admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-23T04:00:24.104637+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-23 04:00:27 +00:00
parent 5606d95bd2
commit 48cdfa8f89
37 changed files with 924 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
CVE-2018/CVE-2018-54xx/CVE-2018-5478.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-5478",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T06:15:12.223",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-23T03:42:03.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "Contao 3.x anterior a 3.5.32 permite XSS a trav\u00e9s del m\u00f3dulo de cancelaci\u00f3n de suscripci\u00f3n en la extensi\u00f3n del bolet\u00edn frontal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.32",
"matchCriteriaId": "A00793A4-3198-4D48-BEB8-47814317D9DE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-276xx/CVE-2022-27635.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27635",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:11.817",
"lastModified": "2023-08-17T17:08:13.397",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T03:15:10.337",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -171,6 +171,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
}
]
}

8
CVE-2022/CVE-2022-363xx/CVE-2022-36351.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-36351",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:12.807",
"lastModified": "2023-08-17T17:07:46.260",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T03:15:19.213",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -161,6 +161,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
}
]
}

8
CVE-2022/CVE-2022-380xx/CVE-2022-38076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-38076",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:13.843",
"lastModified": "2023-08-17T17:06:23.010",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T03:15:20.180",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -161,6 +161,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
}
]
}

8
CVE-2022/CVE-2022-409xx/CVE-2022-40964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-40964",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:14.603",
"lastModified": "2023-08-17T17:06:08.137",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T03:15:20.637",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -171,6 +171,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
}
]
}

8
CVE-2022/CVE-2022-463xx/CVE-2022-46329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46329",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:16.540",
"lastModified": "2023-08-17T17:03:27.513",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T03:15:21.007",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -116,6 +116,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
"source": "secure@intel.com"
}
]
}

64
CVE-2023/CVE-2023-345xx/CVE-2023-34576.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34576",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T20:15:10.133",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-23T03:35:40.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en updatepos.php en PrestaShop opartfaq hasta 1.0.3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un vector no especificado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +58,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opartfaq_project:opartfaq:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.0.4",
"matchCriteriaId": "769DF896-371C-46E9-ADB4-13374BAEB0A8"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartfaq.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-345xx/CVE-2023-34577.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34577",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T17:15:16.050",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-23T03:38:59.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -38,10 +58,45 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:planned_popup_project:planned_popup:*:*:*:*:*:prestashop:*:*",
"versionEndExcluding": "1.4.12",
"matchCriteriaId": "8935A640-E4AE-42F6-AF42-F0B9A71F541F"
}
]
}
]
}
],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/09/19/opartplannedpopup.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-383xx/CVE-2023-38346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38346",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:09.593",
"lastModified": "2023-09-22T19:15:09.593",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

47
CVE-2023/CVE-2023-392xx/CVE-2023-39252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39252",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-09-21T06:15:12.993",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-23T03:43:14.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:secure_connect_gateway_policy_manager:5.16.00.14:*:*:*:*:*:*:*",
"matchCriteriaId": "13E7FE0D-4D35-4187-8958-2761F93E5CCA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-409xx/CVE-2023-40989.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40989",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T20:15:09.697",
"lastModified": "2023-09-22T20:15:09.697",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-410xx/CVE-2023-41027.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41027",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:09.880",
"lastModified": "2023-09-22T17:15:09.880",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-410xx/CVE-2023-41029.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41029",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:10.957",
"lastModified": "2023-09-22T17:15:10.957",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-410xx/CVE-2023-41031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41031",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2023-09-22T17:15:14.027",
"lastModified": "2023-09-22T17:15:14.027",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

12
CVE-2023/CVE-2023-410xx/CVE-2023-41051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41051",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-01T19:15:42.883",
"lastModified": "2023-09-07T19:19:19.957",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-23T02:15:18.330",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -56,7 +56,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
@ -66,7 +66,7 @@
]
},
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -116,6 +116,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/",
"source": "security-advisories@github.com"
}
]
}

28
CVE-2023/CVE-2023-419xx/CVE-2023-41991.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-41991",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.283",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:15:21.467",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. Es posible que una aplicaci\u00f3n maliciosa pueda omitir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/16",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/17",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"

32
CVE-2023/CVE-2023-419xx/CVE-2023-41992.json
View File

@ -2,16 +2,44 @@
"id": "CVE-2023-41992",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.520",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:15:22.137",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. Un atacante local podr\u00eda aumentar sus privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/16",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/17",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/18",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"

