From 49c37d3d38bdaffffc0e8f490d37d2e51364d507 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 12 Oct 2023 16:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-12T16:00:24.623863+00:00 --- CVE-2011/CVE-2011-43xx/CVE-2011-4330.json | 52 ++++- CVE-2012/CVE-2012-21xx/CVE-2012-2123.json | 82 ++++++-- CVE-2012/CVE-2012-21xx/CVE-2012-2136.json | 114 +++++------ CVE-2020/CVE-2020-124xx/CVE-2020-12464.json | 202 ++++++++++++++++++-- CVE-2022/CVE-2022-32xx/CVE-2022-3248.json | 69 ++++++- CVE-2022/CVE-2022-44xx/CVE-2022-4479.json | 6 +- CVE-2023/CVE-2023-273xx/CVE-2023-27315.json | 55 ++++++ CVE-2023/CVE-2023-321xx/CVE-2023-32124.json | 55 ++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41131.json | 55 ++++++ CVE-2023/CVE-2023-418xx/CVE-2023-41858.json | 47 ++++- CVE-2023/CVE-2023-443xx/CVE-2023-44390.json | 57 +++++- CVE-2023/CVE-2023-451xx/CVE-2023-45102.json | 55 ++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45103.json | 55 ++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45106.json | 55 ++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45160.json | 75 +++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5476.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5477.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5478.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5479.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5481.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5483.json | 71 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5484.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5485.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5486.json | 70 ++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5487.json | 70 ++++++- README.md | 73 +++---- 26 files changed, 1597 insertions(+), 211 deletions(-) create mode 100644 CVE-2023/CVE-2023-273xx/CVE-2023-27315.json create mode 100644 CVE-2023/CVE-2023-321xx/CVE-2023-32124.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41131.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45102.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45103.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45106.json diff --git a/CVE-2011/CVE-2011-43xx/CVE-2011-4330.json b/CVE-2011/CVE-2011-43xx/CVE-2011-4330.json index ced1a25ff69..270c9cedd12 100644 --- a/CVE-2011/CVE-2011-43xx/CVE-2011-4330.json +++ b/CVE-2011/CVE-2011-43xx/CVE-2011-4330.json @@ -2,8 +2,8 @@ "id": "CVE-2011-4330", "sourceIdentifier": "secalert@redhat.com", "published": "2012-01-27T15:55:04.597", - "lastModified": "2023-02-13T04:32:50.167", - "vulnStatus": "Modified", + "lastModified": "2023-10-12T14:13:03.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -62,8 +62,16 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*", - "matchCriteriaId": "0FC560CC-F785-42D5-A25B-1BA02E7AC464" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.0.10", + "matchCriteriaId": "4BE792C8-F222-43B6-9EF2-68826728E97A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "3.1.2", + "matchCriteriaId": "24E7A674-804A-4E91-ABE4-FCCD7651F43E" } ] } @@ -73,27 +81,51 @@ "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=bc5b8a9003132ae44559edd63a1623", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2011/11/21/14", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2011/11/21/5", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/50750", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755431", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://lkml.org/lkml/2011/11/9/303", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2012/CVE-2012-21xx/CVE-2012-2123.json b/CVE-2012/CVE-2012-21xx/CVE-2012-2123.json index 326838bb2e1..15d5e594f42 100644 --- a/CVE-2012/CVE-2012-21xx/CVE-2012-2123.json +++ b/CVE-2012/CVE-2012-21xx/CVE-2012-2123.json @@ -2,8 +2,8 @@ "id": "CVE-2012-2123", "sourceIdentifier": "secalert@redhat.com", "published": "2012-05-17T11:00:38.367", - "lastModified": "2023-02-13T00:24:15.200", - "vulnStatus": "Modified", + "lastModified": "2023-10-12T14:12:18.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,8 +63,22 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.3.1", - "matchCriteriaId": "A414BCFE-F436-4E67-BF24-05766DA92376" + "versionEndExcluding": "3.0.29", + "matchCriteriaId": "78E044CC-A7B5-4457-9CE9-C1B6A2151C9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "3.2.16", + "matchCriteriaId": "1BC85A39-2EFC-4468-9C66-7455CD4EF690" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.3", + "versionEndExcluding": "3.3.3", + "matchCriteriaId": "77EDD976-8BC1-491C-A240-34C0BA4AC31D" } ] } @@ -74,47 +88,85 @@ "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d52fc5dde171f030170a6cb78034d166b13c9445", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2012-0670.