From 49a14199eac965367c43ae95ab0a522e882a1072 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 8 Dec 2023 23:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-12-08T23:00:18.203287+00:00 --- CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json | 14 +-- CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json | 16 ++-- CVE-2015/CVE-2015-100xx/CVE-2015-10092.json | 10 +- CVE-2017/CVE-2017-201xx/CVE-2017-20172.json | 16 ++-- CVE-2020/CVE-2020-238xx/CVE-2020-23804.json | 25 ++++- CVE-2022/CVE-2022-301xx/CVE-2022-30122.json | 10 +- CVE-2022/CVE-2022-301xx/CVE-2022-30123.json | 12 ++- CVE-2022/CVE-2022-445xx/CVE-2022-44570.json | 6 +- CVE-2022/CVE-2022-445xx/CVE-2022-44571.json | 6 +- CVE-2022/CVE-2022-445xx/CVE-2022-44572.json | 6 +- CVE-2023/CVE-2023-219xx/CVE-2023-21911.json | 91 +++++++++++++++++-- CVE-2023/CVE-2023-219xx/CVE-2023-21919.json | 91 +++++++++++++++++-- CVE-2023/CVE-2023-275xx/CVE-2023-27530.json | 8 +- CVE-2023/CVE-2023-30xx/CVE-2023-3085.json | 10 +- CVE-2023/CVE-2023-343xx/CVE-2023-34320.json | 20 ++++ CVE-2023/CVE-2023-454xx/CVE-2023-45463.json | 5 +- CVE-2023/CVE-2023-492xx/CVE-2023-49284.json | 8 +- CVE-2023/CVE-2023-63xx/CVE-2023-6337.json | 55 +++++++++++ README.md | 64 +++++-------- 19 files changed, 372 insertions(+), 101 deletions(-) create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34320.json create mode 100644 CVE-2023/CVE-2023-63xx/CVE-2023-6337.json diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json index 6bbaf80fc4f..97c3eeeedd7 100644 --- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json +++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125075", "sourceIdentifier": "cna@vuldb.com", "published": "2023-01-11T19:15:09.013", - "lastModified": "2023-11-07T02:18:41.837", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:24:26.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -113,14 +113,14 @@ "url": "https://github.com/ChrisMcMStone/gmail-servlet/commit/5d72753c2e95bb373aa86824939397dc25f679ea", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { "url": "https://vuldb.com/?ctiid.218021", "source": "cna@vuldb.com", "tags": [ + "Permissions Required", "Third Party Advisory" ] }, diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json index 43138d6cd44..1472f7dc76b 100644 --- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json +++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json @@ -2,8 +2,8 @@ "id": "CVE-2014-125101", "sourceIdentifier": "cna@vuldb.com", "published": "2023-05-28T13:15:09.347", - "lastModified": "2023-11-07T02:18:48.340", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:27:02.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -91,7 +91,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { @@ -131,14 +131,16 @@ "url": "https://vuldb.com/?ctiid.230085", "source": "cna@vuldb.com", "tags": [ - "Permissions Required" + "Permissions Required", + "Third Party Advisory" ] }, { "url": "https://vuldb.com/?id.230085", "source": "cna@vuldb.com", "tags": [ - "Permissions Required" + "Permissions Required", + "Third Party Advisory" ] } ] diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json index ce165adf01b..246993169c7 100644 --- a/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json +++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json @@ -2,8 +2,8 @@ "id": "CVE-2015-10092", "sourceIdentifier": "cna@vuldb.com", "published": "2023-03-06T06:15:09.733", - "lastModified": "2023-11-07T02:23:53.100", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:29:35.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json index ac1c55ac002..fe767bfcc55 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json @@ -2,8 +2,8 @@ "id": "CVE-2017-20172", "sourceIdentifier": "cna@vuldb.com", "published": "2023-01-18T15:15:11.083", - "lastModified": "2023-11-07T02:43:23.167", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:31:12.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -55,7 +55,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -81,7 +81,7 @@ }, "weaknesses": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Primary", "description": [ { @@ -114,16 +114,14 @@ "url": "https://github.com/ridhoq/soundslike/commit/90bb4fb667d9253d497b619b9adaac83bf0ce0f8", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { "url": "https://github.com/ridhoq/soundslike/pull/5", "source": "cna@vuldb.com", "tags": [ - "Patch", - "Third Party Advisory" + "Patch" ] }, { diff --git a/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json b/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json index 1e8f9c35e74..372409f428f 100644 --- a/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json +++ b/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json @@ -2,8 +2,8 @@ "id": "CVE-2020-23804", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.520", - "lastModified": "2023-10-16T14:15:10.247", - "vulnStatus": "Modified", + "lastModified": "2023-12-08T21:04:59.