.json @@ -2,19 +2,79 @@ "id": "CVE-2023-39285", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T19:16:50.847", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:00:45.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente Edge Gateway de Mitel MiVoice Connect hasta 19.3 SP3 (22.24.5800.0) podr\u00eda permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validaci\u00f3n de la solicitud insuficiente. Un exploit exitoso podr\u00eda permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitir\u00eda modificar la configuraci\u00f3n del sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.24.7100.0", + "matchCriteriaId": "831DFDAA-0551-40E4-8E36-85840CA972B7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39286.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39286.json index 62730ec9709..bd423badfc2 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39286.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39286.json @@ -2,19 +2,79 @@ "id": "CVE-2023-39286", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T19:16:50.907", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:04:08.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el componente Connect Mobility Router de Mitel MiVoice Connect hasta 9.6.2304.102 podr\u00eda permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validaci\u00f3n de la solicitud insuficiente. Un exploit exitoso podr\u00eda permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitir\u00eda modificar la configuraci\u00f3n del sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:connect_mobility_router:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.6.2307.111", + "matchCriteriaId": "95732356-9292-4D88-9346-28F4328919ED" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40955.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40955.json index 393fb7d695c..8a4d5ff5f8e 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40955.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40955.json @@ -2,19 +2,95 @@ "id": "CVE-2023-40955", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-15T00:15:07.743", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T19:19:05.487", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering & Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro select en el componente models/base_client.py." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.0.1.0.0", + "matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.0.1.0.0", + "matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.0.1.0.0", + "matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40956.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40956.json index 3e358b27402..2c5c3d7b0d8 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40956.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40956.json @@ -2,19 +2,79 @@ "id": "CVE-2023-40956", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-15T00:15:07.800", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T19:19:23.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Cloudroits Website Job Search v.15.0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro nombre en el componente controllers/main.py." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cloudroits:wesite_job_search:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8F85EB4F-FE53-4B49-8CE9-A811554AE10D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40957.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40957.json index 060ecca5f93..af5b0ca3dfa 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40957.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40957.json @@ -2,19 +2,95 @@ "id": "CVE-2023-40957", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-15T00:15:07.853", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:28:38.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering & Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud en el componente models/base_client.py." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.0.1.0.0", + "matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.0.1.0.0", + "matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.0.1.0.0", + "matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/3", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40958.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40958.json index f9644c286ca..6cdf95683a6 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40958.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40958.json @@ -2,19 +2,95 @@ "id": "CVE-2023-40958", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-15T00:15:07.907", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:28:54.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Didotech srl Engineering & Lifecycle Management (tambi\u00e9n conocido como pdm) v.14.0, v.15.0 y v.16.0 corregida en pdm-14.0.1.0.0, pdm-15.0.1.0.0 y pdm-16.0.1.0 .0 permite a un atacante remoto autenticado ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de consulta en el componente models/base_client.py." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.0.1.0.0", + "matchCriteriaId": "5C12E004-C78B-4663-98B4-C1F4130B4CFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.0.1.0.0", + "matchCriteriaId": "B9A5E9AD-8B3E-487C-BDA7-DB5A8BE41C55" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:didotech:engineering_\\&_lifecycle_management:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0", + "versionEndExcluding": "16.0.1.0.0", + "matchCriteriaId": "5D7E90B5-268E-49F8-A74A-E9EE754E5467" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/pdm/1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41011.