From 421f71b37eb6396533b34d6e62cfeb672022fd20 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 10 Oct 2023 20:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-10-10T20:00:25.815099+00:00 --- CVE-2022/CVE-2022-331xx/CVE-2022-33160.json | 67 +++++++++- CVE-2023/CVE-2023-225xx/CVE-2023-22515.json | 116 ++++++++++++++++- CVE-2023/CVE-2023-233xx/CVE-2023-23365.json | 62 ++++++++- CVE-2023/CVE-2023-233xx/CVE-2023-23366.json | 62 ++++++++- CVE-2023/CVE-2023-23xx/CVE-2023-2306.json | 52 +++++++- CVE-2023/CVE-2023-293xx/CVE-2023-29348.json | 43 +++++++ CVE-2023/CVE-2023-310xx/CVE-2023-31096.json | 24 ++++ CVE-2023/CVE-2023-353xx/CVE-2023-35349.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36414.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36415.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36416.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36417.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36418.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36419.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36420.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36429.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36431.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36433.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36434.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36435.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36436.json | 43 +++++++ CVE-2023/CVE-2023-364xx/CVE-2023-36438.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36557.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36561.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36563.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36564.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36565.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36566.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36567.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36568.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36569.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36570.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36571.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36572.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36573.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36574.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36575.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36576.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36577.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36578.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36579.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36581.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36582.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36583.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36584.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36585.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36589.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36590.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36591.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36592.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36593.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36594.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36596.json | 43 +++++++ CVE-2023/CVE-2023-365xx/CVE-2023-36598.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36602.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36603.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36605.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36606.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36697.json | 43 +++++++ CVE-2023/CVE-2023-366xx/CVE-2023-36698.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36701.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36702.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36703.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36704.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36706.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36707.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36709.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36710.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36711.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36712.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36713.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36717.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36718.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36720.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36721.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36722.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36723.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36724.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36725.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36726.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36728.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36729.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36730.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36731.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36732.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36737.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36743.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36776.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36778.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36780.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36785.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36786.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36789.json | 43 +++++++ CVE-2023/CVE-2023-367xx/CVE-2023-36790.json | 43 +++++++ CVE-2023/CVE-2023-369xx/CVE-2023-36902.json | 43 +++++++ CVE-2023/CVE-2023-36xx/CVE-2023-3665.json | 61 ++++++++- CVE-2023/CVE-2023-381xx/CVE-2023-38159.json | 43 +++++++ CVE-2023/CVE-2023-381xx/CVE-2023-38166.json | 43 +++++++ CVE-2023/CVE-2023-381xx/CVE-2023-38171.json | 43 +++++++ CVE-2023/CVE-2023-399xx/CVE-2023-39928.json | 61 ++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3971.json | 131 +++++++++++++++++++- CVE-2023/CVE-2023-40xx/CVE-2023-4004.json | 14 ++- CVE-2023/CVE-2023-410xx/CVE-2023-41094.json | 73 ++++++++++- CVE-2023/CVE-2023-416xx/CVE-2023-41650.json | 51 +++++++- CVE-2023/CVE-2023-416xx/CVE-2023-41654.json | 51 +++++++- CVE-2023/CVE-2023-417xx/CVE-2023-41763.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41765.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41766.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41767.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41768.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41769.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41770.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41771.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41772.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41773.json | 43 +++++++ CVE-2023/CVE-2023-417xx/CVE-2023-41774.json | 43 +++++++ CVE-2023/CVE-2023-41xx/CVE-2023-4128.json | 38 +++++- CVE-2023/CVE-2023-427xx/CVE-2023-42794.json | 32 +++++ CVE-2023/CVE-2023-427xx/CVE-2023-42795.json | 32 +++++ CVE-2023/CVE-2023-428xx/CVE-2023-42808.json | 61 ++++++++- CVE-2023/CVE-2023-42xx/CVE-2023-4237.json | 73 ++++++++++- CVE-2023/CVE-2023-430xx/CVE-2023-43058.json | 86 ++++++++++++- CVE-2023/CVE-2023-437xx/CVE-2023-43793.json | 61 ++++++++- CVE-2023/CVE-2023-437xx/CVE-2023-43799.json | 90 +++++++++++++- CVE-2023/CVE-2023-43xx/CVE-2023-4309.json | 63 ++++++++++ CVE-2023/CVE-2023-43xx/CVE-2023-4380.json | 100 ++++++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44233.json | 51 +++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44243.json | 63 +++++++++- CVE-2023/CVE-2023-443xx/CVE-2023-44389.json | 69 ++++++++++- CVE-2023/CVE-2023-444xx/CVE-2023-44487.json | 74 ++++++++++- CVE-2023/CVE-2023-451xx/CVE-2023-45129.json | 63 ++++++++++ CVE-2023/CVE-2023-456xx/CVE-2023-45648.json | 32 +++++ CVE-2023/CVE-2023-54xx/CVE-2023-5452.json | 60 ++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5497.json | 88 +++++++++++++ README.md | 97 ++++++++------- 135 files changed, 6357 insertions(+), 130 deletions(-) create mode 100644 CVE-2023/CVE-2023-293xx/CVE-2023-29348.json create mode 100644 CVE-2023/CVE-2023-310xx/CVE-2023-31096.json create mode 100644 CVE-2023/CVE-2023-353xx/CVE-2023-35349.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36414.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36415.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36416.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36417.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36418.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36419.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36420.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36429.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36431.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36433.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36434.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36435.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36436.json create mode 100644 CVE-2023/CVE-2023-364xx/CVE-2023-36438.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36557.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36561.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36563.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36564.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36565.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36566.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36567.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36568.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36569.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36570.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36571.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36572.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36573.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36574.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36575.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36576.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36577.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36578.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36579.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36581.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36582.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36583.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36584.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36585.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36589.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36590.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36591.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36592.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36593.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36594.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36596.json create mode 100644 CVE-2023/CVE-2023-365xx/CVE-2023-36598.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36602.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36603.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36605.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36606.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36697.json create mode 100644 CVE-2023/CVE-2023-366xx/CVE-2023-36698.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36701.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36702.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36703.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36704.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36706.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36707.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36709.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36710.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36711.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36712.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36713.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36717.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36718.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36720.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36721.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36722.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36723.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36724.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36725.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36726.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36728.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36729.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36730.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36731.