diff --git a/CVE-2009/CVE-2009-21xx/CVE-2009-2109.json b/CVE-2009/CVE-2009-21xx/CVE-2009-2109.json index a9229fc13c3..cb9b9a38226 100644 --- a/CVE-2009/CVE-2009-21xx/CVE-2009-2109.json +++ b/CVE-2009/CVE-2009-21xx/CVE-2009-2109.json @@ -2,8 +2,8 @@ "id": "CVE-2009-2109", "sourceIdentifier": "cve@mitre.org", "published": "2009-06-18T21:30:00.187", - "lastModified": "2017-09-29T01:34:43.247", - "vulnStatus": "Modified", + "lastModified": "2023-08-31T16:17:38.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -62,8 +62,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:daan_sprenkels:fretsweb:1.2:*:*:*:*:*:*:*", - "matchCriteriaId": "DA367B11-9F74-4E1D-9476-8DFB1F229ACA" + "criteria": "cpe:2.3:a:fretsweb_project:fretsweb:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "FB5BDF39-E38E-4A3E-A96A-E052DD67E8C3" } ] } @@ -71,9 +71,34 @@ } ], "references": [ + { + "url": "http://osvdb.org/55166", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://osvdb.org/55196", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/35492", + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] + }, { "url": "https://www.exploit-db.com/exploits/8979", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2009/CVE-2009-21xx/CVE-2009-2113.json b/CVE-2009/CVE-2009-21xx/CVE-2009-2113.json index 9963da90aa7..73198da20ae 100644 --- a/CVE-2009/CVE-2009-21xx/CVE-2009-2113.json +++ b/CVE-2009/CVE-2009-21xx/CVE-2009-2113.json @@ -2,8 +2,8 @@ "id": "CVE-2009-2113", "sourceIdentifier": "cve@mitre.org", "published": "2009-06-18T21:30:00.267", - "lastModified": "2017-09-29T01:34:43.467", - "vulnStatus": "Modified", + "lastModified": "2023-08-31T16:18:17.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -62,8 +62,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:daan_sprenkels:fretsweb:1.2:*:*:*:*:*:*:*", - "matchCriteriaId": "DA367B11-9F74-4E1D-9476-8DFB1F229ACA" + "criteria": "cpe:2.3:a:fretsweb_project:fretsweb:1.2:*:*:*:*:*:*:*", + "matchCriteriaId": "FB5BDF39-E38E-4A3E-A96A-E052DD67E8C3" } ] } @@ -71,6 +71,27 @@ } ], "references": [ + { + "url": "http://osvdb.org/55167", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://osvdb.org/55168", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/35492", + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] + }, { "url": "http://sourceforge.net/forum/forum.php?forum_id=966939", "source": "cve@mitre.org", @@ -80,7 +101,11 @@ }, { "url": "https://www.exploit-db.com/exploits/8980", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json b/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json index 6dc9c2a1606..e3f739b2a42 100644 --- a/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json +++ b/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json @@ -2,27 +2,104 @@ "id": "CVE-2020-11711", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T16:15:07.857", - "lastModified": "2023-08-25T17:51:53.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:50:18.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndExcluding": "3.7.13", + "matchCriteriaId": "77B7EAEB-CE18-42D3-8D66-F96CC6CDBFEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.11.0", + "matchCriteriaId": "9BC1815B-DD6E-4CFB-9C3A-FAE05FD4E07A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndExcluding": "4.1.1", + "matchCriteriaId": "90E181AB-A89E-4A11-A2AA-5E53C0074B79" + } + ] + } + ] + } + ], "references": [ { "url": "https://advisories.stormshield.eu/2020-011/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://twitter.com/_ACKNAK_", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.digitemis.com/category/blog/actualite/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-248xx/CVE-2021-24831.json b/CVE-2021/CVE-2021-248xx/CVE-2021-24831.json index c943130584d..97bb885faf6 100644 --- a/CVE-2021/CVE-2021-248xx/CVE-2021-24831.json +++ b/CVE-2021/CVE-2021-248xx/CVE-2021-24831.json @@ -2,7 +2,7 @@ "id": "CVE-2021-24831", "sourceIdentifier": "contact@wpscan.com", "published": "2022-01-03T13:15:08.263", - "lastModified": "2022-02-10T15:11:31.953", + "lastModified": "2023-08-31T16:12:36.847", "vulnStatus": "Analyzed", "descriptions": [ { @@ -65,17 +65,17 @@ }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-862" + "value": "CWE-425" } ] }, { - "source": "nvd@nist.gov", + "source": "contact@wpscan.com", "type": "Secondary", "description": [ { diff --git a/CVE-2021/CVE-2021-420xx/CVE-2021-42013.json b/CVE-2021/CVE-2021-420xx/CVE-2021-42013.json index 70cbf4609c2..5dd7e405153 100644 --- a/CVE-2021/CVE-2021-420xx/CVE-2021-42013.json +++ b/CVE-2021/CVE-2021-420xx/CVE-2021-42013.json @@ -2,12 +2,12 @@ "id": "CVE-2021-42013", "sourceIdentifier": "security@apache.org", "published": "2021-10-07T16:15:09.270", - "lastModified": "2022-10-05T18:14:33.387", + "lastModified": "2023-08-31T16:13:27.437", "vulnStatus": "Analyzed", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", "cisaRequiredAction": "Apply updates per vendor instructions.", - "cisaVulnerabilityName": "Apache HTTP Server 2.4.49 and 2.4.50 Path Traversal", + "cisaVulnerabilityName": "Apache HTTP Server Path Traversal Vulnerability", "descriptions": [ { "lang": "en", @@ -75,6 +75,10 @@ { "lang": "en", "value": "CWE-22" + }, + { + "lang": "en", + "value": "NVD-CWE-Other" } ] }, @@ -240,7 +244,8 @@ "source": "security@apache.org", "tags": [ "Exploit", - "Third Party Advisory" + "Third Party Advisory", + "VDB Entry" ] }, { diff --git a/CVE-2021/CVE-2021-438xx/CVE-2021-43802.json b/CVE-2021/CVE-2021-438xx/CVE-2021-43802.json index 788f15f614e..b636353abdd 100644 --- a/CVE-2021/CVE-2021-438xx/CVE-2021-43802.json +++ b/CVE-2021/CVE-2021-438xx/CVE-2021-43802.json @@ -2,7 +2,7 @@ "id": "CVE-2021-43802", "sourceIdentifier": "security-advisories@github.com", "published": "2021-12-09T23:15:07.517", - "lastModified": "2021-12-15T15:03:16.897", + "lastModified": "2023-08-31T16:19:33.527", "vulnStatus": "Analyzed", "descriptions": [ { @@ -91,6 +91,10 @@ { "lang": "en", "value": "CWE-20" + }, + { + "lang": "en", + "value": "NVD-CWE-Other" } ] }, diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45451.