24
CVE-2023/CVE-2023-419xx/CVE-2023-41993.json
View File

@ -2,16 +2,36 @@
"id": "CVE-2023-41993",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-21T19:15:11.660",
"lastModified": "2023-09-22T06:15:09.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:15:22.473",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, iOS 17.0.1 y iPadOS 17.0.1, Safari 16.6.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/13",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/14",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/15",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Sep/19",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213926",
"source": "product-security@apple.com"

33
CVE-2023/CVE-2023-41xx/CVE-2023-4152.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4152",
"sourceIdentifier": "info@cert.vde.com",
"published": "2023-09-21T07:15:14.300",
"lastModified": "2023-09-21T12:04:56.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:41:36.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadc:*:*",
"versionEndIncluding": "1.4.24",
"matchCriteriaId": "8C27C13A-FDC8-4E2C-A4E0-324A29040DC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadci:*:*",
"versionEndIncluding": "1.4.24",
"matchCriteriaId": "65E1CCBA-51DB-439D-951F-1EC97EB9E58D"
}
]
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-038/",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-423xx/CVE-2023-42322.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-42322",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-20T21:15:11.913",
"lastModified": "2023-09-20T22:22:56.450",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-09-23T03:42:57.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information."
},
{
"lang": "es",
"value": "Vulnerabilidad de Permisos Inseguros en icmsdev iCMS v.7.0.16 permite a un atacante remoto obtener informaci\u00f3n sensible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icmsdev:icms:7.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "50266299-9036-45A3-8E4B-2A323B247877"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/ChubbyZ/0ddb9772231d9a8c5b5345883abcb0a6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.icmsdev.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

74
CVE-2023/CVE-2023-424xx/CVE-2023-42482.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42482",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-21T20:15:10.550",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:33:36.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free."
},
{
"lang": "es",
"value": "El Procesador M\u00f3vil Samsung Exynos 2200 permite el uso de GPU Use After Free."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -34,10 +58,54 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"
}
]
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

58
CVE-2023/CVE-2023-428xx/CVE-2023-42810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-21T18:15:12.327",
"lastModified": "2023-09-22T01:25:45.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:38:14.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.21.7",
"matchCriteriaId": "4902866A-BD36-42E7-B197-C9131EF83FB7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://systeminformation.io/security.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-428xx/CVE-2023-42812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42812",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T17:15:14.733",
"lastModified": "2023-09-22T17:15:14.733",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-428xx/CVE-2023-42821.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T17:15:14.990",
"lastModified": "2023-09-22T17:15:14.990",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-431xx/CVE-2023-43129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43129",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T23:15:09.483",
"lastModified": "2023-09-22T23:15:09.483",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-431xx/CVE-2023-43130.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43130",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T23:15:10.050",
"lastModified": "2023-09-22T23:15:10.050",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-432xx/CVE-2023-43270.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43270",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T19:15:11.130",
"lastModified": "2023-09-22T19:15:11.130",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-433xx/CVE-2023-43338.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43338",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.170",
"lastModified": "2023-09-23T00:15:20.170",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-434xx/CVE-2023-43468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43468",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.303",
"lastModified": "2023-09-23T00:15:20.303",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-434xx/CVE-2023-43469.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.387",
"lastModified": "2023-09-23T00:15:20.387",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-434xx/CVE-2023-43470.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43470",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-23T00:15:20.470",
"lastModified": "2023-09-23T00:15:20.470",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

80
CVE-2023/CVE-2023-434xx/CVE-2023-43495.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-43495",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.747",
"lastModified": "2023-09-20T18:15:12.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:45:20.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter."
},
{
"lang": "es",
"value": "Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores no escapan al valor del par\u00e1metro constructor 'caption' de 'ExpandableDetailsNote', lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de controlar este par\u00e1metro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "2.414.2",
"matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndExcluding": "2.424",
"matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-434xx/CVE-2023-43496.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-43496",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.820",
"lastModified": "2023-09-20T18:15:12.617",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:45:08.510",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution."
},
{
"lang": "es",
"value": "Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores crean un archivo temporal en el directorio temporal del sistema con los permisos predeterminados para archivos reci\u00e9n creados al instalar un complemento desde una URL, lo que potencialmente permite a los atacantes con acceso al directorio temporal del sistema reemplazar el archivo antes de instalarlo en Jenkins, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "2.414.2",
"matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndExcluding": "2.424",
"matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-434xx/CVE-2023-43497.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-43497",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.877",
"lastModified": "2023-09-20T18:15:12.680",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:45:05.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used."
},
{
"lang": "es",
"value": "En Jenkins 2.423 y versiones anteriores, LTS 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando el framework web Stapler crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos reci\u00e9n creados, lo que potencialmente permite a los atacantes acceder al sistema de archivos del controlador Jenkins leer y escribir los archivos antes de utilizarlos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "2.414.2",
"matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndExcluding": "2.424",
"matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-434xx/CVE-2023-43498.json
View File