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36732.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36737.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36743.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36776.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36778.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36780.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36785.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36786.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36789.json create mode 100644 CVE-2023/CVE-2023-367xx/CVE-2023-36790.json create mode 100644 CVE-2023/CVE-2023-369xx/CVE-2023-36902.json create mode 100644 CVE-2023/CVE-2023-381xx/CVE-2023-38159.json create mode 100644 CVE-2023/CVE-2023-381xx/CVE-2023-38166.json create mode 100644 CVE-2023/CVE-2023-381xx/CVE-2023-38171.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41763.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41765.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41766.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41767.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41768.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41769.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41770.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41771.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41772.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41773.json create mode 100644 CVE-2023/CVE-2023-417xx/CVE-2023-41774.json create mode 100644 CVE-2023/CVE-2023-427xx/CVE-2023-42794.json create mode 100644 CVE-2023/CVE-2023-427xx/CVE-2023-42795.json create mode 100644 CVE-2023/CVE-2023-43xx/CVE-2023-4309.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45129.json create mode 100644 CVE-2023/CVE-2023-456xx/CVE-2023-45648.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5497.json diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33160.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33160.json index 9f4b9e368d2..a6f541ecd6e 100644 --- a/CVE-2022/CVE-2022-331xx/CVE-2022-33160.json +++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33160.json @@ -2,16 +2,40 @@ "id": "CVE-2022-33160", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-06T22:15:11.523", - "lastModified": "2023-10-06T22:23:04.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:33:22.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568." + }, + { + "lang": "es", + "value": "IBM Security Directory Suite 8.0.1 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 228568." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:security_directory_suite_va:8.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B38056-9151-4F19-8D67-C815C28ABB66" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228568", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047071", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json index 36be852dfa4..d67ab0561bf 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json @@ -2,15 +2,45 @@ "id": "CVE-2023-22515", "sourceIdentifier": "security@atlassian.com", "published": "2023-10-04T14:15:10.440", - "lastModified": "2023-10-04T14:16:47.647", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:22:02.770", + "vulnStatus": "Analyzed", + "cisaExploitAdd": "2023-10-05", + "cisaActionDue": "2023-10-26", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability", "descriptions": [ { "lang": "en", "value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. \n\nFor more details, please review the linked advisory on this CVE." + }, + { + "lang": "es", + "value": "Atlassian ha sido informado de un problema por un pu\u00f1ado de clientes que atacantes externos pueden haber explotado una vulnerabilidad previamente desconocida en instancias de Confluence Data Center y Server de acceso p\u00fablico para crear cuentas de administrador de Confluence no autorizadas y acceder a instancias de Confluence. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema. Para obtener m\u00e1s detalles, revise el aviso vinculado sobre este CVE." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@atlassian.com", @@ -34,18 +64,94 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.3.3", + "matchCriteriaId": "85B2AD9F-CBA6-4559-9AE3-5F76A9EC3B7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndExcluding": "8.4.3", + "matchCriteriaId": "38F9918D-6848-4CD6-8096-4FB48C23818B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndExcluding": "8.5.2", + "matchCriteriaId": "8D646BCF-214F-449D-AEEB-B253E8715394" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.3.3", + "matchCriteriaId": "970A3DA7-5114-4696-A93D-C3D5AFF5C6C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.4.0", + "versionEndExcluding": "8.4.3", + "matchCriteriaId": "A2EB19CD-AE29-4775-91C5-05B01A96AC6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndExcluding": "8.5.2", + "matchCriteriaId": "79229BE7-0AA0-4308-8BB2-8FB11E8B9AD7" + } + ] + } + ] + } + ], "references": [ { "url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1295682276", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.atlassian.com/browse/CONFSERVER-92457", - "source": "security@atlassian.com" + "source": "security@atlassian.com", + "tags": [ + "Issue Tracking", + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json index 652321efa90..f7df7d4f3d6 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23365.json @@ -2,16 +2,40 @@ "id": "CVE-2023-23365", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2023-10-06T17:15:11.737", - "lastModified": "2023-10-06T19:41:01.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:35:30.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de path traversal afecta a Music Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Music Station 5.3.22 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +84,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.3.0", + "versionEndExcluding": "5.3.22", + "matchCriteriaId": "6D744B4C-476F-4FFF-A9B0-00A0B9F3E4B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-28", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json index efddd601818..02b1348fe68 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23366.json @@ -2,16 +2,40 @@ "id": "CVE-2023-23366", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2023-10-06T17:15:11.840", - "lastModified": "2023-10-06T19:41:01.643", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:35:17.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following version:\nMusic Station 5.3.22 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de path traversal afecta a Music Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: Music Station 5.3.22 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -50,10 +84,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qnap:music_station:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.3.0", + "versionEndExcluding": "5.3.22", + "matchCriteriaId": "6D744B4C-476F-4FFF-A9B0-00A0B9F3E4B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-28", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2306.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2306.json index 6a42fd24489..d67edd8a4f3 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2306.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2306.json @@ -2,16 +2,40 @@ "id": "CVE-2023-2306", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-10-05T17:15:11.373", - "lastModified": "2023-10-05T19:13:42.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:28:52.517", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\n\n\n\nQognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records.\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones 3.1 y anteriores de Qognify NiceVision son vulnerables a la exposici\u00f3n de informaci\u00f3n confidencial mediante credenciales codificadas. Con estas credenciales, un atacante puede recuperar informaci\u00f3n sobre las c\u00e1maras, informaci\u00f3n del usuario y modificar registros de la base de datos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "ics-cert@hq.dhs.gov", "type": "Secondary", @@ -46,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qognify:nicevision:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "6354A1C6-107B-4CC9-BA9F-CEFB5AD4B6C6" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-02", - "source": "ics-cert@hq.dhs.gov" + "source": "ics-cert@hq.dhs.gov", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json new file mode 100644 index 00000000000..71cb8acc906 --- /dev/null +++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29348.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-29348", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:11.830", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29348", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json new file mode 100644 index 00000000000..8d1784763fb --- /dev/null +++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31096", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-10T19:15:09.530", + "lastModified": "2023-10-10T19:37:40.180", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cschwarz1.github.io/posts/0x04/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.broadcom.com", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-353xx/CVE-2023-35349.json b/CVE-2023/CVE-2023-353xx/CVE-2023-35349.json new file mode 100644 index 00000000000..891db9a2701 --- /dev/null +++ b/CVE-2023/CVE-2023-353xx/CVE-2023-35349.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-35349", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:11.923", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35349", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36414.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36414.json new file mode 100644 index 00000000000..2536cf28518 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36414.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36414", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.000", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure Identity SDK Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36415.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36415.json new file mode 100644 index 00000000000..324baeb53c7 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36415.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36415", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.070", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure Identity SDK Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36416.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36416.json new file mode 100644 index 00000000000..716b30ec6c7 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36416.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36416", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.127", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36417.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36417.json new file mode 100644 index 00000000000..e6f6fe7de6a --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36417.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36417", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.190", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36418.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36418.json new file mode 100644 index 00000000000..fe46407cdc5 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36418.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36418", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.247", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure RTOS GUIX Studio Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json new file mode 100644 index 00000000000..6a40179e176 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36419.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36419", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.300", + "lastModified": "2023-10-10T18:21:21.487", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36420.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36420.json new file mode 100644 index 00000000000..325282c8bf3 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36420.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36420", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.363", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36429.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36429.json new file mode 100644 index 00000000000..2525e9eae25 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36429.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36429", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.430", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json new file mode 100644 index 00000000000..a5da5ea184c --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36431.