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41011.json index 7d57221564e..3807367f1a0 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41011.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41011.json @@ -2,19 +2,91 @@ "id": "CVE-2023-41011", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T19:16:50.960", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:17:34.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Ejecuci\u00f3n de Comandos en China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente short_telnet.cg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:chinamobile:intelligent_home_gateway_firmware:hg6543c4:*:*:*:*:*:*:*", + "matchCriteriaId": "3E2533ED-388E-43E7-BF0B-E6BB76790671" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:chinamobile:intelligent_home_gateway:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4DB451CE-0E86-4524-8FF5-C0A3F9FAB9A2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/te5tb99/For-submitting/wiki/Command-Execution-Vulnerability-in-China-Mobile-Intelligent-Home-Gateway-HG6543C4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41160.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41160.json index e669c1ad5d8..b8546434b85 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41160.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41160.json @@ -2,23 +2,86 @@ "id": "CVE-2023-41160", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T21:15:10.750", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:23:34.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la pesta\u00f1a de configuraci\u00f3n SSH en Usermin 2.001 permite a los atacantes remotos inyectar scripts web arbitrarios o HTML a trav\u00e9s del campo de nombre de clave mientras agregan una clave autorizada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webmin:usermin:2.001:*:*:*:*:*:*:*", + "matchCriteriaId": "9CE9B3CB-9D26-492D-9584-317C5BE061EE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/shindeanik/Usermin-2.001/blob/main/CVE-2023-41160", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://webmin.com/tags/webmin-changelog/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41592.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41592.json index e9f4833c27e..21052250eca 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41592.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41592.json @@ -2,27 +2,95 @@ "id": "CVE-2023-41592", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T23:15:08.210", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T19:20:55.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Froala Editor v4.0.1 a v4.1.1 contiene una vulnerabilidad de cross-site scripting (XSS)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:froala:froala_editor:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.1", + "versionEndIncluding": "4.1.1", + "matchCriteriaId": "F425DEFF-C906-48D5-9E5B-DA167D35E0C3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hacker.soarescorp.com/cve/2023-41592/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://owasp.org/Top10/A03_2021-Injection/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://owasp.org/www-project-top-ten/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42362.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42362.json index e69ceb12897..4d6d9b17bbb 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42362.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42362.json @@ -2,19 +2,78 @@ "id": "CVE-2023-42362", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-14T21:15:10.833", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T19:34:03.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitraria en Teller Web App v.4.4.0 permite a un atacante remoto ejecutar comandos arbitrarios y obtener informaci\u00f3n confidencial cargando un archivo manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:teller:teller:4.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "97F096CD-4B11-4722-82CD-093BE751EB6E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Mr-n0b3dy/CVE-2023-42362", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4669.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4669.json index 56c9647db9e..ec11298d4a2 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4669.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4669.json @@ -2,18 +2,22 @@ "id": "CVE-2023-4669", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-14T19:16:51.013", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:32:49.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "** UNSUPPPORTED WHEN ASSIGNED ** Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.This issue affects SYSGuard 3001: before 3.2.20.0.