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45451.json index d2380222a2c..21bc5f0c18e 100644 --- a/CVE-2022/CVE-2022-454xx/CVE-2022-45451.json +++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45451.json @@ -2,8 +2,8 @@ "id": "CVE-2022-45451", "sourceIdentifier": "security@acronis.com", "published": "2023-08-31T15:15:08.213", - "lastModified": "2023-08-31T15:15:08.213", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-467xx/CVE-2022-46751.json b/CVE-2022/CVE-2022-467xx/CVE-2022-46751.json index 28864f1be02..d0d7b788a46 100644 --- a/CVE-2022/CVE-2022-467xx/CVE-2022-46751.json +++ b/CVE-2022/CVE-2022-467xx/CVE-2022-46751.json @@ -2,15 +2,38 @@ "id": "CVE-2022-46751", "sourceIdentifier": "security@apache.org", "published": "2023-08-21T07:15:33.740", - "lastModified": "2023-08-21T12:47:08.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:20:28.877", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle's \"Java API for XML Processing (JAXP) Security Guide\".\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,22 +50,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:ivy:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.5.2", + "matchCriteriaId": "9859B6AC-BC83-4555-AA73-4568233DDA2D" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.oracle.com/en/java/javase/13/security/java-api-xml-processing-jaxp-security-guide.html#GUID-94ABC0EE-9DC8-44F0-84AD-47ADD5340477", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gitbox.apache.org/repos/asf?p=ant-ivy.git;a=commit;h=2be17bc18b0e1d4123007d579e43ba1a4b6fab3d", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://lists.apache.org/thread/9gcz4xrsn8c7o9gb377xfzvkb8jltffr", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json index 02c1a8295f6..30bf8135f94 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46868", "sourceIdentifier": "security@acronis.com", "published": "2023-08-31T15:15:08.343", - "lastModified": "2023-08-31T15:15:08.343", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-226xx/CVE-2023-22602.json b/CVE-2023/CVE-2023-226xx/CVE-2023-22602.json index 21003796486..15ff4325d57 100644 --- a/CVE-2023/CVE-2023-226xx/CVE-2023-22602.json +++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22602.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22602", "sourceIdentifier": "security@apache.org", "published": "2023-01-14T10:15:09.140", - "lastModified": "2023-01-27T15:57:34.357", + "lastModified": "2023-08-31T16:16:24.610", "vulnStatus": "Analyzed", "descriptions": [ { @@ -51,7 +51,7 @@ "operator": "AND", "nodes": [ { - "operator": "AND", + "operator": "OR", "negate": false, "cpeMatch": [ { @@ -63,7 +63,7 @@ ] }, { - "operator": "AND", + "operator": "OR", "negate": false, "cpeMatch": [ { diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json index 391946e3e99..9c089defbb2 100644 --- a/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25649.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25649", "sourceIdentifier": "psirt@zte.com.cn", "published": "2023-08-25T10:15:08.247", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:22:56.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "psirt@zte.com.cn", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "psirt@zte.com.cn", "type": "Secondary", @@ -46,10 +76,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zte:mf286r_firmware:cr_lvwrgbmf286rv1.0.0b04:*:*:*:*:*:*:*", + "matchCriteriaId": "501A46C7-1325-44B1-81FC-8769181A5075" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zte:mf286r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6AF5C7D2-70E8-4E1C-B712-7F9A026EAEC8" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032544", - "source": "psirt@zte.com.cn" + "source": "psirt@zte.com.cn", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json b/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json index 4f8a608bbca..32973e94574 100644 --- a/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json +++ b/CVE-2023/CVE-2023-259xx/CVE-2023-25981.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25981", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T10:15:09.350", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:28:52.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.1", + "matchCriteriaId": "3414EA1C-E426-46A4-AEB1-04A3982679F1" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28801.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28801.json index 621e989d653..e04d54bb544 100644 --- a/CVE-2023/CVE-2023-288xx/CVE-2023-28801.json +++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28801.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28801", "sourceIdentifier": "cve@zscaler.com", "published": "2023-08-31T14:15:08.420", - "lastModified": "2023-08-31T14:15:08.420", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json new file mode 100644 index 00000000000..c3ab9a05f46 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31167", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:08.507", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal.\n\n\n\nSEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details.\n\n\nThis issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://dragos.com", + "source": "security@selinc.com" + }, + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31168.