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36431", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.497", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36431", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36433.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36433.json new file mode 100644 index 00000000000..81fd0e75fa7 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36433.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36433", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.557", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36434.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36434.json new file mode 100644 index 00000000000..97b9fb78942 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36434.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36434", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.617", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows IIS Server Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36434", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36435.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36435.json new file mode 100644 index 00000000000..95d152ebdf5 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36435.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36435", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.680", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft QUIC Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36435", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36436.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36436.json new file mode 100644 index 00000000000..c6ca7b34015 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36436.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36436", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.737", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows MSHTML Platform Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36436", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36438.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36438.json new file mode 100644 index 00000000000..e100f00d291 --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36438.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36438", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.803", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows TCP/IP Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36438", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36557.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36557.json new file mode 100644 index 00000000000..94349181446 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36557.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36557", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.867", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "PrintHTML API Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36557", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36561.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36561.json new file mode 100644 index 00000000000..99121652a28 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36561.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36561", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:12.930", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure DevOps Server Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36563.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36563.json new file mode 100644 index 00000000000..545e35e951c --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36563.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36563", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.003", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft WordPad Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36563", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36564.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36564.json new file mode 100644 index 00000000000..bd6367df58f --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36564.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36564", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.070", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Search Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36564", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36565.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36565.json new file mode 100644 index 00000000000..abf24bc48be --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36565.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36565", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.137", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Graphics Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36565", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36566.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36566.json new file mode 100644 index 00000000000..201b0c5aa92 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36566.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36566", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.200", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Common Data Model SDK Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json new file mode 100644 index 00000000000..65af10429ce --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36567.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36567", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.260", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Deployment Services Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36567", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json new file mode 100644 index 00000000000..53a9fa523fc --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36568.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36568", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.323", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Click-To-Run Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json new file mode 100644 index 00000000000..2faa9059845 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36569.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36569", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.387", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Office Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36570.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36570.json new file mode 100644 index 00000000000..f222b79bd84 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36570.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36570", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.450", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36570", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36571.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36571.json new file mode 100644 index 00000000000..6e65ed28090 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36571.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36571", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.510", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36571", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json new file mode 100644 index 00000000000..a4977bd6c7e --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36572.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36572", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.573", + "lastModified": "2023-10-10T18:21:15.910", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36572", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json new file mode 100644 index 00000000000..d383218fd3d --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36573.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36573", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.637", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36573", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json new file mode 100644 index 00000000000..f42ab2e0cee --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36574.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36574", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.697", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36574", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json new file mode 100644 index 00000000000..5ddb3bc4b5a --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36575.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36575", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.757", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36575", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json new file mode 100644 index 00000000000..56bee6f1593 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36576.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36576", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.823", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36576", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json new file mode 100644 index 00000000000..24c977fa8b9 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36577.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36577", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.887", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36577", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json new file mode 100644 index 00000000000..0c0c21070a3 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36578.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36578", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:13.950", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36578", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json new file mode 100644 index 00000000000..0dcf2cfecdf --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36579.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36579", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.027", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36579", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json new file mode 100644 index 00000000000..749c53472a1 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36581.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36581", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.090", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36581", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36582.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36582.json new file mode 100644 index 00000000000..760b25dea1a --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36582.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36582", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.153", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36582", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36583.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36583.json new file mode 100644 index 00000000000..ba0de3fceee --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36583.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36583", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.217", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36583", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36584.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36584.json new file mode 100644 index 00000000000..832ee68401b --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36584.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36584", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.280", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Mark of the Web Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json new file mode 100644 index 00000000000..09ce4771e8b --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36585", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.343", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Active Template Library Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36585", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36589.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36589.json new file mode 100644 index 00000000000..272d06d43b2 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36589.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36589", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.407", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36589", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36590.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36590.json new file mode 100644 index 00000000000..1368507517a --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36590.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36590", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.470", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36590", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36591.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36591.json new file mode 100644 index 00000000000..d0470a2dd2c --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36591.