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.debian.org/security/2012/dsa-2469", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.3", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2012/04/20/6", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/53166", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1027072", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=806722", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75043", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "VDB Entry" + ] }, { "url": "https://github.com/torvalds/linux/commit/d52fc5dde171f030170a6cb78034d166b13c9445", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2012/CVE-2012-21xx/CVE-2012-2136.json b/CVE-2012/CVE-2012-21xx/CVE-2012-2136.json index 152e8f00e0c..8057c2efb63 100644 --- a/CVE-2012/CVE-2012-21xx/CVE-2012-2136.json +++ b/CVE-2012/CVE-2012-21xx/CVE-2012-2136.json @@ -2,8 +2,8 @@ "id": "CVE-2012-2136", "sourceIdentifier": "secalert@redhat.com", "published": "2012-08-09T10:29:46.870", - "lastModified": "2023-02-13T04:33:23.453", - "vulnStatus": "Modified", + "lastModified": "2023-10-12T14:12:02.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,63 +63,22 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.4.4", - "matchCriteriaId": "DEB7BA7C-580F-4A05-8A66-2FC332E9FE4C" + "versionEndExcluding": "3.0.37", + "matchCriteriaId": "11F3BF95-7AFA-4678-8F7C-1B29BDA05822" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", - "matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1", + "versionEndExcluding": "3.2.23", + "matchCriteriaId": "8B4D48FD-F61E-4443-A0CD-A7A5D139C6D3" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", - "matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", - "matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", - "matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", - "matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", - "matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", - "matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", - "matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", - "matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", - "matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.3", + "versionEndExcluding": "3.4.5", + "matchCriteriaId": "478D8BEC-1557-40DC-8AB2-42424B19D0A9" } ] } @@ -129,35 +88,68 @@ "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2012-1087.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/50807", + "source": "secalert@redhat.com", + "tags": [ + "URL Repurposed" + ] }, { "url": "http://ubuntu.com/usn/usn-1529-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "http://www.securityfocus.com/bid/53721", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-1535-1", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816289", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc", diff --git a/CVE-2020/CVE-2020-124xx/CVE-2020-12464.json b/CVE-2020/CVE-2020-124xx/CVE-2020-12464.json index d97cb968e8f..839e75f6505 100644 --- a/CVE-2020/CVE-2020-124xx/CVE-2020-12464.json +++ b/CVE-2020/CVE-2020-124xx/CVE-2020-12464.json @@ -2,8 +2,8 @@ "id": "CVE-2020-12464", "sourceIdentifier": "cve@mitre.org", "published": "2020-04-29T18:15:13.597", - "lastModified": "2020-06-22T22:15:12.430", - "vulnStatus": "Modified", + "lastModified": "2023-10-12T14:10:21.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -85,8 +85,140 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.16.85", + "matchCriteriaId": "4F9567FB-F394-443B-9A95-1DA060A9CCA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "4.4.221", + "matchCriteriaId": "37309B4F-90F2-4B13-A8F4-5A9F0FE59052" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.221", + "matchCriteriaId": "89728144-CE11-450A-A8ED-3C0606DB6806" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.178", + "matchCriteriaId": "1E600389-8ACB-4C7B-A74A-3A8343ACE6D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.119", + "matchCriteriaId": "C0FB4B86-B8D8-473E-8D1D-3C058D143AF6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.36", + "matchCriteriaId": "0ABDE4F3-29C6-459E-B0B7-751B93447AF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", "versionEndExcluding": "5.6.8", - "matchCriteriaId": "BD585B38-A4DA-436C-8F92-3334BD7A443B" + "matchCriteriaId": "D62C084A-6676-40AF-868A-D90CDFAB7DDD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", + "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", + "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", + "matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", + "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", + "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*", + "matchCriteriaId": "78BE572F-45C1-467F-918F-FB1276F6B495" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", + "matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*", + "matchCriteriaId": "646FFC2B-6DC4-4BD8-AAE0-81895D397700" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", + "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_storage_nodes:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855D6A52-F96F-4CA0-A59C-4D42173F22E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_storage_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D452B464-1200-4B72-9A89-42DC58486191" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9FED1B0D-F901-413A-85D9-05D4C427570D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*", + "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276" } ] } @@ -96,7 +228,10 @@ "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.8", @@ -124,15 +259,25 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lkml.org/lkml/2020/3/23/52", @@ -152,35 +297,62 @@ }, { "url": "https://security.netapp.com/advisory/ntap-20200608-0001/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4387-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4388-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4389-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4390-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4391-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.debian.org/security/2020/dsa-4698", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.debian.org/security/2020/dsa-4699", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-32xx/CVE-2022-3248.json b/CVE-2022/CVE-2022-32xx/CVE-2022-3248.json index 122edbfb662..4651076d0a6 100644 --- a/CVE-2022/CVE-2022-32xx/CVE-2022-3248.json +++ b/CVE-2022/CVE-2022-32xx/CVE-2022-3248.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3248", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-05T14:15:09.650", - "lastModified": "2023-10-05T16:22:20.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T14:08:01.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -38,14 +58,55 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2022-3248", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072188", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-44xx/CVE-2022-4479.json b/CVE-2022/CVE-2022-44xx/CVE-2022-4479.json index 6630c84c852..bb818095d3e 100644 --- a/CVE-2022/CVE-2022-44xx/CVE-2022-4479.json +++ b/CVE-2022/CVE-2022-44xx/CVE-2022-4479.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4479", "sourceIdentifier": "contact@wpscan.com", "published": "2023-01-09T23:15:28.340", - "lastModified": "2023-01-13T06:31:23.103", + "lastModified": "2023-10-12T15:28:18.043", "vulnStatus": "Analyzed", "descriptions": [ { @@ -55,9 +55,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:table_of_contents_plus_project:table_of_contents_plus:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:dublue:table_of_contents_plus:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2212", - "matchCriteriaId": "7D6B90FF-C078-4908-BAAE-F4F6D84BD33C" + "matchCriteriaId": "6A511882-1C9D-4D88-B6F3-4DC682952AE0" } ] } diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27315.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27315.json new file mode 100644 index 00000000000..75ab2d3cb6a --- /dev/null +++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27315.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-27315", + "sourceIdentifier": "security-alert@netapp.com", + "published": "2023-10-12T14:15:10.170", + "lastModified": "2023-10-12T14:15:10.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SnapGathers versions prior to 4.9 are susceptible to a vulnerability \nwhich could allow a local authenticated attacker to discover plaintext \ndomain user credentials" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-alert@netapp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-alert@netapp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-256" + } + ] + } + ], + "references": [ + { + "url": "https://security.netapp.com/advisory/ntap-20231009-0002/", + "source": "security-alert@netapp.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32124.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32124.json new file mode 100644 index 00000000000..b4c1461b1a5 --- /dev/null +++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32124.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32124", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-12T15:15:46.867", + "lastModified": "2023-10-12T15:15:46.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <=\u00a01.3.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/publish-confirm-message/wordpress-publish-confirm-message-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41131.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41131.json new file mode 100644 index 00000000000..1440356eda6 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41131.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41131", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-12T15:15:46.980", + "lastModified": "2023-10-12T15:15:46.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <=\u00a02.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/spotify-play-button-for-wordpress/wordpress-sp-tify-play-button-for-wordpress-plugin-2-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json index c4710e4bc9e..c2ecda59869 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41858", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-10T09:15:10.167", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:25:50.593", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:order_delivery_date_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "3F0FAC90-7C0C-43B3-9BBA-13E9EC5C4E38" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/order-delivery-date/wordpress-order-delivery-date-for-wp-e-commerce-plugin-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-443xx/CVE-2023-44390.json b/CVE-2023/CVE-2023-443xx/CVE-2023-44390.json index f2590df1fcb..a3b8596657c 100644 --- a/CVE-2023/CVE-2023-443xx/CVE-2023-44390.json +++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44390.