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31168.json new file mode 100644 index 00000000000..3cbb0f2a94c --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31168.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31168", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:08.937", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-829" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31169.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31169.json new file mode 100644 index 00000000000..ca475530369 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31169.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31169", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.230", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-176" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31170.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31170.json new file mode 100644 index 00000000000..24cdb7ab276 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31170.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31170", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.313", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-829" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31171.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31171.json new file mode 100644 index 00000000000..287edf50653 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31171.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31171", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.403", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31172.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31172.json new file mode 100644 index 00000000000..ba47f4a8fa4 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31172.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31172", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.487", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-791" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31173.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31173.json new file mode 100644 index 00000000000..bd266d3d1aa --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31173.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31173", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.567", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass.\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31174.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31174.json new file mode 100644 index 00000000000..98fa9f129ad --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31174.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31174", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.827", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nA Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31175.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31175.json new file mode 100644 index 00000000000..f301d7163a8 --- /dev/null +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31175.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-31175", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:09.923", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nAn Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run system commands with the highest level privilege on the system.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32078.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32078.json index bc1c94bf332..8212df750a9 100644 --- a/CVE-2023/CVE-2023-320xx/CVE-2023-32078.json +++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32078.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32078", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-24T22:15:10.267", - "lastModified": "2023-08-25T03:55:07.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:59:30.080", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.17.1", + "matchCriteriaId": "D271FC17-56AA-4851-846B-D7D174EBFB45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.18.0", + "versionEndIncluding": "0.18.5", + "matchCriteriaId": "249015D8-1590-4B85-A3F7-6F5F360CF0AD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gravitl/netmaker/commit/b3be57c65bf0bbfab43b66853c8e3637a43e2839", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gravitl/netmaker/pull/2158", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-256m-j5qw-38f4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json index 22af4878136..82f47b58911 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32584.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32584", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.670", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:06:41.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ebecas:ebecas:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.3", + "matchCriteriaId": "1B3A3705-5DD8-44E0-9C6E-C3EA42773151" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ebecas/wordpress-ebecas-plugin-3-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json index 28d4de51d20..4016923007a 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32591.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32591", "sourceIdentifier": "audit@patchstack.com", "published": "2023-08-25T09:15:08.757", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:08:43.313", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cloudprimero:dbargain:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.0.0", + "matchCriteriaId": "1C01CFEA-7135-4007-AB04-CDAB52AB7E32" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/d-bargain/wordpress-dbargain-plugin-3-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json index 90aad05fef3..7a7331aa6fc 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33833.