diff --git a/CVE-2018/CVE-2018-54xx/CVE-2018-5478.json b/CVE-2018/CVE-2018-54xx/CVE-2018-5478.json index d4c541aff05..4219c1425f0 100644 --- a/CVE-2018/CVE-2018-54xx/CVE-2018-5478.json +++ b/CVE-2018/CVE-2018-54xx/CVE-2018-5478.json @@ -2,8 +2,8 @@ "id": "CVE-2018-5478", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T06:15:12.223", - "lastModified": "2023-09-21T12:04:56.487", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-23T03:42:03.790", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Contao 3.x anterior a 3.5.32 permite XSS a trav\u00e9s del m\u00f3dulo de cancelaci\u00f3n de suscripci\u00f3n en la extensi\u00f3n del bolet\u00edn frontal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.5.32", + "matchCriteriaId": "A00793A4-3198-4D48-BEB8-47814317D9DE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json b/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json index 27272d436ac..6264f352f29 100644 --- a/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json +++ b/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json @@ -2,8 +2,8 @@ "id": "CVE-2022-27635", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:11.817", - "lastModified": "2023-08-17T17:08:13.397", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T03:15:10.337", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -171,6 +171,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json index 17e94420fdf..d3d89860622 100644 --- a/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json +++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36351", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:12.807", - "lastModified": "2023-08-17T17:07:46.260", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T03:15:19.213", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -161,6 +161,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json index 58a342f2405..06e96ad689f 100644 --- a/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json +++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json @@ -2,8 +2,8 @@ "id": "CVE-2022-38076", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:13.843", - "lastModified": "2023-08-17T17:06:23.010", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T03:15:20.180", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -161,6 +161,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json b/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json index e5f595867cd..8996c43a514 100644 --- a/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json +++ b/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json @@ -2,8 +2,8 @@ "id": "CVE-2022-40964", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:14.603", - "lastModified": "2023-08-17T17:06:08.137", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T03:15:20.637", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -171,6 +171,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json index c9e972b0311..5ff1a2ff3ff 100644 --- a/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json +++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46329", "sourceIdentifier": "secure@intel.com", "published": "2023-08-11T03:15:16.540", - "lastModified": "2023-08-17T17:03:27.513", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T03:15:21.007", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -116,6 +116,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/", + "source": "secure@intel.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json index 1367d0e6bd1..c0ef788f3a8 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34576", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T20:15:10.133", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-23T03:35:40.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en updatepos.php en PrestaShop opartfaq hasta 1.0.3 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un vector no especificado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opartfaq_project:opartfaq:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "1.0.4", + "matchCriteriaId": "769DF896-371C-46E9-ADB4-13374BAEB0A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/09/19/opartfaq.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json index 7a4d4e293f6..34ce3b21097 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34577", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T17:15:16.050", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-23T03:38:59.283", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -38,10 +58,45 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:planned_popup_project:planned_popup:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "1.4.12", + "matchCriteriaId": "8935A640-E4AE-42F6-AF42-F0B9A71F541F" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/09/19/opartplannedpopup.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38346.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38346.json index c5a5cca1003..d98363ad86d 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38346.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38346.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38346", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T19:15:09.593", - "lastModified": "2023-09-22T19:15:09.593", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39252.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39252.json index 82a6732579c..4fb022f03bf 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39252.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39252.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39252", "sourceIdentifier": "security_alert@emc.com", "published": "2023-09-21T06:15:12.993", - "lastModified": "2023-09-21T12:04:56.487", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-23T03:43:14.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:secure_connect_gateway_policy_manager:5.16.00.14:*:*:*:*:*:*:*", + "matchCriteriaId": "13E7FE0D-4D35-4187-8958-2761F93E5CCA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000217683/dsa-2023-321-security-update-for-dell-secure-connect-gateway-security-policy-manager-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40989.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40989.json index e5d9ab5b62c..86c665c7f16 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40989.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40989.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40989", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T20:15:09.697", - "lastModified": "2023-09-22T20:15:09.697", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41027.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41027.json index 3ab8df7bfa6..8ba3d267629 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41027.