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36591", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.530", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36591", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36592.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36592.json new file mode 100644 index 00000000000..a60a53e89f7 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36592.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36592", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.590", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36592", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36593.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36593.json new file mode 100644 index 00000000000..4b3ba5005f3 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36593.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36593", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.650", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36593", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36594.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36594.json new file mode 100644 index 00000000000..ae40b843b3f --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36594.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36594", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.717", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36594", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36596.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36596.json new file mode 100644 index 00000000000..1a51c40fa39 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36596.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36596", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.783", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Remote Procedure Call Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36596", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36598.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36598.json new file mode 100644 index 00000000000..3931968a007 --- /dev/null +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36598.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36598", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.847", + "lastModified": "2023-10-10T18:21:10.523", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36598", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36602.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36602.json new file mode 100644 index 00000000000..bbed09515a6 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36602.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36602", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.910", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows TCP/IP Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36602", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36603.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36603.json new file mode 100644 index 00000000000..df77316cc97 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36603.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36603", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:14.973", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows TCP/IP Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36603", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36605.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36605.json new file mode 100644 index 00000000000..599aee34f91 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36605.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36605", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.047", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Named Pipe Filesystem Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36605", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json new file mode 100644 index 00000000000..c8dad225058 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36606.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36606", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.110", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36606", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36697.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36697.json new file mode 100644 index 00000000000..0b3420d7e40 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36697.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36697", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.173", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Message Queuing Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36697", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36698.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36698.json new file mode 100644 index 00000000000..3839c8245c7 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36698.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36698", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.250", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Security Feature Bypass Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 3.6, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36698", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36701.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36701.json new file mode 100644 index 00000000000..d25d7050eae --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36701.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36701", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.337", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36701", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36702.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36702.json new file mode 100644 index 00000000000..b7719f6db9a --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36702.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36702", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.410", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft DirectMusic Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36702", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36703.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36703.json new file mode 100644 index 00000000000..3d95aa66430 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36703.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36703", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.483", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "DHCP Server Service Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36703", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36704.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36704.json new file mode 100644 index 00000000000..d47f33fe080 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36704.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36704", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.547", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Setup Files Cleanup Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36704", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36706.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36706.json new file mode 100644 index 00000000000..e7c05681bd1 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36706.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36706", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.607", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Deployment Services Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36706", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36707.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36707.json new file mode 100644 index 00000000000..f373f9d0a90 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36707.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36707", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.667", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Deployment Services Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36707", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36709.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36709.json new file mode 100644 index 00000000000..efad791ab3d --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36709.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36709", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.733", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft AllJoyn API Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36709", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36710.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36710.json new file mode 100644 index 00000000000..d516655b0fc --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36710.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36710", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:15.797", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Media Foundation Core Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36710", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36711.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36711.json new file mode 100644 index 00000000000..a09bb1ca8a0 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36711.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36711", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.243", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Runtime C++ Template Library Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36711", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36712.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36712.json new file mode 100644 index 00000000000..224513e2c0f --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36712.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36712", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.307", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36712", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36713.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36713.json new file mode 100644 index 00000000000..87630117965 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36713.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36713", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.370", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Common Log File System Driver Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36713", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36717.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36717.json new file mode 100644 index 00000000000..02be23f663c --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36717.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36717", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.433", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Virtual Trusted Platform Module Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36717", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36718.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36718.json new file mode 100644 index 00000000000..041771c6f27 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36718.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36718", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.493", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36718", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36720.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36720.json new file mode 100644 index 00000000000..8077c6342cd --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36720.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36720", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.557", + "lastModified": "2023-10-10T18:21:04.527", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Mixed Reality Developer Tools Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36720", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36721.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36721.json new file mode 100644 index 00000000000..218613c4106 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36721.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36721", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.620", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Error Reporting Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36721", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36722.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36722.json new file mode 100644 index 00000000000..8151ba11560 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36722.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36722", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.680", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Active Directory Domain Services Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36722", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36723.