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33833", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T13:15:42.310", - "lastModified": "2023-08-31T13:15:42.310", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json index b4ee4b02c70..fe2dc57e87d 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33834.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33834", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T14:15:08.563", - "lastModified": "2023-08-31T14:15:08.563", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json index 4475ca91d99..7cc03a55cca 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33835.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33835", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-31T14:15:08.657", - "lastModified": "2023-08-31T14:15:08.657", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34391.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34391.json new file mode 100644 index 00000000000..0f7f2695fda --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34391.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-34391", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:10.017", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths.\n\nSee Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details.\n \nThis issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-277" + } + ] + } + ], + "references": [ + { + "url": "https://dragos.com", + "source": "security@selinc.com" + }, + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34392.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34392.json new file mode 100644 index 00000000000..2614f35479e --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34392.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-34392", + "sourceIdentifier": "security@selinc.com", + "published": "2023-08-31T16:15:10.123", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "\nA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to run arbitrary commands on managed devices by an authorized device operator.\n\n\n\n\n\nSee Instruction Manual Appendix A and Appendix E dated 20230615 for more details.\n\n\nThis issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@selinc.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://selinc.com/support/security-notifications/external-reports/", + "source": "security@selinc.com" + }, + { + "url": "https://www.nozominetworks.com/blog/", + "source": "security@selinc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json index 303699216e1..51f615f23cf 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3406.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3406", "sourceIdentifier": "security@m-files.com", "published": "2023-08-25T09:15:08.850", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:26:04.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security@m-files.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@m-files.com", "type": "Secondary", @@ -46,10 +76,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "23.2", + "matchCriteriaId": "89B60851-49D1-40DA-A600-658BCC986BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*", + "versionEndExcluding": "23.6.12695.3", + "matchCriteriaId": "CE7A65F9-84AD-47E9-8C64-3585D5855FEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*", + "matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3406", - "source": "security@m-files.com" + "source": "security@m-files.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json index fba4835e51c..1bcb4e1c2d6 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3425.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3425", "sourceIdentifier": "security@m-files.com", "published": "2023-08-25T09:15:08.937", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:24:47.390", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@m-files.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "security@m-files.com", "type": "Secondary", @@ -46,10 +76,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "23.2", + "matchCriteriaId": "89B60851-49D1-40DA-A600-658BCC986BF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*", + "versionEndExcluding": "23.6.12695.3", + "matchCriteriaId": "CE7A65F9-84AD-47E9-8C64-3585D5855FEA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*", + "matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-3425", - "source": "security@m-files.com" + "source": "security@m-files.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39287.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39287.json index ea186c95879..d69ea44fd1a 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39287.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39287.json @@ -2,23 +2,82 @@ "id": "CVE-2023-39287", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T22:15:10.153", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:34:40.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:mivoice_connect:*:*:*:*:*:*:*:*", + "versionEndIncluding": "22.24.5800.0", + "matchCriteriaId": "2BDF8E2B-24A8-4ED5-B3B0-DEFED448CBCC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.mitel.com/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0010", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40164.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40164.json index 3be97b71491..10f278be079 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40164.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40164.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40164", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T21:15:08.687", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-31T17:33:09.