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44390", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-05T14:15:09.737", - "lastModified": "2023-10-05T16:22:20.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T14:07:35.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:htmlsanitizer_project:htmlsanitizer:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.723", + "matchCriteriaId": "FAB4C837-7F45-4E79-B35B-C85CA2326762" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:htmlsanitizer_project:htmlsanitizer:8.1.719:beta:*:*:*:*:*:*", + "matchCriteriaId": "B85B1227-279E-41EA-B576-8AD3528F5629" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mganss/HtmlSanitizer/commit/ab29319866c020f0cc11e6b92228cd8039196c6e", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-43cp-6p3q-2pc4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45102.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45102.json new file mode 100644 index 00000000000..37b15dbe05e --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45102.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45102", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-12T15:15:47.070", + "lastModified": "2023-10-12T15:15:47.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <=\u00a01.20 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/blog-manager-light/wordpress-blog-manager-light-plugin-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45103.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45103.json new file mode 100644 index 00000000000..09f53c07e89 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45103.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45103", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-12T15:15:47.160", + "lastModified": "2023-10-12T15:15:47.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <=\u00a02.8.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/permalinks-customizer/wordpress-permalinks-customizer-plugin-2-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45106.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45106.json new file mode 100644 index 00000000000..d1b1ee61715 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45106.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-45106", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-12T15:15:47.253", + "lastModified": "2023-10-12T15:15:47.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <=\u00a02.8.33 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/urvanov-syntax-highlighter/wordpress-urvanov-syntax-highlighter-plugin-2-8-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json index 5ce48b0c489..8229dffc0d8 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45160.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45160", "sourceIdentifier": "security@1e.com", "published": "2023-10-05T16:15:12.167", - "lastModified": "2023-10-05T16:22:20.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T14:07:03.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down\n\n" + }, + { + "lang": "es", + "value": "En la versi\u00f3n afectada del 1E Client, un usuario normal podr\u00eda subvertir los archivos de recursos de instrucciones descargados, por ejemplo, para sustituirlos por un script da\u00f1ino o reemplazando un archivo de script de recursos creado por una instrucci\u00f3n en tiempo de ejecuci\u00f3n con un script malicioso. Esto se solucion\u00f3 en el parche Q23094 ya que el directorio temporal del 1E Client ahora est\u00e1 bloqueado" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@1e.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "security@1e.com", "type": "Secondary", @@ -46,10 +80,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1e:client:8.1.2.62:*:*:*:*:windows:*:*", + "matchCriteriaId": "EF79F84B-2408-44F9-A7AD-D9CAB9C34A61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1e:client:8.4.1.159:*:*:*:*:windows:*:*", + "matchCriteriaId": "4A156058-6634-4C59-831B-9A6E7C95BE84" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1e:client:9.0.1.88:*:*:*:*:windows:*:*", + "matchCriteriaId": "66EA1F19-4432-4D9F-82DD-91062B54284B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1e:client:23.7.1.151:*:*:*:*:windows:*:*", + "matchCriteriaId": "73A8F998-B3AF-46C6-B4E5-3FEF6EA25A99" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.1e.com/trust-security-compliance/cve-info/", - "source": "security@1e.com" + "source": "security@1e.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json index 8a4f705960f..be18f6a3e0a 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5476.