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36723.json new file mode 100644 index 00000000000..3bdf41d33b6 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36723.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36723", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.743", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Container Manager Service Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36723", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36724.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36724.json new file mode 100644 index 00000000000..0ff9925a9b3 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36724.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36724", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.807", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Power Management Service Information Disclosure Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36724", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36725.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36725.json new file mode 100644 index 00000000000..3accf8f9d16 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36725.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36725", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.883", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Kernel Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36725", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36726.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36726.json new file mode 100644 index 00000000000..39710c8d903 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36726.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36726", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:16.967", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36726", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36728.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36728.json new file mode 100644 index 00000000000..a6f7a2317c6 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36728.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36728", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.030", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft SQL Server Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36729.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36729.json new file mode 100644 index 00000000000..234aded9518 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36729.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36729", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.100", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Named Pipe File System Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36729", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36730.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36730.json new file mode 100644 index 00000000000..9fb56b752a6 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36730.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36730", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.160", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36731.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36731.json new file mode 100644 index 00000000000..e25c0a75852 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36731.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36731", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.227", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36731", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36732.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36732.json new file mode 100644 index 00000000000..b4c4a260423 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36732.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36732", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.287", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36732", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36737.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36737.json new file mode 100644 index 00000000000..8e0d1a802f5 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36737.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36737", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.347", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Azure Network Watcher VM Agent Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36743.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36743.json new file mode 100644 index 00000000000..67182b4801d --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36743.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36743", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.407", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36743", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36776.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36776.json new file mode 100644 index 00000000000..1756bb3bd9d --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36776.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36776", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.467", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36776", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36778.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36778.json new file mode 100644 index 00000000000..9711e2fd561 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36778.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36778", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.523", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36780.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36780.json new file mode 100644 index 00000000000..78b4af02371 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36780.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36780", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.587", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Skype for Business Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36785.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36785.json new file mode 100644 index 00000000000..22a57909a6f --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36785.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36785", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.650", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36786.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36786.json new file mode 100644 index 00000000000..b72249017b9 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36786.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36786", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.710", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Skype for Business Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36789.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36789.json new file mode 100644 index 00000000000..ece78f8a8d5 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36789.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36789", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.767", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Skype for Business Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36790.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36790.json new file mode 100644 index 00000000000..2e5a70d33a2 --- /dev/null +++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36790.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36790", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.827", + "lastModified": "2023-10-10T18:20:58.777", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36790", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36902.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36902.json new file mode 100644 index 00000000000..bc8b1d821bb --- /dev/null +++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36902.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36902", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.890", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Runtime Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36902", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3665.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3665.json index 6da762e4214..b82fc13d7a8 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3665.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3665.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3665", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-10-04T15:15:12.360", - "lastModified": "2023-10-04T15:53:23.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:11:44.630", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nA code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables,\nleading to denial of service and or the execution of arbitrary code.\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en Trellix ENS 10.7.0 de abril de 2023 y versiones anteriores permiti\u00f3 a un usuario local deshabilitar el componente ENS AMSI a trav\u00e9s de variables de entorno, lo que provoc\u00f3 la denegaci\u00f3n de servicio o la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "trellixpsirt@trellix.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "trellixpsirt@trellix.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:trellix:endpoint_security:*:*:*:*:*:*:*:*", + "versionEndIncluding": "10.7.0", + "matchCriteriaId": "0C5D96D4-8748-42BA-BBFC-50D0F422FD50" + } + ] + } + ] + } + ], "references": [ { "url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10405", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38159.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38159.json new file mode 100644 index 00000000000..8708ec81551 --- /dev/null +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38159.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-38159", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:17.957", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Graphics Component Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38159", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38166.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38166.json new file mode 100644 index 00000000000..f56811aa46f --- /dev/null +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38166.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-38166", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.017", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38166", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38171.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38171.json new file mode 100644 index 00000000000..501d95d5191 --- /dev/null +++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38171.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-38171", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.087", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Microsoft QUIC Denial of Service Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json index 93cd5a955df..69eac8b6348 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39928.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39928", "sourceIdentifier": "talos-cna@cisco.com", "published": "2023-10-06T16:15:13.223", - "lastModified": "2023-10-09T15:15:09.890", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:37:06.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "talos-cna@cisco.com", "type": "Secondary", @@ -50,14 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webkitgtk:webkitgtk:2.40.5:*:*:*:*:*:*:*", + "matchCriteriaId": "31CB68F9-C6F2-4E7C-9D0D-1E53ACB0A828" + } + ] + } + ] + } + ], "references": [ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://webkitgtk.org/security/WSA-2023-0009.html", - "source": "talos-cna@cisco.com" + "source": "talos-cna@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3971.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3971.json index 556862c7eb9..311bbd1e787 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3971.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3971.json @@ -2,16 +2,40 @@ "id": "CVE-2023-3971", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T15:15:12.430", - "lastModified": "2023-10-04T15:53:23.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:11:16.463", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla de inyecci\u00f3n de HTML en Controller en la configuraci\u00f3n de la interfaz de usuario. Esta falla permite a un atacante capturar credenciales creando una p\u00e1gina de inicio de sesi\u00f3n personalizada mediante la inyecci\u00f3n de HTML, lo que resulta en un compromiso total." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,22 +58,117 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_controller:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.3.11", + "matchCriteriaId": "2483395B-1703-4BA1-8B89-539A48F4E696" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_controller:4.4:*:*:*:*:*:*:*", + "matchCriteriaId": "990696A6-25A7-4E38-B39F-7E23AA7C44F7" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B520E9D8-A080-4927-B279-F1C57D993795" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_developer:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0D7F51B9-6E83-46BC-9E4B-7DD6C748435E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_inside:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4488C799-B9F7-40BC-B302-ED34149DBE15" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:4340", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:4590", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-3971", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2226965", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json index de20913a813..d7e3105264d 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4004.json @@ -2,12 +2,16 @@ "id": "CVE-2023-4004", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-31T17:15:10.203", - "lastModified": "2023-09-19T16:15:14.020", + "lastModified": "2023-10-10T19:15:09.767", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla de use-after-free en el netfilter del kernel de Linux en la forma en que un usuario activa la funci\u00f3n nft_pipapo_remove con el elemento, sin un NFT_SET_EXT_KEY_END. Este problema podr\u00eda permitir que un usuario local bloquee el sistema o potencialmente aumente sus privilegios en el sistema." } ], "metrics": { @@ -176,6 +180,14 @@ "url": "https://access.redhat.com/errata/RHSA-2023:5255", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5548", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5627", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4004", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41094.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41094.json index 850e1dee04e..369acc06cb4 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41094.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41094.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41094", "sourceIdentifier": "product-security@silabs.com", "published": "2023-10-04T21:15:09.963", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:40:06.293", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nTouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration\n\nThis issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected\n\n\n" + }, + { + "lang": "es", + "value": "Los paquetes TouchLink procesados despu\u00e9s del tiempo de espera o fuera del alcance debido a la operaci\u00f3n de un recurso despu\u00e9s de la caducidad y la falta de liberaci\u00f3n del recurso despu\u00e9s de la vida \u00fatil efectiva pueden permitir que se agregue un dispositivo fuera del alcance v\u00e1lido de TouchLink o de la duraci\u00f3n del emparejamiento. Este problema afecta a Ember ZNet 7.1.x desde 7.1 .3 a 7.1.5; 7.2.x desde 7.2.0 hasta 7.2.3; La versi\u00f3n 7.3 y posteriores no se ven afectadas" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -35,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-672" + }, + { + "lang": "en", + "value": "CWE-772" + } + ] + }, { "source": "product-security@silabs.com", "type": "Secondary", @@ -50,10 +88,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.1.3", + "versionEndIncluding": "7.1.5", + "matchCriteriaId": "FA8DEDFD-4DFD-4D09-A139-2184F9BB747F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:silabs:emberznet:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndIncluding": "7.2.3", + "matchCriteriaId": "86784D6A-6C2A-4F5F-8D06-5E0749775A8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://community.silabs.com/0688Y00000aIPzL", - "source": "product-security@silabs.com" + "source": "product-security@silabs.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41650.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41650.json index b8ecc55d55f..e8c1b900ef2 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41650.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41650.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41650", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T15:15:13.967", - "lastModified": "2023-10-06T15:25:02.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:22:25.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <=\u00a02.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Venugopal Remove/hide Author, Date, Category Like Entry-Meta en versiones <= 2.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remove\\/hide_author\\,_date\\,_category_like_entry-meta_project:remove\\/hide_author\\,_date\\,_category_like_entry-meta:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1", + "matchCriteriaId": "650247F5-F3D5-4F5B-9F02-0D5CAB0CAE18" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/removehide-author-date-category-like-entry-meta/wordpress-remove-hide-author-date-category-like-entry-meta-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41654.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41654.json index c3858575b23..f8490a2a8f4 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41654.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41654.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41654", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T15:15:14.050", - "lastModified": "2023-10-06T15:25:02.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:22:19.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <=\u00a02.5.8 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento authLdap de Andreas Heigl en versiones <= 2.5.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:heigl:authldap:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5.8", + "matchCriteriaId": "569E7EBD-85C3-496D-A40B-8E610F19390A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/authldap/wordpress-authldap-plugin-2-5-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41763.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41763.json new file mode 100644 index 00000000000..4bb51ce2016 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41763.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41763", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.150", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Skype for Business Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41765.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41765.json new file mode 100644 index 00000000000..99af6bd733b --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41765.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41765", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.210", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41765", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41766.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41766.json new file mode 100644 index 00000000000..797bba2dea9 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41766.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41766", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.270", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41766", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41767.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41767.json new file mode 100644 index 00000000000..bd933d4c573 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41767.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41767", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.333", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41767", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41768.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41768.json new file mode 100644 index 00000000000..1bdfa5b5cec --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41768.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41768", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.393", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41768", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41769.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41769.json new file mode 100644 index 00000000000..8e41f096840 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41769.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41769", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.470", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41769", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41770.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41770.json new file mode 100644 index 00000000000..d6e844d7fb7 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41770.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41770", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.537", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41770", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41771.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41771.json new file mode 100644 index 00000000000..608da8c8f17 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41771.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41771", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.600", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41771", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41772.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41772.json new file mode 100644 index 00000000000..175c2fb9097 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41772.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41772", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.667", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Win32k Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41772", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41773.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41773.json new file mode 100644 index 00000000000..2af5e5c604c --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41773.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41773", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.733", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41773", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41774.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41774.json new file mode 100644 index 00000000000..670a230eefc --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41774.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-41774", + "sourceIdentifier": "secure@microsoft.com", + "published": "2023-10-10T18:15:18.800", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Layer 2 Tunneling Protocol Remote Code Execution Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41774", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json index 620b59ec8a3..2f3444e8806 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4128.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4128", "sourceIdentifier": "secalert@redhat.com", "published": "2023-08-10T17:15:12.033", - "lastModified": "2023-09-19T16:15:14.543", + "lastModified": "2023-10-10T19:15:09.883", "vulnStatus": "Modified", "descriptions": [ { @@ -153,6 +153,42 @@ "url": "https://access.redhat.com/errata/RHSA-2023:5238", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5548", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5575", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5580", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5588", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5589", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5603", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5604", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5627", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5628", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4128", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json new file mode 100644 index 00000000000..a7e70dba60b --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-42794", + "sourceIdentifier": "security@apache.org", + "published": "2023-10-10T18:15:18.863", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json new file mode 100644 index 00000000000..daea3096006 --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-42795", + "sourceIdentifier": "security@apache.org", + "published": "2023-10-10T18:15:18.933", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42808.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42808.json index 926ab3d67ac..d8c68096a51 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42808.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42808.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42808", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-04T20:15:10.187", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:31:06.