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,10 +66,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.5.6", + "matchCriteriaId": "51C2BF99-30E2-4BFC-B6BE-DBB33C6C6FEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40166.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40166.json index 4d4d3de54b4..88ca6ba3470 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40166.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40166.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40166", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T21:15:08.777", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-31T16:33:53.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:notepad-plus-plus:notepad\\+\\+:*:*:*:*:*:*:*:*", + "versionEndIncluding": "8.5.6", + "matchCriteriaId": "51C2BF99-30E2-4BFC-B6BE-DBB33C6C6FEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json index ebc87029254..9c83a1fdc97 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40530.json @@ -2,27 +2,95 @@ "id": "CVE-2023-40530", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-25T04:15:10.487", - "lastModified": "2023-08-25T12:47:05.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:29:12.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:android:*:*", + "versionEndIncluding": "6.2.13", + "matchCriteriaId": "65D64431-C69E-4E42-B08C-BB42C8390EE8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:skylark:skylark:*:*:*:*:*:iphone_os:*:*", + "versionEndIncluding": "6.2.13", + "matchCriteriaId": "647ECF75-22BB-47AC-9428-12E2035BC448" + } + ] + } + ] + } + ], "references": [ { "url": "https://apps.apple.com/jp/app/%E3%81%99%E3%81%8B%E3%81%84%E3%82%89%E3%83%BC%E3%81%8F%E3%82%A2%E3%83%97%E3%83%AA/id906930478", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://jvn.jp/en/jp/JVN03447226/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://play.google.com/store/apps/details?id=jp.co.skylark.app.gusto", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40579.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40579.json index b75da0d0485..fdc1f91c7c2 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40579.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40579.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40579", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T20:15:08.800", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:39:36.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openfga:openfga:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.1", + "matchCriteriaId": "F9CDEDFB-61F8-47CD-A145-A6137F4D4367" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/openfga/openfga/releases/tag/v1.3.1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/openfga/openfga/security/advisories/GHSA-jcf2-mxr2-gmqp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40580.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40580.json index a8f79b8e942..94e3a84fdf9 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40580.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40580", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-25T20:15:08.913", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:38:54.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,18 +76,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stellar:freighter:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.3.1", + "matchCriteriaId": "3846CA30-6154-4221-BDA9-6E4B9CF3837E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/stellar/freighter/commit/81f78ba008c41ce631a3d0f9e4449f4bbd90baee", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/stellar/freighter/pull/948", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/stellar/freighter/security/advisories/GHSA-vqr6-hwg2-775w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40599.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40599.json index 2cb9d48dea0..cf4d0e8b83d 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40599.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40599.json @@ -2,23 +2,82 @@ "id": "CVE-2023-40599", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-25T03:15:08.997", - "lastModified": "2023-08-25T03:55:07.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:09:14.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1333" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:synck_graphica:mailform_pro_cgi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.3.1.3", + "matchCriteriaId": "15C14A02-5B9C-428D-95E0-3CF24E6F37F7" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN86484824/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.synck.com/blogs/news/newsroom/detail_1691668841.html", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40735.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40735.json index d54353bda7b..852b9a252c6 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40735.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40735.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40735", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-21T12:15:09.410", - "lastModified": "2023-08-22T19:16:39.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:11:01.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -46,30 +76,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:butterfly-button:butterfly_button:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-08-21", + "matchCriteriaId": "4B0845C2-B07A-4C73-A0EB-76E77A417689" + } + ] + } + ] + } + ], "references": [ { "url": "https://butterfly-button.web.app/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/TheButterflyButton", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/TheButterflySDK", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.butterfly-button.