@ -2,23 +2,93 @@
"id": "CVE-2023-43498",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-09-20T17:15:11.927",
"lastModified": "2023-09-20T18:15:12.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-23T03:45:03.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used."
},
{
"lang": "es",
"value": "En Jenkins versi\u00f3n 2.423 y anteriores, LTS versi\u00f3n 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando MultipartFormDataParser crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos reci\u00e9n creados, lo que potencialmente permite a los atacantes con acceso al sistema de archivos del controlador Jenkins leer y escriba los archivos antes de usarlos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "2.414.2",
"matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
"versionEndExcluding": "2.424",
"matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073",
"source": "jenkinsci-cert@googlegroups.com"
"source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-436xx/CVE-2023-43640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43640",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-22T18:15:12.243",
"lastModified": "2023-09-22T18:15:12.243",
"vulnStatus": "Received",
"lastModified": "2023-09-23T03:46:18.623",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

40
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-23T02:00:24.902133+00:00
2023-09-23T04:00:24.104637+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-23T00:15:20.470000+00:00
2023-09-23T03:46:18.623000+00:00
```
### Last Data Feed Release
@ -34,21 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `0`
* [CVE-2023-43338](CVE-2023/CVE-2023-433xx/CVE-2023-43338.json) (`2023-09-23T00:15:20.170`)
* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-23T00:15:20.303`)
* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-23T00:15:20.387`)
* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-23T00:15:20.470`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `36`
* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-09-23T00:15:09.960`)
* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-09-23T00:15:16.653`)
* [CVE-2023-3817](CVE-2023/CVE-2023-38xx/CVE-2023-3817.json) (`2023-09-23T00:15:19.610`)
* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-23T03:35:40.510`)
* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-23T03:38:14.547`)
* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-23T03:38:59.283`)
* [CVE-2023-4152](CVE-2023/CVE-2023-41xx/CVE-2023-4152.json) (`2023-09-23T03:41:36.287`)
* [CVE-2023-42322](CVE-2023/CVE-2023-423xx/CVE-2023-42322.json) (`2023-09-23T03:42:57.927`)
* [CVE-2023-39252](CVE-2023/CVE-2023-392xx/CVE-2023-39252.json) (`2023-09-23T03:43:14.050`)
* [CVE-2023-43498](CVE-2023/CVE-2023-434xx/CVE-2023-43498.json) (`2023-09-23T03:45:03.873`)
* [CVE-2023-43497](CVE-2023/CVE-2023-434xx/CVE-2023-43497.json) (`2023-09-23T03:45:05.997`)
* [CVE-2023-43496](CVE-2023/CVE-2023-434xx/CVE-2023-43496.json) (`2023-09-23T03:45:08.510`)
* [CVE-2023-43495](CVE-2023/CVE-2023-434xx/CVE-2023-43495.json) (`2023-09-23T03:45:20.057`)
* [CVE-2023-41027](CVE-2023/CVE-2023-410xx/CVE-2023-41027.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-41029](CVE-2023/CVE-2023-410xx/CVE-2023-41029.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-41031](CVE-2023/CVE-2023-410xx/CVE-2023-41031.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-42812](CVE-2023/CVE-2023-428xx/CVE-2023-42812.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43640](CVE-2023/CVE-2023-436xx/CVE-2023-43640.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43270](CVE-2023/CVE-2023-432xx/CVE-2023-43270.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-40989](CVE-2023/CVE-2023-409xx/CVE-2023-40989.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43129](CVE-2023/CVE-2023-431xx/CVE-2023-43129.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43130](CVE-2023/CVE-2023-431xx/CVE-2023-43130.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43338](CVE-2023/CVE-2023-433xx/CVE-2023-43338.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-23T03:46:18.623`)
* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-23T03:46:18.623`)
## Download and Usage