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice\u2019s server origin. As of time of publication, it is unknown whether any patches or workarounds exist." + }, + { + "lang": "es", + "value": "Common Voice es la aplicaci\u00f3n web de Mozilla Common Voice, una plataforma para recopilar donaciones de voz con el fin de crear conjuntos de datos de dominio p\u00fablico para entrenar herramientas relacionadas con el reconocimiento de voz. La versi\u00f3n 1.88.2 es vulnerable a Cross-Site Scripting (XSS) dado que los datos controlados por el usuario fluyen a una expresi\u00f3n de ruta (ruta de una solicitud de red). Este problema puede llevar a un Cross-Site Scripting (XSS) en el contexto del origen del servidor de Common Voice. Al momento de la publicaci\u00f3n, se desconoce si existen parches o workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mozilla:common_voice:1.88.2:*:*:*:*:*:*:*", + "matchCriteriaId": "2A66FB18-1AD2-4C35-BB29-953F8B8A77EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/fetch-legal-document.ts#LL21-L62C2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mozilla/common-voice/blob/9d6ffd755e29b81918b86b9f5218b9c27d9c1c1a/server/src/server.ts#L214", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-026_Common_Voice/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4237.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4237.json index 5dfc103cc29..8efeccd2d02 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4237.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4237.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4237", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T15:15:12.643", - "lastModified": "2023-10-04T15:53:23.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:51:53.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en la plataforma de automatizaci\u00f3n Ansible. Al crear un nuevo par de claves, el m\u00f3dulo ec2_key imprime la clave privada directamente en la salida est\u00e1ndar. Esta falla permite que un atacante obtenga esas claves de los archivos de registro, comprometiendo la confidencialidad, integridad y disponibilidad del sistema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_collection:*:*:*:*:*:*:*:*", + "matchCriteriaId": "60009086-F9BE-4F69-B37C-1F57F8C2C4D9" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-4237", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229979", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43058.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43058.json index 7458c10f3cf..b028f6a6716 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43058.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43058.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43058", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-10-06T14:15:12.197", - "lastModified": "2023-10-06T15:25:02.197", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:24:52.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527." + }, + { + "lang": "es", + "value": "IBM Robotic Process Automation 23.0.9 es vulnerable a la escalada de privilegios que afecta la propiedad de los proyectos. ID de IBM X-Force: 247527." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,14 +58,68 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:robotic_process_automation:23.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "AC075F8A-E9D9-4D69-B478-6AB8D2D3C790" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:robotic_process_automation_for_cloud_pak:23.0.9:*:*:*:*:*:*:*", + "matchCriteriaId": "9AACEC45-6187-40E2-8F0C-CFB019253E74" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267527", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7047017", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43793.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43793.json index bdc89fe7875..ad57456b8dd 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43793.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43793.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43793", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-04T21:15:10.040", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:44:48.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds." + }, + { + "lang": "es", + "value": "Misskey es una plataforma de redes sociales descentralizada y de c\u00f3digo abierto. Antes de la versi\u00f3n 2023.9.0, al editar la URL, un usuario pod\u00eda omitir la autenticaci\u00f3n del panel Bull, que es la interfaz de usuario de administraci\u00f3n de la cola de trabajos, y acceder a \u00e9l. La versi\u00f3n 2023.9.0 contiene una soluci\u00f3n. No se conocen workarounds." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misskey:misskey:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.9.0", + "matchCriteriaId": "76183927-4600-43CA-A33B-D329E57A3A03" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/misskey-dev/misskey/commit/c9aeccb2ab260ceedc126e6e366da8cd13ece4b2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/misskey-dev/misskey/security/advisories/GHSA-9fj2-gjcf-cqqc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/nexryai/nexkey/security/advisories/GHSA-g8w5-568f-ffwf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43799.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43799.json index db36556b628..6c0a6721a5b 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43799.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43799.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43799", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-04T21:15:10.127", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:52:02.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue." + }, + { + "lang": "es", + "value": "Altair es un cliente GraphQL. Antes de la versi\u00f3n 5.2.5, la aplicaci\u00f3n de escritorio del cliente Altair GraphQL no sanitiza las URL externas antes de pasarlas al sistema subyacente. Adem\u00e1s, Altair GraphQL Client tampoco a\u00edsla el contexto del proceso de renderizado. Esto afecta a las versiones del software que se ejecutan en MacOS, Windows y Linux. La versi\u00f3n 5.2.5 soluciona este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,14 +80,60 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:altairgraphql:altair:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.2.5", + "matchCriteriaId": "6A1166C3-258F-4EFB-8722-953DCDE5AA1E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/altair-graphql/altair/releases/tag/v5.2.5", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4309.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4309.json new file mode 100644 index 00000000000..466e4e0422b --- /dev/null +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4309.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-4309", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-10T18:15:19.173", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://schemasecurity.co/private-elections.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://www.electionservicesco.com/pages/services_internet.php", + "source": "cve@mitre.org" + }, + { + "url": "https://www.youtube.com/watch?v=yeG1xZkHc64", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4380.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4380.json index 1943092df90..f26beb8006f 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4380.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4380.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4380", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-04T15:15:12.703", - "lastModified": "2023-10-04T15:53:23.283", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:51:05.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability." + }, + { + "lang": "es", + "value": "Existe un defecto l\u00f3gico en Ansible. Siempre que se crea un proyecto privado con credenciales incorrectas, se registra en texto plano. Esta falla permite que un atacante recupere las credenciales del registro, lo que resulta en la p\u00e9rdida de confidencialidad, integridad y disponibilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,18 +58,84 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.4:*:*:*:*:*:*:*", + "matchCriteriaId": "05986E3C-7E5B-45C1-81B0-9D856A8FF1CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_developer:1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "CEE40363-D286-4EB7-80D2-17CF3B606AD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_inside:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "897AB7AC-52B1-4335-97D5-D5EA2FF09CC6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:4693", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4380", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2232324", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json index acd9598a796..080e9444fb5 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44233.json @@ -2,16 +2,40 @@ "id": "CVE-2023-44233", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T16:15:15.907", - "lastModified": "2023-10-06T17:11:15.080", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:35:47.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin \u2013 FooGallery plugin <=\u00a02.2.44 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en FooPlugins Best WordPress Gallery Plugin \u2013 complemento FooGallery en versiones <= 2.2.44." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.44", + "matchCriteriaId": "271CC801-5399-41B0-91EC-E434A7A721C9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/foogallery/wordpress-foogallery-plugin-2-2-44-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json index c3160597da7..c998ed0c20e 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44243.json @@ -2,16 +2,40 @@ "id": "CVE-2023-44243", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T16:15:15.983", - "lastModified": "2023-10-06T17:11:15.080", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:35:39.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <=\u00a01.2.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dylan Blokhuis Instant CSS en versiones <= 1.2.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dylanblokhuis:instant_css:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.1", + "matchCriteriaId": "3468EBFB-5CDB-4F35-A021-194310DBD9C9" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/instant-css/wordpress-instant-css-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44389.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44389.json index 4355c44290b..033f979e56d 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44389.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44389.json @@ -2,16 +2,40 @@ "id": "CVE-2023-44389", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-04T21:15:10.360", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T18:57:47.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6" + }, + { + "lang": "es", + "value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. La propiedad title, disponible en la mayor\u00eda de los objetos Zope, se puede utilizar para almacenar c\u00f3digo de script que se ejecuta mientras se visualiza el objeto afectado en la Interfaz de Administraci\u00f3n de Zope (ZMI). Todas las versiones de Zope 4 y Zope 5 se ven afectadas. Los parches se lanzar\u00e1n con las versiones 4.8.11 y 5.8.6 de Zope" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "4.8.11", + "matchCriteriaId": "945F18A2-06BA-4B4B-A159-C98E0C2AD2E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.8.6", + "matchCriteriaId": "7FB6AD5C-64B6-4EDE-B24F-38D833200E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json index 149bfb56941..0449fe6ae07 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44487", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T14:15:10.883", - "lastModified": "2023-10-10T17:15:13.183", + "lastModified": "2023-10-10T19:15:09.597", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,14 @@ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "source": "cve@mitre.org" }, + { + "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", + "source": "cve@mitre.org" + }, + { + "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", + "source": "cve@mitre.org" + }, { "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", "source": "cve@mitre.org" @@ -32,10 +40,22 @@ "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", "source": "cve@mitre.org" }, + { + "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", + "source": "cve@mitre.org" + }, { "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", "source": "cve@mitre.org" }, + { + "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg", + "source": "cve@mitre.org" + }, { "url": "https://github.com/alibaba/tengine/issues/1872", "source": "cve@mitre.org" @@ -44,6 +64,10 @@ "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", "source": "cve@mitre.org" }, + { + "url": "https://github.com/apache/trafficserver/pull/10564", + "source": "cve@mitre.org" + }, { "url": "https://github.com/bcdannyboy/CVE-2023-44487", "source": "cve@mitre.org" @@ -52,6 +76,10 @@ "url": "https://github.com/caddyserver/caddy/issues/5877", "source": "cve@mitre.org" }, + { + "url": "https://github.com/dotnet/announcements/issues/277", + "source": "cve@mitre.org" + }, { "url": "https://github.com/eclipse/jetty.project/issues/10679", "source": "cve@mitre.org" @@ -60,10 +88,26 @@ "url": "https://github.com/envoyproxy/envoy/pull/30055", "source": "cve@mitre.org" }, + { + "url": "https://github.com/facebook/proxygen/pull/466", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/golang/go/issues/63417", + "source": "cve@mitre.org" + }, { "url": "https://github.com/grpc/grpc-go/pull/6703", "source": "cve@mitre.org" }, + { + "url": "https://github.com/h2o/h2o/pull/3291", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", + "source": "cve@mitre.org" + }, { "url": "https://github.com/haproxy/haproxy/issues/2312", "source": "cve@mitre.org" @@ -76,6 +120,14 @@ "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "source": "cve@mitre.org" }, + { + "url": "https://github.com/micrictor/http2-rst-stream", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/microsoft/CBL-Mariner/pull/6381", + "source": "cve@mitre.org" + }, { "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", "source": "cve@mitre.org" @@ -88,10 +140,26 @@ "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", "source": "cve@mitre.org" }, + { + "url": "https://github.com/nodejs/node/pull/50121", + "source": "cve@mitre.