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.vulsec.org/advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json index cf6096659a3..cc901ece4d1 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40796", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T16:15:08.323", - "lastModified": "2023-08-25T17:51:53.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:55:05.220", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Phicomm k2 v22.6.529.216 is vulnerable to command injection." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:phicomm:k2_firmware:22.6.529.216:*:*:*:*:*:*:*", + "matchCriteriaId": "B9A896E1-465F-4B16-9380-80A7541AA8FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:phicomm:k2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26A205A0-3616-4CD9-A7B8-FEA63742ABE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lst-oss/Vulnerability/tree/main/Phicomm/k2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json index a5ea3e3888a..cc3fb26f17f 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41080.json @@ -2,15 +2,38 @@ "id": "CVE-2023-41080", "sourceIdentifier": "security@apache.org", "published": "2023-08-25T21:15:09.397", - "lastModified": "2023-08-26T04:05:04.350", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:05:13.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,10 +46,98 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndIncluding": "8.5.92", + "matchCriteriaId": "4E14DEB4-D0F9-4316-83B0-B13205D581F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndIncluding": "9.0.79", + "matchCriteriaId": "E256A714-F263-4BC6-A272-447A70654A39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.0", + "versionEndIncluding": "10.1.12", + "matchCriteriaId": "64015C04-EE24-4549-B4C9-E7DA3786EBE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41167.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41167.json index 2d71773cdf6..90c5f3af60e 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41167.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41167.json @@ -2,23 +2,82 @@ "id": "CVE-2023-41167", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T14:15:10.150", - "lastModified": "2023-08-25T14:45:01.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:42:22.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webiny:webiny:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "5.37.2", + "matchCriteriaId": "DE1F8F81-5632-48C7-A936-6DFD054D1D37" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://webiny.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json index 88e6dbf34be..549b4ef7376 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json @@ -2,19 +2,75 @@ "id": "CVE-2023-41173", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T07:15:09.140", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T16:26:22.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adguard-dns:adguard_dns:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2", + "matchCriteriaId": "196C4BBD-0BC5-48F8-A674-08444CC3A1AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://adguard-dns.io/en/versions.html#2.2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json index da2bafe9053..0228bbcf3a6 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41635.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41635", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.763", - "lastModified": "2023-08-31T14:15:08.763", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json index ea20771ae5a..51dcecba913 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41636.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41636", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.823", - "lastModified": "2023-08-31T14:15:08.823", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json index b4b42ef4f31..bc12fe23757 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41637.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41637", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.877", - "lastModified": "2023-08-31T14:15:08.877", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json index 00ade81ea60..9e14bc63050 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41638.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41638", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.927", - "lastModified": "2023-08-31T14:15:08.927", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json index 3ab6910467b..2b93ca74c72 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41640.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41640", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:08.977", - "lastModified": "2023-08-31T14:15:08.977", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41642.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41642.json index a31e504f28d..fa4f1e0e389 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41642.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41642.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41642", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T14:15:09.033", - "lastModified": "2023-08-31T14:15:09.033", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:26:00.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json new file mode 100644 index 00000000000..ac0a8906bb1 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41717", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-31T16:15:10.217", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/federella/CVE-2023-41717", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41742.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41742.json index 46b46bbf5fd..088c1a0ef18 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41742.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41742.