\n\n" + }, + { + "lang": "es", + "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La omisi\u00f3n de autenticaci\u00f3n mediante una vulnerabilidad de datos supuestamente inmutables en Exagate SYSGuard 3001 permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a SYSGuard 3001: versiones anteriores a 3.2.20.0." } ], "metrics": { "cvssMetricV31": [ { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,13 +35,43 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "cve@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, + { + "source": "cve@usom.gov.tr", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:exagate:sysguard_3001_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.2.20.0", + "matchCriteriaId": "1FECDDA7-F79C-41B6-BC49-E403FEFAD243" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:exagate:sysguard_3001:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6DED9517-3757-4799-ADAC-DFD2FAF27EAD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0525", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4676.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4676.json index fb80f407ee0..3b6e52e264c 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4676.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4676.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4676", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-14T20:15:11.923", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:45:20.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Yordam MedasPro permite XSS reflejado. Este problema afecta a MedasPro: antes de 28." } ], "metrics": { @@ -46,10 +50,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yordam:medaspro:*:*:*:*:*:*:*:*", + "versionEndExcluding": "28", + "matchCriteriaId": "439C527B-B9BC-4E28-AA91-6B7095E39651" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0527", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json index 65b0d51ea9e..760ba268416 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4702.json @@ -2,19 +2,43 @@ "id": "CVE-2023-4702", "sourceIdentifier": "cve@usom.gov.tr", "published": "2023-09-14T20:15:12.373", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:38:11.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n usando un Canal o Ruta Alternativa en Yepas Digital Yepas permite la omisi\u00f3n de autenticaci\u00f3n. Este problema afecta a Digital Yepas: anteriores a 1.0.1." } ], "metrics": { "cvssMetricV31": [ { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "cve@usom.gov.tr", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "cve@usom.gov.tr", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + }, + { + "source": "cve@usom.gov.tr", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yepas:digital_yepas:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.1", + "matchCriteriaId": "5BE3506D-F955-4B85-B23E-F1D9B9669955" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-23-0526", - "source": "cve@usom.gov.tr" + "source": "cve@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4965.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4965.json index 1d075d2b5f1..618c64ef59e 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4965.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4965.json @@ -2,15 +2,41 @@ "id": "CVE-2023-4965", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-14T20:15:12.880", - "lastModified": "2023-09-15T00:31:20.767", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-19T18:40:16.173", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en phpipam 1.5.1. Ha sido calificado como problem\u00e1tico. Una funci\u00f3n desconocida del componente Header Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento X-Forwarded-Host conduce a una redirecci\u00f3n abierta. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-239732." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +97,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpipam:phpipam:1.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "44568465-4A70-496E-A435-AC8928B323E5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ctflearner/Vulnerability/blob/main/PHPIPAM/Open_Redirect.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.239732", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.239732", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4987.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4987.json index a79bf83e5f7..413fa5a25f4 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4987.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4987", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-15T15:15:08.273", - "lastModified": "2023-09-19T15:02:28.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-19T18:15:17.673", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -115,6 +115,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174760/Taskhub-2.8.7-SQL-Injection.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.239798", "source": "cna@vuldb.com", diff --git a/README.md b/README.md index 4c16d6f58df..4bc1a753a7c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-19T18:00:24.697447+00:00 +2023-09-19T20:00:24.755970+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-19T17:58:34.500000+00:00 +2023-09-19T19:58:56.997000+00:00 ``` ### Last Data Feed Release @@ -34,52 +34,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `0` -* [CVE-2023-32182](CVE-2023/CVE-2023-321xx/CVE-2023-32182.json) (`2023-09-19T16:15:09.347`) -* [CVE-2023-38351](CVE-2023/CVE-2023-383xx/CVE-2023-38351.json) (`2023-09-19T16:15:10.710`) -* [CVE-2023-38352](CVE-2023/CVE-2023-383xx/CVE-2023-38352.json) (`2023-09-19T16:15:11.097`) -* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-09-19T16:15:11.427`) -* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-09-19T16:15:11.737`) -* [CVE-2023-38355](CVE-2023/CVE-2023-383xx/CVE-2023-38355.json) (`2023-09-19T16:15:12.007`) -* [CVE-2023-38356](CVE-2023/CVE-2023-383xx/CVE-2023-38356.json) (`2023-09-19T16:15:12.363`) -* [CVE-2023-42450](CVE-2023/CVE-2023-424xx/CVE-2023-42450.json) (`2023-09-19T16:15:12.897`) -* [CVE-2023-42451](CVE-2023/CVE-2023-424xx/CVE-2023-42451.json) (`2023-09-19T16:15:13.303`) -* [CVE-2023-42452](CVE-2023/CVE-2023-424xx/CVE-2023-42452.json) (`2023-09-19T16:15:13.630`) -* [CVE-2023-22513](CVE-2023/CVE-2023-225xx/CVE-2023-22513.json) (`2023-09-19T17:15:08.017`) -* [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2023-09-19T17:15:08.330`) -* [CVE-2023-43566](CVE-2023/CVE-2023-435xx/CVE-2023-43566.json) (`2023-09-19T17:15:08.463`) ### CVEs modified in the last Commit -Recently modified CVEs: `30` +Recently modified CVEs: `24` -* [CVE-2023-4314](CVE-2023/CVE-2023-43xx/CVE-2023-4314.json) (`2023-09-19T16:17:56.223`) -* [CVE-2023-4307](CVE-2023/CVE-2023-43xx/CVE-2023-4307.json) (`2023-09-19T16:18:59.537`) -* [CVE-2023-4294](CVE-2023/CVE-2023-42xx/CVE-2023-4294.json) (`2023-09-19T16:19:36.820`) -* [CVE-2023-4278](CVE-2023/CVE-2023-42xx/CVE-2023-4278.json) (`2023-09-19T16:23:14.777`) -* [CVE-2023-41156](CVE-2023/CVE-2023-411xx/CVE-2023-41156.json) (`2023-09-19T16:28:17.837`) -* [CVE-2023-41159](CVE-2023/CVE-2023-411xx/CVE-2023-41159.json) (`2023-09-19T16:52:36.037`) -* [CVE-2023-42180](CVE-2023/CVE-2023-421xx/CVE-2023-42180.json) (`2023-09-19T17:09:40.980`) -* [CVE-2023-36472](CVE-2023/CVE-2023-364xx/CVE-2023-36472.json) (`2023-09-19T17:15:08.173`) -* [CVE-2023-4155](CVE-2023/CVE-2023-41xx/CVE-2023-4155.json) (`2023-09-19T17:18:08.987`) -* [CVE-2023-26141](CVE-2023/CVE-2023-261xx/CVE-2023-26141.json) (`2023-09-19T17:22:21.723`) -* [CVE-2023-38205](CVE-2023/CVE-2023-382xx/CVE-2023-38205.json) (`2023-09-19T17:27:19.593`) -* [CVE-2023-38206](CVE-2023/CVE-2023-382xx/CVE-2023-38206.json) (`2023-09-19T17:43:50.263`) -* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-19T17:49:57.207`) -* [CVE-2023-41267](CVE-2023/CVE-2023-412xx/CVE-2023-41267.json) (`2023-09-19T17:52:38.127`) -* [CVE-2023-31808](CVE-2023/CVE-2023-318xx/CVE-2023-31808.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-41179](CVE-2023/CVE-2023-411xx/CVE-2023-41179.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-4093](CVE-2023/CVE-2023-40xx/CVE-2023-4093.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-4094](CVE-2023/CVE-2023-40xx/CVE-2023-4094.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-4095](CVE-2023/CVE-2023-40xx/CVE-2023-4095.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-4096](CVE-2023/CVE-2023-40xx/CVE-2023-4096.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-3892](CVE-2023/CVE-2023-38xx/CVE-2023-3892.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-41890](CVE-2023/CVE-2023-418xx/CVE-2023-41890.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-42444](CVE-2023/CVE-2023-424xx/CVE-2023-42444.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-42447](CVE-2023/CVE-2023-424xx/CVE-2023-42447.json) (`2023-09-19T17:57:31.250`) -* [CVE-2023-30909](CVE-2023/CVE-2023-309xx/CVE-2023-30909.json) (`2023-09-19T17:58:34.500`) +* [CVE-2020-11978](CVE-2020/CVE-2020-119xx/CVE-2020-11978.json) (`2023-09-19T18:15:16.607`) +* [CVE-2020-13927](CVE-2020/CVE-2020-139xx/CVE-2020-13927.json) (`2023-09-19T18:15:16.797`) +* [CVE-2023-39285](CVE-2023/CVE-2023-392xx/CVE-2023-39285.json) (`2023-09-19T18:00:45.343`) +* [CVE-2023-39286](CVE-2023/CVE-2023-392xx/CVE-2023-39286.json) (`2023-09-19T18:04:08.670`) +* [CVE-2023-26067](CVE-2023/CVE-2023-260xx/CVE-2023-26067.json) (`2023-09-19T18:15:16.977`) +* [CVE-2023-26068](CVE-2023/CVE-2023-260xx/CVE-2023-26068.json) (`2023-09-19T18:15:17.397`) +* [CVE-2023-4987](CVE-2023/CVE-2023-49xx/CVE-2023-4987.json) (`2023-09-19T18:15:17.673`) +* [CVE-2023-41011](CVE-2023/CVE-2023-410xx/CVE-2023-41011.json) (`2023-09-19T18:17:34.377`) +* [CVE-2023-41160](CVE-2023/CVE-2023-411xx/CVE-2023-41160.json) (`2023-09-19T18:23:34.110`) +* [CVE-2023-40957](CVE-2023/CVE-2023-409xx/CVE-2023-40957.json) (`2023-09-19T18:28:38.510`) +* [CVE-2023-40958](CVE-2023/CVE-2023-409xx/CVE-2023-40958.json) (`2023-09-19T18:28:54.250`) +* [CVE-2023-4669](CVE-2023/CVE-2023-46xx/CVE-2023-4669.json) (`2023-09-19T18:32:49.497`) +* [CVE-2023-4702](CVE-2023/CVE-2023-47xx/CVE-2023-4702.json) (`2023-09-19T18:38:11.833`) +* [CVE-2023-4965](CVE-2023/CVE-2023-49xx/CVE-2023-4965.json) (`2023-09-19T18:40:16.173`) +* [CVE-2023-4676](CVE-2023/CVE-2023-46xx/CVE-2023-4676.json) (`2023-09-19T18:45:20.783`) +* [CVE-2023-29499](CVE-2023/CVE-2023-294xx/CVE-2023-29499.json) (`2023-09-19T18:53:27.373`) +* [CVE-2023-32636](CVE-2023/CVE-2023-326xx/CVE-2023-32636.json) (`2023-09-19T18:59:27.957`) +* [CVE-2023-22513](CVE-2023/CVE-2023-225xx/CVE-2023-22513.json) (`2023-09-19T19:15:51.607`) +* [CVE-2023-40955](CVE-2023/CVE-2023-409xx/CVE-2023-40955.json) (`2023-09-19T19:19:05.487`) +* [CVE-2023-40956](CVE-2023/CVE-2023-409xx/CVE-2023-40956.json) (`2023-09-19T19:19:23.003`) +* [CVE-2023-41592](CVE-2023/CVE-2023-415xx/CVE-2023-41592.json) (`2023-09-19T19:20:55.553`) +* [CVE-2023-42362](CVE-2023/CVE-2023-423xx/CVE-2023-42362.json) (`2023-09-19T19:34:03.287`) +* [CVE-2023-38912](CVE-2023/CVE-2023-389xx/CVE-2023-38912.json) (`2023-09-19T19:38:08.673`) +* [CVE-2023-3712](CVE-2023/CVE-2023-37xx/CVE-2023-3712.json) (`2023-09-19T19:58:56.997`) ## Download and Usage