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5476", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.650", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:50:51.520", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1474253", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json index e7f86258b36..dddc246b7ef 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5477.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5477", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.700", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:50:34.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1472558", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json index 3a42406c3b9..7a39282ab58 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5478.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5478", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.747", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:50:09.673", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1472404", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json index 02d3ec50146..2313dc8f7d4 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5479.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5479", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.797", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:49:54.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1471253", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json index db9e323a498..6a3c42e78b1 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5481.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5481", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.850", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:49:34.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1458934", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json index 23f64eee0e1..a5722b2314d 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5483.json @@ -2,23 +2,84 @@ "id": "CVE-2023-5483", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.897", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:49:19.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1425355", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json index 69682e30c32..bbcce805975 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5484.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5484", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:10.950", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:49:06.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1414936", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json index ada040c8a62..61fbd28a7c8 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5485.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5485", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.007", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:48:50.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1395164", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json index 370143e36c9..287c96ee520 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5486.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5486", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.060", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:48:22.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1357442", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json index 7667eb8572f..257c92772d0 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5487.json @@ -2,23 +2,83 @@ "id": "CVE-2023-5487", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-10-11T23:15:11.110", - "lastModified": "2023-10-12T12:59:39.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-12T15:47:43.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "118.0.5993.70", + "matchCriteriaId": "5F6A81E4-0BDA-4294-BAC9-62B76E18B5BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1062251", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 58ea723ecbe..ccc870257e2 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-12T14:00:28.060274+00:00 +2023-10-12T16:00:24.623863+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-12T13:31:56.897000+00:00 +2023-10-12T15:50:51.520000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227659 +227665 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `6` -* [CVE-2023-23651](CVE-2023/CVE-2023-236xx/CVE-2023-23651.json) (`2023-10-12T12:15:10.223`) -* [CVE-2023-23737](CVE-2023/CVE-2023-237xx/CVE-2023-23737.json) (`2023-10-12T12:15:10.313`) -* [CVE-2023-43789](CVE-2023/CVE-2023-437xx/CVE-2023-43789.json) (`2023-10-12T12:15:10.710`) -* [CVE-2023-5045](CVE-2023/CVE-2023-50xx/CVE-2023-5045.json) (`2023-10-12T12:15:10.777`) -* [CVE-2023-5046](CVE-2023/CVE-2023-50xx/CVE-2023-5046.json) (`2023-10-12T12:15:10.867`) -* [CVE-2023-44998](CVE-2023/CVE-2023-449xx/CVE-2023-44998.json) (`2023-10-12T13:15:10.163`) -* [CVE-2023-45011](CVE-2023/CVE-2023-450xx/CVE-2023-45011.json) (`2023-10-12T13:15:10.353`) -* [CVE-2023-45048](CVE-2023/CVE-2023-450xx/CVE-2023-45048.json) (`2023-10-12T13:15:10.440`) -* [CVE-2023-45052](CVE-2023/CVE-2023-450xx/CVE-2023-45052.json) (`2023-10-12T13:15:10.543`) -* [CVE-2023-45058](CVE-2023/CVE-2023-450xx/CVE-2023-45