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -61,6 +61,21 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] } ], "references": [ @@ -76,7 +91,11 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json index a7109cb8677..410ebbcb97e 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json @@ -2,12 +2,16 @@ "id": "CVE-2022-30122", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.227", - "lastModified": "2023-10-30T12:15:08.747", + "lastModified": "2023-12-08T22:15:07.127", "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack." + }, + { + "lang": "es", + "value": "Existe una posible vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en Rack <2.0.9.1, <2.1.4.1 y <2.2.3.1 en el componente de an\u00e1lisis multiparte de Rack." } ], "metrics": { @@ -101,6 +105,10 @@ "url": "https://security.gentoo.org/glsa/202310-18", "source": "support@hackerone.com" }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0012/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json index 6098b19f6cb..dbdb7cc722a 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json @@ -2,12 +2,16 @@ "id": "CVE-2022-30123", "sourceIdentifier": "support@hackerone.com", "published": "2022-12-05T22:15:10.280", - "lastModified": "2023-11-18T02:44:55.907", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-08T22:15:07.257", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de secuencia en Rack <2.0.9.1, <2.1.4.1 y <2.2.3.1 que podr\u00eda permitir un posible escape de shell en los componentes Lint y CommonLogger de Rack." } ], "metrics": { @@ -118,6 +122,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0011/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com", diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json index 44ba6253cb1..567f95b8906 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44570", "sourceIdentifier": "support@hackerone.com", "published": "2023-02-09T20:15:11.090", - "lastModified": "2023-10-22T19:15:08.540", + "lastModified": "2023-12-08T22:15:07.350", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0010/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json index f11f091812d..35c4592a0f5 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44571", "sourceIdentifier": "support@hackerone.com", "published": "2023-02-09T20:15:11.153", - "lastModified": "2023-10-22T19:15:08.620", + "lastModified": "2023-12-08T22:15:07.447", "vulnStatus": "Modified", "descriptions": [ { @@ -105,6 +105,10 @@ "Vendor Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0013/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json index e952c65ee50..04b250f8a5c 100644 --- a/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json +++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json @@ -2,7 +2,7 @@ "id": "CVE-2022-44572", "sourceIdentifier": "support@hackerone.com", "published": "2023-02-09T20:15:11.220", - "lastModified": "2023-10-22T19:15:08.690", + "lastModified": "2023-12-08T22:15:07.523", "vulnStatus": "Modified", "descriptions": [ { @@ -97,6 +97,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0014/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com" diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21911.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21911.json index fbeab2690c2..a988b5c4f66 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21911.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21911.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21911", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:12.583", - "lastModified": "2023-09-16T04:15:20.810", - "vulnStatus": "Modified", + "lastModified": "2023-12-08T21:17:44.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.32 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { @@ -63,24 +67,99 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21919.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21919.json index 14b6ea9b55c..935663fff95 100644 --- a/CVE-2023/CVE-2023-219xx/CVE-2023-21919.json +++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21919.json @@ -2,12 +2,16 @@ "id": "CVE-2023-21919", "sourceIdentifier": "secalert_us@oracle.com", "published": "2023-04-18T20:15:13.090", - "lastModified": "2023-09-16T04:15:21.007", - "vulnStatus": "Modified", + "lastModified": "2023-12-08T21:18:54.210", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + }, + { + "lang": "es", + "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DDL). Las versiones compatibles que se ven afectadas son la 8.0.32 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": { @@ -63,24 +67,99 @@ ] } ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", + "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", + "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94" + } + ] + } + ] } ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.oracle.com/security-alerts/cpuapr2023.html", diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json index 62c9454725f..009af3c3f4d 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27530", "sourceIdentifier": "support@hackerone.com", "published": "2023-03-10T22:15:10.497", - "lastModified": "2023-11-04T02:46:04.243", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-08T22:15:07.603", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -132,6 +132,10 @@ "Third Party Advisory" ] }, + { + "url": "https://security.netapp.com/advisory/ntap-20231208-0015/", + "source": "support@hackerone.com" + }, { "url": "https://www.debian.org/security/2023/dsa-5530", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json index 0c9115eba14..39450037cdc 100644 --- a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3085", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-03T11:15:21.443", - "lastModified": "2023-11-07T04:17:52.167", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:16:21.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -59,7 +59,7 @@ ], "cvssMetricV2": [ { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "cvssData": { "version": "2.0", @@ -95,7 +95,7 @@ ] }, { - "source": "1af790b2-7ee1-4545-860a-a788eba489b5", + "source": "cna@vuldb.com", "type": "Secondary", "description": [ { diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34320.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34320.json new file mode 100644 index 00000000000..ccdd45b76ae --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34320.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-34320", + "sourceIdentifier": "security@xen.org", + "published": "2023-12-08T21:15:07.353", + "lastModified": "2023-12-08T21:15:07.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412\nwhere software, under certain circumstances, could deadlock a core\ndue to the execution of either a load to device or non-cacheable memory,\nand either a store exclusive or register read of the Physical\nAddress Register (PAR_EL1) in close proximity.\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://xenbits.xenproject.org/xsa/advisory-436.html", + "source": "security@xen.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json b/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json index 4399e2d9d31..7be3a21958a 100644 --- a/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json +++ b/CVE-2023/CVE-2023-454xx/CVE-2023-45463.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45463", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-13T13:15:11.987", - "lastModified": "2023-10-16T18:33:53.557", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-12-08T21:01:43.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -85,6 +85,7 @@ "source": "cve@mitre.org", "tags": [ "Exploit", + "Product", "Third Party Advisory" ] } diff --git a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json index 96b0050769a..b919bd8982f 100644 --- a/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json +++ b/CVE-2023/CVE-2023-492xx/CVE-2023-49284.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49284", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-05T00:15:08.737", - "lastModified": "2023-12-08T17:26:11.893", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-08T21:15:07.433", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -89,6 +89,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/08/1", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6337.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6337.json new file mode 100644 index 00000000000..ea343b08b1a --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6337.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6337", + "sourceIdentifier": "security@hashicorp.com", + "published": "2023-12-08T22:15:07.713", + "lastModified": "2023-12-08T22:15:07.713", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.\n\nFixed in\u00a0Vault 1.15.4, 1.14.8, 1.13.12.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 9d21adc1962..b499cc56867 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-08T21:00:18.914884+00:00 +2023-12-08T23:00:18.203287+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-08T20:57:31.813000+00:00 +2023-12-08T22:15:07.713000+00:00 ``` ### Last Data Feed Release @@ -29,55 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232641 +232643 