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", + "source": "cve@mitre.org" + }, { "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", "source": "cve@mitre.org" }, + { + "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", + "source": "cve@mitre.org" + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", + "source": "cve@mitre.org" + }, { "url": "https://my.f5.com/manage/s/article/K000137106", "source": "cve@mitre.org" @@ -108,6 +176,10 @@ "url": "https://news.ycombinator.com/item?id=37831062", "source": "cve@mitre.org" }, + { + "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", + "source": "cve@mitre.org" + }, { "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45129.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45129.json new file mode 100644 index 00000000000..4b3bb9d418a --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45129.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-45129", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-10T18:15:19.093", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/matrix-org/synapse/pull/16360", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4", + "source": "security-advisories@github.com" + }, + { + "url": "https://matrix-org.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json new file mode 100644 index 00000000000..22c8555ccdc --- /dev/null +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-45648", + "sourceIdentifier": "security@apache.org", + "published": "2023-10-10T19:15:09.690", + "lastModified": "2023-10-10T19:37:40.180", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat\u00a0from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5452.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5452.json index cdf1afd092e..4f35eae122e 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5452.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5452.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5452", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-06T20:15:11.380", - "lastModified": "2023-10-06T22:23:04.467", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T19:34:10.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2." + }, + { + "lang": "es", + "value": "Cross-Site Scripting (XSS) - Almacenado en el repositorio de GitHub snipe/snipe-it antes de v6.2.2." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.2.2", + "matchCriteriaId": "DB26EBCA-1F26-4FDE-A448-47EB776E72AE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5497.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5497.json new file mode 100644 index 00000000000..25407c8dec6 --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5497.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5497", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-10T18:15:19.247", + "lastModified": "2023-10-10T18:20:50.797", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RCEraser/cve/blob/main/sql_inject_4.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241650", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241650", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index da28ada6011..04a6884893e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-10T18:00:24.623693+00:00 +2023-10-10T20:00:25.815099+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-10T17:52:17.703000+00:00 +2023-10-10T19:40:06.293000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,68 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227406 +227516 ``` ### CVEs added in the last Commit -Recently added CVEs: `46` +Recently added CVEs: `110` -* [CVE-2023-37939](CVE-2023/CVE-2023-379xx/CVE-2023-37939.json) (`2023-10-10T17:15:12.333`) -* [CVE-2023-40718](CVE-2023/CVE-2023-407xx/CVE-2023-40718.json) (`2023-10-10T17:15:12.560`) -* [CVE-2023-41675](CVE-2023/CVE-2023-416xx/CVE-2023-41675.json) (`2023-10-10T17:15:12.620`) -* [CVE-2023-41679](CVE-2023/CVE-2023-416xx/CVE-2023-41679.json) (`2023-10-10T17:15:12.683`) -* [CVE-2023-41838](CVE-2023/CVE-2023-418xx/CVE-2023-41838.json) (`2023-10-10T17:15:12.743`) -* [CVE-2023-41841](CVE-2023/CVE-2023-418xx/CVE-2023-41841.json) (`2023-10-10T17:15:12.813`) -* [CVE-2023-42782](CVE-2023/CVE-2023-427xx/CVE-2023-42782.json) (`2023-10-10T17:15:12.873`) -* [CVE-2023-42787](CVE-2023/CVE-2023-427xx/CVE-2023-42787.json) (`2023-10-10T17:15:12.930`) -* [CVE-2023-42788](CVE-2023/CVE-2023-427xx/CVE-2023-42788.json) (`2023-10-10T17:15:12.987`) -* [CVE-2023-44249](CVE-2023/CVE-2023-442xx/CVE-2023-44249.json) (`2023-10-10T17:15:13.047`) -* [CVE-2023-44399](CVE-2023/CVE-2023-443xx/CVE-2023-44399.json) (`2023-10-10T17:15:13.107`) -* [CVE-2023-5495](CVE-2023/CVE-2023-54xx/CVE-2023-5495.json) (`2023-10-10T17:15:13.333`) -* [CVE-2023-5496](CVE-2023/CVE-2023-54xx/CVE-2023-5496.json) (`2023-10-10T17:15:13.413`) -* [CVE-2023-25604](CVE-2023/CVE-2023-256xx/CVE-2023-25604.json) (`2023-10-10T17:15:11.083`) -* [CVE-2023-25607](CVE-2023/CVE-2023-256xx/CVE-2023-25607.json) (`2023-10-10T17:15:11.147`) -* [CVE-2023-33301](CVE-2023/CVE-2023-333xx/CVE-2023-33301.json) (`2023-10-10T17:15:11.217`) -* [CVE-2023-34985](CVE-2023/CVE-2023-349xx/CVE-2023-34985.json) (`2023-10-10T17:15:11.283`) -* [CVE-2023-34986](CVE-2023/CVE-2023-349xx/CVE-2023-34986.json) (`2023-10-10T17:15:11.343`) -* [CVE-2023-34987](CVE-2023/CVE-2023-349xx/CVE-2023-34987.json) (`2023-10-10T17:15:11.403`) -* [CVE-2023-34988](CVE-2023/CVE-2023-349xx/CVE-2023-34988.json) (`2023-10-10T17:15:11.463`) -* [CVE-2023-34989](CVE-2023/CVE-2023-349xx/CVE-2023-34989.json) (`2023-10-10T17:15:11.520`) -* [CVE-2023-34992](CVE-2023/CVE-2023-349xx/CVE-2023-34992.json) (`2023-10-10T17:15:11.607`) -* [CVE-2023-34993](CVE-2023/CVE-2023-349xx/CVE-2023-34993.json) (`2023-10-10T17:15:11.670`) -* [CVE-2023-36478](CVE-2023/CVE-2023-364xx/CVE-2023-36478.json) (`2023-10-10T17:15:11.737`) -* [CVE-2023-36547](CVE-2023/CVE-2023-365xx/CVE-2023-36547.json) (`2023-10-10T17:15:11.827`) +* [CVE-2023-36435](CVE-2023/CVE-2023-364xx/CVE-2023-36435.json) (`2023-10-10T18:15:12.680`) +* [CVE-2023-36436](CVE-2023/CVE-2023-364xx/CVE-2023-36436.json) (`2023-10-10T18:15:12.737`) +* [CVE-2023-36438](CVE-2023/CVE-2023-364xx/CVE-2023-36438.json) (`2023-10-10T18:15:12.803`) +* [CVE-2023-36557](CVE-2023/CVE-2023-365xx/CVE-2023-36557.json) (`2023-10-10T18:15:12.867`) +* [CVE-2023-36561](CVE-2023/CVE-2023-365xx/CVE-2023-36561.json) (`2023-10-10T18:15:12.930`) +* [CVE-2023-36563](CVE-2023/CVE-2023-365xx/CVE-2023-36563.json) (`2023-10-10T18:15:13.003`) +* [CVE-2023-36564](CVE-2023/CVE-2023-365xx/CVE-2023-36564.json) (`2023-10-10T18:15:13.070`) +* [CVE-2023-36565](CVE-2023/CVE-2023-365xx/CVE-2023-36565.json) (`2023-10-10T18:15:13.137`) +* [CVE-2023-36566](CVE-2023/CVE-2023-365xx/CVE-2023-36566.json) (`2023-10-10T18:15:13.200`) +* [CVE-2023-36567](CVE-2023/CVE-2023-365xx/CVE-2023-36567.json) (`2023-10-10T18:15:13.260`) +* [CVE-2023-36568](CVE-2023/CVE-2023-365xx/CVE-2023-36568.json) (`2023-10-10T18:15:13.323`) +* [CVE-2023-36569](CVE-2023/CVE-2023-365xx/CVE-2023-36569.json) (`2023-10-10T18:15:13.387`) +* [CVE-2023-36570](CVE-2023/CVE-2023-365xx/CVE-2023-36570.json) (`2023-10-10T18:15:13.450`) +* [CVE-2023-36571](CVE-2023/CVE-2023-365xx/CVE-2023-36571.json) (`2023-10-10T18:15:13.510`) +* [CVE-2023-36572](CVE-2023/CVE-2023-365xx/CVE-2023-36572.json) (`2023-10-10T18:15:13.573`) +* [CVE-2023-29348](CVE-2023/CVE-2023-293xx/CVE-2023-29348.json) (`2023-10-10T18:15:11.830`) +* [CVE-2023-35349](CVE-2023/CVE-2023-353xx/CVE-2023-35349.json) (`2023-10-10T18:15:11.923`) +* [CVE-2023-36414](CVE-2023/CVE-2023-364xx/CVE-2023-36414.json) (`2023-10-10T18:15:12.000`) +* [CVE-2023-36415](CVE-2023/CVE-2023-364xx/CVE-2023-36415.json) (`2023-10-10T18:15:12.070`) +* [CVE-2023-36416](CVE-2023/CVE-2023-364xx/CVE-2023-36416.json) (`2023-10-10T18:15:12.127`) +* [CVE-2023-36417](CVE-2023/CVE-2023-364xx/CVE-2023-36417.json) (`2023-10-10T18:15:12.190`) +* [CVE-2023-36418](CVE-2023/CVE-2023-364xx/CVE-2023-36418.json) (`2023-10-10T18:15:12.247`) +* [CVE-2023-36419](CVE-2023/CVE-2023-364xx/CVE-2023-36419.json) (`2023-10-10T18:15:12.300`) +* [CVE-2023-31096](CVE-2023/CVE-2023-310xx/CVE-2023-31096.json) (`2023-10-10T19:15:09.530`) +* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-10T19:15:09.690`) ### CVEs modified in the last Commit -Recently modified CVEs: `13` +Recently modified CVEs: `24` -* [CVE-2020-27632](CVE-2020/CVE-2020-276xx/CVE-2020-27632.json) (`2023-10-10T17:15:10.510`) -* [CVE-2022-35919](CVE-2022/CVE-2022-359xx/CVE-2022-35919.json) (`2023-10-10T17:15:10.940`) -* [CVE-2022-35908](CVE-2022/CVE-2022-359xx/CVE-2022-35908.json) (`2023-10-10T17:15:16.047`) -* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-10-10T16:18:27.987`) -* [CVE-2023-4103](CVE-2023/CVE-2023-41xx/CVE-2023-4103.json) (`2023-10-10T16:23:29.373`) -* [CVE-2023-3111](CVE-2023/CVE-2023-31xx/CVE-2023-3111.json) (`2023-10-10T16:45:26.057`) -* [CVE-2023-38836](CVE-2023/CVE-2023-388xx/CVE-2023-38836.json) (`2023-10-10T17:15:12.397`) -* [CVE-2023-39362](CVE-2023/CVE-2023-393xx/CVE-2023-39362.json) (`2023-10-10T17:15:12.470`) -* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T17:15:13.183`) -* [CVE-2023-4278](CVE-2023/CVE-2023-42xx/CVE-2023-4278.json) (`2023-10-10T17:15:13.243`) -* [CVE-2023-44270](CVE-2023/CVE-2023-442xx/CVE-2023-44270.json) (`2023-10-10T17:19:55.690`) -* [CVE-2023-42809](CVE-2023/CVE-2023-428xx/CVE-2023-42809.json) (`2023-10-10T17:21:16.110`) -* [CVE-2023-44061](CVE-2023/CVE-2023-440xx/CVE-2023-44061.json) (`2023-10-10T17:22:10.313`) +* [CVE-2022-33160](CVE-2022/CVE-2022-331xx/CVE-2022-33160.json) (`2023-10-10T19:33:22.613`) +* [CVE-2023-42808](CVE-2023/CVE-2023-428xx/CVE-2023-42808.json) (`2023-10-10T18:31:06.820`) +* [CVE-2023-43793](CVE-2023/CVE-2023-437xx/CVE-2023-43793.json) (`2023-10-10T18:44:48.727`) +* [CVE-2023-4380](CVE-2023/CVE-2023-43xx/CVE-2023-4380.json) (`2023-10-10T18:51:05.010`) +* [CVE-2023-4237](CVE-2023/CVE-2023-42xx/CVE-2023-4237.json) (`2023-10-10T18:51:53.670`) +* [CVE-2023-43799](CVE-2023/CVE-2023-437xx/CVE-2023-43799.json) (`2023-10-10T18:52:02.820`) +* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-10T18:57:47.523`) +* [CVE-2023-3971](CVE-2023/CVE-2023-39xx/CVE-2023-3971.json) (`2023-10-10T19:11:16.463`) +* [CVE-2023-3665](CVE-2023/CVE-2023-36xx/CVE-2023-3665.json) (`2023-10-10T19:11:44.630`) +* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T19:15:09.597`) +* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-10-10T19:15:09.767`) +* [CVE-2023-4128](CVE-2023/CVE-2023-41xx/CVE-2023-4128.json) (`2023-10-10T19:15:09.883`) +* [CVE-2023-22515](CVE-2023/CVE-2023-225xx/CVE-2023-22515.json) (`2023-10-10T19:22:02.770`) +* [CVE-2023-41654](CVE-2023/CVE-2023-416xx/CVE-2023-41654.json) (`2023-10-10T19:22:19.100`) +* [CVE-2023-41650](CVE-2023/CVE-2023-416xx/CVE-2023-41650.json) (`2023-10-10T19:22:25.553`) +* [CVE-2023-43058](CVE-2023/CVE-2023-430xx/CVE-2023-43058.json) (`2023-10-10T19:24:52.810`) +* [CVE-2023-2306](CVE-2023/CVE-2023-23xx/CVE-2023-2306.json) (`2023-10-10T19:28:52.517`) +* [CVE-2023-5452](CVE-2023/CVE-2023-54xx/CVE-2023-5452.json) (`2023-10-10T19:34:10.860`) +* [CVE-2023-23366](CVE-2023/CVE-2023-233xx/CVE-2023-23366.json) (`2023-10-10T19:35:17.273`) +* [CVE-2023-23365](CVE-2023/CVE-2023-233xx/CVE-2023-23365.json) (`2023-10-10T19:35:30.007`) +* [CVE-2023-44243](CVE-2023/CVE-2023-442xx/CVE-2023-44243.json) (`2023-10-10T19:35:39.473`) +* [CVE-2023-44233](CVE-2023/CVE-2023-442xx/CVE-2023-44233.json) (`2023-10-10T19:35:47.653`) +* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-10T19:37:06.347`) +* [CVE-2023-41094](CVE-2023/CVE-2023-410xx/CVE-2023-41094.json) (`2023-10-10T19:40:06.293`) ## Download and Usage