058.json) (`2023-10-12T13:15:10.713`) -* [CVE-2023-45060](CVE-2023/CVE-2023-450xx/CVE-2023-45060.json) (`2023-10-12T13:15:10.800`) -* [CVE-2023-45063](CVE-2023/CVE-2023-450xx/CVE-2023-45063.json) (`2023-10-12T13:15:10.897`) -* [CVE-2023-45068](CVE-2023/CVE-2023-450xx/CVE-2023-45068.json) (`2023-10-12T13:15:11.063`) +* [CVE-2023-27315](CVE-2023/CVE-2023-273xx/CVE-2023-27315.json) (`2023-10-12T14:15:10.170`) +* [CVE-2023-32124](CVE-2023/CVE-2023-321xx/CVE-2023-32124.json) (`2023-10-12T15:15:46.867`) +* [CVE-2023-41131](CVE-2023/CVE-2023-411xx/CVE-2023-41131.json) (`2023-10-12T15:15:46.980`) +* [CVE-2023-45102](CVE-2023/CVE-2023-451xx/CVE-2023-45102.json) (`2023-10-12T15:15:47.070`) +* [CVE-2023-45103](CVE-2023/CVE-2023-451xx/CVE-2023-45103.json) (`2023-10-12T15:15:47.160`) +* [CVE-2023-45106](CVE-2023/CVE-2023-451xx/CVE-2023-45106.json) (`2023-10-12T15:15:47.253`) ### CVEs modified in the last Commit -Recently modified CVEs: `45` +Recently modified CVEs: `19` -* [CVE-2023-5470](CVE-2023/CVE-2023-54xx/CVE-2023-5470.json) (`2023-10-12T12:59:34.797`) -* [CVE-2023-45047](CVE-2023/CVE-2023-450xx/CVE-2023-45047.json) (`2023-10-12T12:59:34.797`) -* [CVE-2023-5554](CVE-2023/CVE-2023-55xx/CVE-2023-5554.json) (`2023-10-12T12:59:34.797`) -* [CVE-2023-5555](CVE-2023/CVE-2023-55xx/CVE-2023-5555.json) (`2023-10-12T12:59:34.797`) -* [CVE-2023-5556](CVE-2023/CVE-2023-55xx/CVE-2023-5556.json) (`2023-10-12T12:59:34.797`) -* [CVE-2023-39325](CVE-2023/CVE-2023-393xx/CVE-2023-39325.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-44189](CVE-2023/CVE-2023-441xx/CVE-2023-44189.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-44190](CVE-2023/CVE-2023-441xx/CVE-2023-44190.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5218](CVE-2023/CVE-2023-52xx/CVE-2023-5218.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5473](CVE-2023/CVE-2023-54xx/CVE-2023-5473.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5474](CVE-2023/CVE-2023-54xx/CVE-2023-5474.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5475](CVE-2023/CVE-2023-54xx/CVE-2023-5475.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5476](CVE-2023/CVE-2023-54xx/CVE-2023-5476.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5477](CVE-2023/CVE-2023-54xx/CVE-2023-5477.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5478](CVE-2023/CVE-2023-54xx/CVE-2023-5478.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5479](CVE-2023/CVE-2023-54xx/CVE-2023-5479.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5481](CVE-2023/CVE-2023-54xx/CVE-2023-5481.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5483](CVE-2023/CVE-2023-54xx/CVE-2023-5483.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5484](CVE-2023/CVE-2023-54xx/CVE-2023-5484.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5485](CVE-2023/CVE-2023-54xx/CVE-2023-5485.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5486](CVE-2023/CVE-2023-54xx/CVE-2023-5486.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-5487](CVE-2023/CVE-2023-54xx/CVE-2023-5487.json) (`2023-10-12T12:59:39.183`) -* [CVE-2023-39194](CVE-2023/CVE-2023-391xx/CVE-2023-39194.json) (`2023-10-12T13:00:04.280`) -* [CVE-2023-28617](CVE-2023/CVE-2023-286xx/CVE-2023-28617.json) (`2023-10-12T13:15:10.023`) -* [CVE-2023-20231](CVE-2023/CVE-2023-202xx/CVE-2023-20231.json) (`2023-10-12T13:30:05.050`) +* [CVE-2011-4330](CVE-2011/CVE-2011-43xx/CVE-2011-4330.json) (`2023-10-12T14:13:03.737`) +* [CVE-2012-2136](CVE-2012/CVE-2012-21xx/CVE-2012-2136.json) (`2023-10-12T14:12:02.680`) +* [CVE-2012-2123](CVE-2012/CVE-2012-21xx/CVE-2012-2123.json) (`2023-10-12T14:12:18.073`) +* [CVE-2020-12464](CVE-2020/CVE-2020-124xx/CVE-2020-12464.json) (`2023-10-12T14:10:21.507`) +* [CVE-2022-3248](CVE-2022/CVE-2022-32xx/CVE-2022-3248.json) (`2023-10-12T14:08:01.847`) +* [CVE-2022-4479](CVE-2022/CVE-2022-44xx/CVE-2022-4479.json) (`2023-10-12T15:28:18.043`) +* [CVE-2023-45160](CVE-2023/CVE-2023-451xx/CVE-2023-45160.json) (`2023-10-12T14:07:03.700`) +* [CVE-2023-44390](CVE-2023/CVE-2023-443xx/CVE-2023-44390.json) (`2023-10-12T14:07:35.723`) +* [CVE-2023-41858](CVE-2023/CVE-2023-418xx/CVE-2023-41858.json) (`2023-10-12T15:25:50.593`) +* [CVE-2023-5487](CVE-2023/CVE-2023-54xx/CVE-2023-5487.json) (`2023-10-12T15:47:43.260`) +* [CVE-2023-5486](CVE-2023/CVE-2023-54xx/CVE-2023-5486.json) (`2023-10-12T15:48:22.557`) +* [CVE-2023-5485](CVE-2023/CVE-2023-54xx/CVE-2023-5485.json) (`2023-10-12T15:48:50.690`) +* [CVE-2023-5484](CVE-2023/CVE-2023-54xx/CVE-2023-5484.json) (`2023-10-12T15:49:06.953`) +* [CVE-2023-5483](CVE-2023/CVE-2023-54xx/CVE-2023-5483.json) (`2023-10-12T15:49:19.497`) +* [CVE-2023-5481](CVE-2023/CVE-2023-54xx/CVE-2023-5481.json) (`2023-10-12T15:49:34.023`) +* [CVE-2023-5479](CVE-2023/CVE-2023-54xx/CVE-2023-5479.json) (`2023-10-12T15:49:54.053`) +* [CVE-2023-5478](CVE-2023/CVE-2023-54xx/CVE-2023-5478.json) (`2023-10-12T15:50:09.673`) +* [CVE-2023-5477](CVE-2023/CVE-2023-54xx/CVE-2023-5477.json) (`2023-10-12T15:50:34.707`) +* [CVE-2023-5476](CVE-2023/CVE-2023-54xx/CVE-2023-5476.json) (`2023-10-12T15:50:51.520`) ## Download and Usage