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41027.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41027", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2023-09-22T17:15:09.880", - "lastModified": "2023-09-22T17:15:09.880", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41029.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41029.json index 54bc3d8b3c8..cdc0ec56ad8 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41029.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41029.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41029", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2023-09-22T17:15:10.957", - "lastModified": "2023-09-22T17:15:10.957", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41031.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41031.json index 40c779181cd..3fe7b02c49c 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41031.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41031.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41031", "sourceIdentifier": "disclosures@exodusintel.com", "published": "2023-09-22T17:15:14.027", - "lastModified": "2023-09-22T17:15:14.027", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json index 7e70c222e86..9f359daf8e5 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41051", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-01T19:15:42.883", - "lastModified": "2023-09-07T19:19:19.957", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-23T02:15:18.330", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -56,7 +56,7 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "security-advisories@github.com", "type": "Primary", "description": [ { @@ -66,7 +66,7 @@ ] }, { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { @@ -116,6 +116,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json index 931d45ef9c3..863c87aca01 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41991", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.283", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:15:21.467", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + }, + { + "lang": "es", + "value": "Se solucion\u00f3 un problema de validaci\u00f3n de certificados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. Es posible que una aplicaci\u00f3n maliciosa pueda omitir la validaci\u00f3n de firmas. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7." } ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/14", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/15", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/16", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/17", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/19", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213926", "source": "product-security@apple.com" diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json index a96ac7c6ca1..097641cb674 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json @@ -2,16 +2,44 @@ "id": "CVE-2023-41992", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.520", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:15:22.137", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, OS 17.0.1 y iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. Un atacante local podr\u00eda aumentar sus privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7." } ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/14", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/15", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/16", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/17", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/18", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/19", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213926", "source": "product-security@apple.com" diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json index 8a799f4e181..0d4118ba1bb 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json @@ -2,16 +2,36 @@ "id": "CVE-2023-41993", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.660", - "lastModified": "2023-09-22T06:15:09.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:15:22.473", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7." + }, + { + "lang": "es", + "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7 y iPadOS 16.7, iOS 17.0.1 y iPadOS 17.0.1, Safari 16.6.1. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7." } ], "metrics": {}, "references": [ + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/13", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/14", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/15", + "source": "product-security@apple.com" + }, + { + "url": "http://seclists.org/fulldisclosure/2023/Sep/19", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213926", "source": "product-security@apple.com" diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4152.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4152.json index 65d6d9d7a25..380d7352aca 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4152.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4152.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4152", "sourceIdentifier": "info@cert.vde.com", "published": "2023-09-21T07:15:14.300", - "lastModified": "2023-09-21T12:04:56.487", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:41:36.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadc:*:*", + "versionEndIncluding": "1.4.24", + "matchCriteriaId": "8C27C13A-FDC8-4E2C-A4E0-324A29040DC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:frauscher:frauscher_diagnostic_system_101:*:*:*:*:*:fadci:*:*", + "versionEndIncluding": "1.4.24", + "matchCriteriaId": "65E1CCBA-51DB-439D-951F-1EC97EB9E58D" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-038/", - "source": "info@cert.vde.com" + "source": "info@cert.vde.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42322.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42322.json index f5241d5d936..f2c6eeed5b2 100644 --- a/CVE-2023/CVE-2023-423xx/CVE-2023-42322.json +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42322.json @@ -2,23 +2,85 @@ "id": "CVE-2023-42322", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T21:15:11.913", - "lastModified": "2023-09-20T22:22:56.450", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-23T03:42:57.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Permisos Inseguros en icmsdev iCMS v.7.0.16 permite a un atacante remoto obtener informaci\u00f3n sensible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icmsdev:icms:7.0.16:*:*:*:*:*:*:*", + "matchCriteriaId": "50266299-9036-45A3-8E4B-2A323B247877" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/ChubbyZ/0ddb9772231d9a8c5b5345883abcb0a6", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.icmsdev.