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41742", "sourceIdentifier": "security@acronis.com", "published": "2023-08-31T15:15:08.520", - "lastModified": "2023-08-31T15:15:08.520", - "vulnStatus": "Received", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41743.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41743.json new file mode 100644 index 00000000000..3b14e6a6f53 --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41743.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41743", + "sourceIdentifier": "security@acronis.com", + "published": "2023-08-31T16:15:10.270", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/SEC-4858", + "source": "security@acronis.com" + }, + { + "url": "https://security-advisory.acronis.com/advisories/SEC-5487", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41744.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41744.json new file mode 100644 index 00000000000..b57f4a056cc --- /dev/null +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41744.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41744", + "sourceIdentifier": "security@acronis.com", + "published": "2023-08-31T16:15:10.343", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@acronis.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [ + { + "url": "https://security-advisory.acronis.com/advisories/SEC-4728", + "source": "security@acronis.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json index 6cd6b0cef19..d73b583feaf 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4478.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4478", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2023-08-25T10:15:09.687", - "lastModified": "2023-08-25T12:47:00.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:44:40.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -46,10 +76,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.8.9", + "matchCriteriaId": "7F550344-4A29-4354-9AB9-9E9168B81908" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.9.0", + "versionEndExcluding": "7.10.5", + "matchCriteriaId": "78A07BB1-20D2-41B4-9823-B3EF8CDFC997" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:8.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E47E76CA-0C92-4039-8448-D6618DF531CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json index ffcc4e11faf..3be778dc0e7 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4534", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-25T15:15:09.887", - "lastModified": "2023-08-25T17:51:53.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-31T17:22:17.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:neomind:fusion_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-07-31", + "matchCriteriaId": "F9FF69C4-0884-4397-A6B3-E2BDDC1F209A" + } + ] + } + ] + } + ], "references": [ { "url": "https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.238026", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.238026", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4678.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4678.json new file mode 100644 index 00000000000..c067719bd33 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4678.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4678", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T16:15:10.417", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4681.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4681.json new file mode 100644 index 00000000000..299962bf9cf --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4681.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4681", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T16:15:10.520", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4682.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4682.json new file mode 100644 index 00000000000..b7bf627cc00 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4682.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4682", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T16:15:10.670", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4683.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4683.json new file mode 100644 index 00000000000..b273e1859c8 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4683.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4683", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-08-31T16:15:10.767", + "lastModified": "2023-08-31T17:25:54.340", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 24f97552fb0..b5d2de104c2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-31T16:00:25.141265+00:00 +2023-08-31T18:00:25.961652+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-31T15:15:08.637000+00:00 +2023-08-31T17:59:30.080000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,62 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223815 +223833 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `18` -* [CVE-2022-45451](CVE-2022/CVE-2022-454xx/CVE-2022-45451.json) (`2023-08-31T15:15:08.213`) -* [CVE-2022-46868](CVE-2022/CVE-2022-468xx/CVE-2022-46868.json) (`2023-08-31T15:15:08.343`) -* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-08-31T14:15:08.420`) -* [CVE-2023-33834](CVE-2023/CVE-2023-338xx/CVE-2023-33834.json) (`2023-08-31T14:15:08.563`) -* [CVE-2023-33835](CVE-2023/CVE-2023-338xx/CVE-2023-33835.json) (`2023-08-31T14:15:08.657`) -* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-08-31T14:15:08.763`) -* [CVE-2023-41636](CVE-2023/CVE-2023-416xx/CVE-2023-41636.json) (`2023-08-31T14:15:08.823`) -* [CVE-2023-41637](CVE-2023/CVE-2023-416xx/CVE-2023-41637.json) (`2023-08-31T14:15:08.877`) -* [CVE-2023-41638](CVE-2023/CVE-2023-416xx/CVE-2023-41638.json) (`2023-08-31T14:15:08.927`) -* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-08-31T14:15:08.977`) -* [CVE-2023-41642](CVE-2023/CVE-2023-416xx/CVE-2023-41642.json) (`2023-08-31T14:15:09.033`) -* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-08-31T15:15:08.520`) +* [CVE-2023-31167](CVE-2023/CVE-2023-311xx/CVE-2023-31167.json) (`2023-08-31T16:15:08.507`) +* [CVE-2023-31168](CVE-2023/CVE-2023-311xx/CVE-2023-31168.json) (`2023-08-31T16:15:08.937`) +* [CVE-2023-31169](CVE-2023/CVE-2023-311xx/CVE-2023-31169.json) (`2023-08-31T16:15:09.230`) +* [CVE-2023-31170](CVE-2023/CVE-2023-311xx/CVE-2023-31170.json) (`2023-08-31T16:15:09.313`) +* [CVE-2023-31171](CVE-2023/CVE-2023-311xx/CVE-2023-31171.json) (`2023-08-31T16:15:09.403`) +* [CVE-2023-31172](CVE-2023/CVE-2023-311xx/CVE-2023-31172.json) (`2023-08-31T16:15:09.487`) +* [CVE-2023-31173](CVE-2023/CVE-2023-311xx/CVE-2023-31173.json) (`2023-08-31T16:15:09.567`) +* [CVE-2023-31174](CVE-2023/CVE-2023-311xx/CVE-2023-31174.json) (`2023-08-31T16:15:09.827`) +* [CVE-2023-31175](CVE-2023/CVE-2023-311xx/CVE-2023-31175.json) (`2023-08-31T16:15:09.923`) +* [CVE-2023-34391](CVE-2023/CVE-2023-343xx/CVE-2023-34391.json) (`2023-08-31T16:15:10.017`) +* [CVE-2023-34392](CVE-2023/CVE-2023-343xx/CVE-2023-34392.json) (`2023-08-31T16:15:10.123`) +* [CVE-2023-41717](CVE-2023/CVE-2023-417xx/CVE-2023-41717.json) (`2023-08-31T16:15:10.217`) +* [CVE-2023-41743](CVE-2023/CVE-2023-417xx/CVE-2023-41743.json) (`2023-08-31T16:15:10.270`) +* [CVE-2023-41744](CVE-2023/CVE-2023-417xx/CVE-2023-41744.json) (`2023-08-31T16:15:10.343`) +* [CVE-2023-4678](CVE-2023/CVE-2023-46xx/CVE-2023-4678.json) (`2023-08-31T16:15:10.417`) +* [CVE-2023-4681](CVE-2023/CVE-2023-46xx/CVE-2023-4681.json) (`2023-08-31T16:15:10.520`) +* [CVE-2023-4682](CVE-2023/CVE-2023-46xx/CVE-2023-4682.json) (`2023-08-31T16:15:10.670`) +* [CVE-2023-4683](CVE-2023/CVE-2023-46xx/CVE-2023-4683.json) (`2023-08-31T16:15:10.767`) ### CVEs modified in the last Commit -Recently modified CVEs: `16` +Recently modified CVEs: `42` -* [CVE-2019-13689](CVE-2019/CVE-2019-136xx/CVE-2019-13689.json) (`2023-08-31T14:35:03.567`) -* [CVE-2022-43357](CVE-2022/CVE-2022-433xx/CVE-2022-43357.json) (`2023-08-31T14:23:21.023`) -* [CVE-2023-4419](CVE-2023/CVE-2023-44xx/CVE-2023-4419.json) (`2023-08-31T14:09:35.067`) -* [CVE-2023-39106](CVE-2023/CVE-2023-391xx/CVE-2023-39106.json) (`2023-08-31T14:27:05.690`) -* [CVE-2023-25848](CVE-2023/CVE-2023-258xx/CVE-2023-25848.json) (`2023-08-31T14:29:48.863`) -* [CVE-2023-40217](CVE-2023/CVE-2023-402xx/CVE-2023-40217.json) (`2023-08-31T14:35:35.653`) -* [CVE-2023-40030](CVE-2023/CVE-2023-400xx/CVE-2023-40030.json) (`2023-08-31T14:35:56.270`) -* [CVE-2023-39288](CVE-2023/CVE-2023-392xx/CVE-2023-39288.json) (`2023-08-31T14:43:31.107`) -* [CVE-2023-22877](CVE-2023/CVE-2023-228xx/CVE-2023-22877.json) (`2023-08-31T14:44:01.710`) -* [CVE-2023-40577](CVE-2023/CVE-2023-405xx/CVE-2023-40577.json) (`2023-08-31T14:45:39.280`) -* [CVE-2023-20230](CVE-2023/CVE-2023-202xx/CVE-2023-20230.json) (`2023-08-31T14:59:01.167`) -* [CVE-2023-20169](CVE-2023/CVE-2023-201xx/CVE-2023-20169.json) (`2023-08-31T15:00:30.660`) -* [CVE-2023-20211](CVE-2023/CVE-2023-202xx/CVE-2023-20211.json) (`2023-08-31T15:01:05.433`) -* [CVE-2023-20228](CVE-2023/CVE-2023-202xx/CVE-2023-20228.json) (`2023-08-31T15:01:26.960`) -* [CVE-2023-20900](CVE-2023/CVE-2023-209xx/CVE-2023-20900.json) (`2023-08-31T15:15:08.420`) -* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-08-31T15:15:08.637`) +* [CVE-2023-41173](CVE-2023/CVE-2023-411xx/CVE-2023-41173.json) (`2023-08-31T16:26:22.403`) +* [CVE-2023-25981](CVE-2023/CVE-2023-259xx/CVE-2023-25981.json) (`2023-08-31T16:28:52.840`) +* [CVE-2023-40530](CVE-2023/CVE-2023-405xx/CVE-2023-40530.json) (`2023-08-31T16:29:12.807`) +* [CVE-2023-40166](CVE-2023/CVE-2023-401xx/CVE-2023-40166.json) (`2023-08-31T16:33:53.880`) +* [CVE-2023-41167](CVE-2023/CVE-2023-411xx/CVE-2023-41167.json) (`2023-08-31T16:42:22.000`) +* [CVE-2023-40796](CVE-2023/CVE-2023-407xx/CVE-2023-40796.json) (`2023-08-31T16:55:05.220`) +* [CVE-2023-41080](CVE-2023/CVE-2023-410xx/CVE-2023-41080.json) (`2023-08-31T17:05:13.283`) +* [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-31T17:22:17.063`) +* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-08-31T17:25:54.340`) +* [CVE-2023-33833](CVE-2023/CVE-2023-338xx/CVE-2023-33833.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-33834](CVE-2023/CVE-2023-338xx/CVE-2023-33834.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-33835](CVE-2023/CVE-2023-338xx/CVE-2023-33835.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41635](CVE-2023/CVE-2023-416xx/CVE-2023-41635.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41636](CVE-2023/CVE-2023-416xx/CVE-2023-41636.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41637](CVE-2023/CVE-2023-416xx/CVE-2023-41637.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41638](CVE-2023/CVE-2023-416xx/CVE-2023-41638.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41640](CVE-2023/CVE-2023-416xx/CVE-2023-41640.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-41642](CVE-2023/CVE-2023-416xx/CVE-2023-41642.json) (`2023-08-31T17:26:00.623`) +* [CVE-2023-40164](CVE-2023/CVE-2023-401xx/CVE-2023-40164.json) (`2023-08-31T17:33:09.500`) +* [CVE-2023-39287](CVE-2023/CVE-2023-392xx/CVE-2023-39287.json) (`2023-08-31T17:34:40.143`) +* [CVE-2023-40580](CVE-2023/CVE-2023-405xx/CVE-2023-40580.json) (`2023-08-31T17:38:54.047`) +* [CVE-2023-40579](CVE-2023/CVE-2023-405xx/CVE-2023-40579.json) (`2023-08-31T17:39:36.077`) +* [CVE-2023-4478](CVE-2023/CVE-2023-44xx/CVE-2023-4478.json) (`2023-08-31T17:44:40.807`) +* [CVE-2023-32078](CVE-2023/CVE-2023-320xx/CVE-2023-32078.json) (`2023-08-31T17:59:30.080`) ## Download and Usage