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `2` -* [CVE-2023-6507](CVE-2023/CVE-2023-65xx/CVE-2023-6507.json) (`2023-12-08T19:15:08.440`) -* [CVE-2023-46493](CVE-2023/CVE-2023-464xx/CVE-2023-46493.json) (`2023-12-08T20:15:07.203`) -* [CVE-2023-46494](CVE-2023/CVE-2023-464xx/CVE-2023-46494.json) (`2023-12-08T20:15:07.257`) -* [CVE-2023-46495](CVE-2023/CVE-2023-464xx/CVE-2023-46495.json) (`2023-12-08T20:15:07.313`) -* [CVE-2023-46496](CVE-2023/CVE-2023-464xx/CVE-2023-46496.json) (`2023-12-08T20:15:07.373`) -* [CVE-2023-46497](CVE-2023/CVE-2023-464xx/CVE-2023-46497.json) (`2023-12-08T20:15:07.420`) -* [CVE-2023-46498](CVE-2023/CVE-2023-464xx/CVE-2023-46498.json) (`2023-12-08T20:15:07.473`) -* [CVE-2023-46499](CVE-2023/CVE-2023-464xx/CVE-2023-46499.json) (`2023-12-08T20:15:07.523`) -* [CVE-2023-48311](CVE-2023/CVE-2023-483xx/CVE-2023-48311.json) (`2023-12-08T20:15:07.573`) -* [CVE-2023-49782](CVE-2023/CVE-2023-497xx/CVE-2023-49782.json) (`2023-12-08T20:15:07.783`) -* [CVE-2023-49788](CVE-2023/CVE-2023-497xx/CVE-2023-49788.json) (`2023-12-08T20:15:07.993`) +* [CVE-2023-34320](CVE-2023/CVE-2023-343xx/CVE-2023-34320.json) (`2023-12-08T21:15:07.353`) +* [CVE-2023-6337](CVE-2023/CVE-2023-63xx/CVE-2023-6337.json) (`2023-12-08T22:15:07.713`) ### CVEs modified in the last Commit -Recently modified CVEs: `55` +Recently modified CVEs: `16` -* [CVE-2023-48693](CVE-2023/CVE-2023-486xx/CVE-2023-48693.json) (`2023-12-08T19:24:21.413`) -* [CVE-2023-42567](CVE-2023/CVE-2023-425xx/CVE-2023-42567.json) (`2023-12-08T19:30:57.537`) -* [CVE-2023-48694](CVE-2023/CVE-2023-486xx/CVE-2023-48694.json) (`2023-12-08T19:32:12.633`) -* [CVE-2023-42568](CVE-2023/CVE-2023-425xx/CVE-2023-42568.json) (`2023-12-08T19:35:34.093`) -* [CVE-2023-48696](CVE-2023/CVE-2023-486xx/CVE-2023-48696.json) (`2023-12-08T19:36:56.413`) -* [CVE-2023-48697](CVE-2023/CVE-2023-486xx/CVE-2023-48697.json) (`2023-12-08T19:41:59.550`) -* [CVE-2023-42562](CVE-2023/CVE-2023-425xx/CVE-2023-42562.json) (`2023-12-08T19:53:59.103`) -* [CVE-2023-42561](CVE-2023/CVE-2023-425xx/CVE-2023-42561.json) (`2023-12-08T19:54:52.720`) -* [CVE-2023-42560](CVE-2023/CVE-2023-425xx/CVE-2023-42560.json) (`2023-12-08T19:55:47.237`) -* [CVE-2023-42558](CVE-2023/CVE-2023-425xx/CVE-2023-42558.json) (`2023-12-08T19:57:46.590`) -* [CVE-2023-42556](CVE-2023/CVE-2023-425xx/CVE-2023-42556.json) (`2023-12-08T20:13:16.467`) -* [CVE-2023-42559](CVE-2023/CVE-2023-425xx/CVE-2023-42559.json) (`2023-12-08T20:14:34.330`) -* [CVE-2023-5808](CVE-2023/CVE-2023-58xx/CVE-2023-5808.json) (`2023-12-08T20:15:08.200`) -* [CVE-2023-42557](CVE-2023/CVE-2023-425xx/CVE-2023-42557.json) (`2023-12-08T20:16:19.493`) -* [CVE-2023-6606](CVE-2023/CVE-2023-66xx/CVE-2023-6606.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6610](CVE-2023/CVE-2023-66xx/CVE-2023-6610.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6615](CVE-2023/CVE-2023-66xx/CVE-2023-6615.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6616](CVE-2023/CVE-2023-66xx/CVE-2023-6616.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6617](CVE-2023/CVE-2023-66xx/CVE-2023-6617.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6618](CVE-2023/CVE-2023-66xx/CVE-2023-6618.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6619](CVE-2023/CVE-2023-66xx/CVE-2023-6619.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-6622](CVE-2023/CVE-2023-66xx/CVE-2023-6622.json) (`2023-12-08T20:18:15.033`) -* [CVE-2023-1380](CVE-2023/CVE-2023-13xx/CVE-2023-1380.json) (`2023-12-08T20:45:02.020`) -* [CVE-2023-2002](CVE-2023/CVE-2023-20xx/CVE-2023-2002.json) (`2023-12-08T20:48:30.057`) -* [CVE-2023-41419](CVE-2023/CVE-2023-414xx/CVE-2023-41419.json) (`2023-12-08T20:51:32.543`) +* [CVE-2014-125075](CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json) (`2023-12-08T21:24:26.043`) +* [CVE-2014-125101](CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json) (`2023-12-08T21:27:02.623`) +* [CVE-2015-10092](CVE-2015/CVE-2015-100xx/CVE-2015-10092.json) (`2023-12-08T21:29:35.770`) +* [CVE-2017-20172](CVE-2017/CVE-2017-201xx/CVE-2017-20172.json) (`2023-12-08T21:31:12.723`) +* [CVE-2020-23804](CVE-2020/CVE-2020-238xx/CVE-2020-23804.json) (`2023-12-08T21:04:59.190`) +* [CVE-2022-30122](CVE-2022/CVE-2022-301xx/CVE-2022-30122.json) (`2023-12-08T22:15:07.127`) +* [CVE-2022-30123](CVE-2022/CVE-2022-301xx/CVE-2022-30123.json) (`2023-12-08T22:15:07.257`) +* [CVE-2022-44570](CVE-2022/CVE-2022-445xx/CVE-2022-44570.json) (`2023-12-08T22:15:07.350`) +* [CVE-2022-44571](CVE-2022/CVE-2022-445xx/CVE-2022-44571.json) (`2023-12-08T22:15:07.447`) +* [CVE-2022-44572](CVE-2022/CVE-2022-445xx/CVE-2022-44572.json) (`2023-12-08T22:15:07.523`) +* [CVE-2023-45463](CVE-2023/CVE-2023-454xx/CVE-2023-45463.json) (`2023-12-08T21:01:43.550`) +* [CVE-2023-49284](CVE-2023/CVE-2023-492xx/CVE-2023-49284.json) (`2023-12-08T21:15:07.433`) +* [CVE-2023-3085](CVE-2023/CVE-2023-30xx/CVE-2023-3085.json) (`2023-12-08T21:16:21.743`) +* [CVE-2023-21911](CVE-2023/CVE-2023-219xx/CVE-2023-21911.json) (`2023-12-08T21:17:44.963`) +* [CVE-2023-21919](CVE-2023/CVE-2023-219xx/CVE-2023-21919.json) (`2023-12-08T21:18:54.210`) +* [CVE-2023-27530](CVE-2023/CVE-2023-275xx/CVE-2023-27530.json) (`2023-12-08T22:15:07.603`) ## Download and Usage