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json index d3f83705ba3..e693840e4fd 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42482", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T20:15:10.550", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:33:36.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free." + }, + { + "lang": "es", + "value": "El Procesador M\u00f3vil Samsung Exynos 2200 permite el uso de GPU Use After Free." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json index 3ac878c7838..074f2e40f01 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42810", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T18:15:12.327", - "lastModified": "2023-09-22T01:25:45.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:38:14.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:systeminformation:systeminformation:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.21.7", + "matchCriteriaId": "4902866A-BD36-42E7-B197-C9131EF83FB7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sebhildebrandt/systeminformation/commit/7972565812ccb2a610a22911c54c3446f4171392", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-gx6r-qc2v-3p3v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://systeminformation.io/security.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42812.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42812.json index ca9b1c3ddf2..e723ca1590e 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42812.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42812.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42812", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-22T17:15:14.733", - "lastModified": "2023-09-22T17:15:14.733", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42821.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42821.json index 9cccd3d6063..68d5c028425 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42821.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42821.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42821", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-22T17:15:14.990", - "lastModified": "2023-09-22T17:15:14.990", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43129.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43129.json index de2ac154f5a..f6c0db80ea8 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43129.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43129.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43129", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T23:15:09.483", - "lastModified": "2023-09-22T23:15:09.483", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43130.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43130.json index 2ed7950483f..f48ef92c126 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43130.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43130.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43130", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T23:15:10.050", - "lastModified": "2023-09-22T23:15:10.050", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43270.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43270.json index 91ea4553ec7..69b1bed7177 100644 --- a/CVE-2023/CVE-2023-432xx/CVE-2023-43270.json +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43270.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43270", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T19:15:11.130", - "lastModified": "2023-09-22T19:15:11.130", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43338.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43338.json index 862c8a8fa6e..15732360d1c 100644 --- a/CVE-2023/CVE-2023-433xx/CVE-2023-43338.json +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43338.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43338", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-23T00:15:20.170", - "lastModified": "2023-09-23T00:15:20.170", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43468.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43468.json index b44c52a607c..9200183e71f 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43468.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43468.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43468", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-23T00:15:20.303", - "lastModified": "2023-09-23T00:15:20.303", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43469.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43469.json index 95960bc12cf..a5806fae6dc 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43469.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43469.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43469", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-23T00:15:20.387", - "lastModified": "2023-09-23T00:15:20.387", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43470.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43470.json index 5b2b9f09a88..3229b7dbff7 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43470.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43470", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-23T00:15:20.470", - "lastModified": "2023-09-23T00:15:20.470", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43495.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43495.json index a45b360ce86..648bf011fc0 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43495.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43495.json @@ -2,23 +2,93 @@ "id": "CVE-2023-43495", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-20T17:15:11.747", - "lastModified": "2023-09-20T18:15:12.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:45:20.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter." + }, + { + "lang": "es", + "value": "Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores no escapan al valor del par\u00e1metro constructor 'caption' de 'ExpandableDetailsNote', lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de controlar este par\u00e1metro." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.414.2", + "matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2.424", + "matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json index e22e110ff98..d88db70574e 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43496.json @@ -2,23 +2,93 @@ "id": "CVE-2023-43496", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-20T17:15:11.820", - "lastModified": "2023-09-20T18:15:12.617", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:45:08.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution." + }, + { + "lang": "es", + "value": "Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores crean un archivo temporal en el directorio temporal del sistema con los permisos predeterminados para archivos reci\u00e9n creados al instalar un complemento desde una URL, lo que potencialmente permite a los atacantes con acceso al directorio temporal del sistema reemplazar el archivo antes de instalarlo en Jenkins, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.414.2", + "matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2.424", + "matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43497.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43497.json index 4cfa4d6fe83..739809476d6 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43497.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43497.json @@ -2,23 +2,93 @@ "id": "CVE-2023-43497", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-20T17:15:11.877", - "lastModified": "2023-09-20T18:15:12.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:45:05.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used." + }, + { + "lang": "es", + "value": "En Jenkins 2.423 y versiones anteriores, LTS 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando el framework web Stapler crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos reci\u00e9n creados, lo que potencialmente permite a los atacantes acceder al sistema de archivos del controlador Jenkins leer y escribir los archivos antes de utilizarlos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.414.2", + "matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2.424", + "matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43498.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43498.json index e1e6185ad32..77e38fd593a 100644 --- a/CVE-2023/CVE-2023-434xx/CVE-2023-43498.json +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43498.json @@ -2,23 +2,93 @@ "id": "CVE-2023-43498", "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "published": "2023-09-20T17:15:11.927", - "lastModified": "2023-09-20T18:15:12.743", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-23T03:45:03.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used." + }, + { + "lang": "es", + "value": "En Jenkins versi\u00f3n 2.423 y anteriores, LTS versi\u00f3n 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando MultipartFormDataParser crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos reci\u00e9n creados, lo que potencialmente permite a los atacantes con acceso al sistema de archivos del controlador Jenkins leer y escriba los archivos antes de usarlos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", + "versionEndExcluding": "2.414.2", + "matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", + "versionEndExcluding": "2.424", + "matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073", - "source": "jenkinsci-cert@googlegroups.com" + "source": "jenkinsci-cert@googlegroups.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43640.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43640.json index 5df2315b94d..877e5c8ce49 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43640.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43640.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43640", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-22T18:15:12.243", - "lastModified": "2023-09-22T18:15:12.243", - "vulnStatus": "Received", + "lastModified": "2023-09-23T03:46:18.623", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index cb009afa922..0c4b3b2a859 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-23T02:00:24.902133+00:00 +2023-09-23T04:00:24.104637+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-23T00:15:20.470000+00:00 +2023-09-23T03:46:18.623000+00:00 ``` ### Last Data Feed Release @@ -34,21 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `0` -* [CVE-2023-43338](CVE-2023/CVE-2023-433xx/CVE-2023-43338.json) (`2023-09-23T00:15:20.170`) -* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-23T00:15:20.303`) -* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-23T00:15:20.387`) -* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-23T00:15:20.470`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `36` -* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-09-23T00:15:09.960`) -* [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2023-09-23T00:15:16.653`) -* [CVE-2023-3817](CVE-2023/CVE-2023-38xx/CVE-2023-3817.json) (`2023-09-23T00:15:19.610`) +* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-23T03:35:40.510`) +* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-23T03:38:14.547`) +* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-23T03:38:59.283`) +* [CVE-2023-4152](CVE-2023/CVE-2023-41xx/CVE-2023-4152.json) (`2023-09-23T03:41:36.287`) +* [CVE-2023-42322](CVE-2023/CVE-2023-423xx/CVE-2023-42322.json) (`2023-09-23T03:42:57.927`) +* [CVE-2023-39252](CVE-2023/CVE-2023-392xx/CVE-2023-39252.json) (`2023-09-23T03:43:14.050`) +* [CVE-2023-43498](CVE-2023/CVE-2023-434xx/CVE-2023-43498.json) (`2023-09-23T03:45:03.873`) +* [CVE-2023-43497](CVE-2023/CVE-2023-434xx/CVE-2023-43497.json) (`2023-09-23T03:45:05.997`) +* [CVE-2023-43496](CVE-2023/CVE-2023-434xx/CVE-2023-43496.json) (`2023-09-23T03:45:08.510`) +* [CVE-2023-43495](CVE-2023/CVE-2023-434xx/CVE-2023-43495.json) (`2023-09-23T03:45:20.057`) +* [CVE-2023-41027](CVE-2023/CVE-2023-410xx/CVE-2023-41027.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-41029](CVE-2023/CVE-2023-410xx/CVE-2023-41029.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-41031](CVE-2023/CVE-2023-410xx/CVE-2023-41031.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-42812](CVE-2023/CVE-2023-428xx/CVE-2023-42812.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-42821](CVE-2023/CVE-2023-428xx/CVE-2023-42821.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43640](CVE-2023/CVE-2023-436xx/CVE-2023-43640.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-38346](CVE-2023/CVE-2023-383xx/CVE-2023-38346.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43270](CVE-2023/CVE-2023-432xx/CVE-2023-43270.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-40989](CVE-2023/CVE-2023-409xx/CVE-2023-40989.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43129](CVE-2023/CVE-2023-431xx/CVE-2023-43129.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43130](CVE-2023/CVE-2023-431xx/CVE-2023-43130.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43338](CVE-2023/CVE-2023-433xx/CVE-2023-43338.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43468](CVE-2023/CVE-2023-434xx/CVE-2023-43468.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43469](CVE-2023/CVE-2023-434xx/CVE-2023-43469.json) (`2023-09-23T03:46:18.623`) +* [CVE-2023-43470](CVE-2023/CVE-2023-434xx/CVE-2023-43470.json) (`2023-09-23T03:46:18.623`) ## Download and Usage