From 4ab39d6c1b6cc23dcf4e219524004cd6db73a60c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 10 Oct 2023 16:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-10T16:00:25.314327+00:00 --- CVE-2015/CVE-2015-81xx/CVE-2015-8104.json | 8 +- CVE-2022/CVE-2022-471xx/CVE-2022-47175.json | 51 ++++++++- CVE-2023/CVE-2023-250xx/CVE-2023-25033.json | 51 ++++++++- CVE-2023/CVE-2023-254xx/CVE-2023-25480.json | 51 ++++++++- CVE-2023/CVE-2023-274xx/CVE-2023-27448.json | 51 ++++++++- CVE-2023/CVE-2023-276xx/CVE-2023-27615.json | 63 +++++++++++- CVE-2023/CVE-2023-308xx/CVE-2023-30801.json | 59 +++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30802.json | 63 ++++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30803.json | 63 ++++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30804.json | 63 ++++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30805.json | 63 ++++++++++++ CVE-2023/CVE-2023-308xx/CVE-2023-30806.json | 63 ++++++++++++ CVE-2023/CVE-2023-400xx/CVE-2023-40008.json | 51 ++++++++- CVE-2023/CVE-2023-406xx/CVE-2023-40671.json | 51 ++++++++- CVE-2023/CVE-2023-407xx/CVE-2023-40745.json | 94 ++++++++++++++++- CVE-2023/CVE-2023-411xx/CVE-2023-41175.json | 94 ++++++++++++++++- CVE-2023/CVE-2023-41xx/CVE-2023-4101.json | 60 ++++++++++- CVE-2023/CVE-2023-41xx/CVE-2023-4102.json | 60 ++++++++++- CVE-2023/CVE-2023-424xx/CVE-2023-42449.json | 84 +++++++++++++-- CVE-2023/CVE-2023-442xx/CVE-2023-44211.json | 85 ++++++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44212.json | 90 +++++++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44213.json | 75 +++++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44214.json | 85 ++++++++++++++- CVE-2023/CVE-2023-442xx/CVE-2023-44241.json | 55 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44470.json | 55 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44471.json | 55 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44475.json | 55 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44476.json | 55 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44487.json | 108 ++++++++++++++++++++ CVE-2023/CVE-2023-448xx/CVE-2023-44821.json | 8 +- CVE-2023/CVE-2023-449xx/CVE-2023-44994.json | 55 ++++++++++ CVE-2023/CVE-2023-452xx/CVE-2023-45240.json | 85 ++++++++++++++- CVE-2023/CVE-2023-452xx/CVE-2023-45241.json | 85 ++++++++++++++- CVE-2023/CVE-2023-452xx/CVE-2023-45242.json | 85 ++++++++++++++- CVE-2023/CVE-2023-452xx/CVE-2023-45243.json | 85 ++++++++++++++- CVE-2023/CVE-2023-49xx/CVE-2023-4966.json | 55 ++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5168.json | 6 +- CVE-2023/CVE-2023-53xx/CVE-2023-5370.json | 61 ++++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5441.json | 60 ++++++++++- CVE-2023/CVE-2023-54xx/CVE-2023-5488.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5489.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5490.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5491.json | 88 ++++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5499.json | 55 ++++++++++ README.md | 99 +++++++++--------- 45 files changed, 2818 insertions(+), 134 deletions(-) create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30801.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30802.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30803.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30804.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30805.json create mode 100644 CVE-2023/CVE-2023-308xx/CVE-2023-30806.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44241.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44470.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44471.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44475.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44476.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44487.json create mode 100644 CVE-2023/CVE-2023-449xx/CVE-2023-44994.json create mode 100644 CVE-2023/CVE-2023-49xx/CVE-2023-4966.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5488.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5489.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5490.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5491.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5499.json diff --git a/CVE-2015/CVE-2015-81xx/CVE-2015-8104.json b/CVE-2015/CVE-2015-81xx/CVE-2015-8104.json index aedf55faff7..b3687ad9071 100644 --- a/CVE-2015/CVE-2015-81xx/CVE-2015-8104.json +++ b/CVE-2015/CVE-2015-81xx/CVE-2015-8104.json @@ -2,8 +2,8 @@ "id": "CVE-2015-8104", "sourceIdentifier": "cve@mitre.org", "published": "2015-11-16T11:59:12.043", - "lastModified": "2019-02-13T20:52:22.473", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T15:15:09.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -446,6 +446,10 @@ "Third Party Advisory" ] }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/10/4", + "source": "cve@mitre.org" + }, { "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "source": "cve@mitre.org", diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47175.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47175.json index f81aa2c60e3..18e16874ecc 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47175.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47175.json @@ -2,16 +2,40 @@ "id": "CVE-2022-47175", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.097", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:55.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <=\u00a01.3.75 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento P Royal Royal Elementor Addons and Templates en versiones <= 1.3.75." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:royal-elementor-addons:royal_elementor_addons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.75", + "matchCriteriaId": "97162648-AE19-4E96-9775-C883BF7B5B7C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/royal-elementor-addons/wordpress-royal-elementor-addons-plugin-1-3-75-multiple-cross-site-request-forgery-csrf?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25033.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25033.json index 5f815ae882f..31160d14e39 100644 --- a/CVE-2023/CVE-2023-250xx/CVE-2023-25033.json +++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25033.json @@ -2,16 +2,40 @@ "id": "CVE-2023-25033", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.207", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:49.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <=\u00a04.5 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Sumo Social Share Boost en versiones <= 4.5." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sumo:social_share_boost:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.5", + "matchCriteriaId": "BE971C23-8CE3-4E64-9E4F-888EF2308CE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/social-share-boost/wordpress-social-share-boost-plugin-4-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25480.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25480.json index 0029788a295..67269308737 100644 --- a/CVE-2023/CVE-2023-254xx/CVE-2023-25480.json +++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25480.json @@ -2,16 +2,40 @@ "id": "CVE-2023-25480", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.300", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:34.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid \u2013 Visual Drag and Drop Editor plugin <=\u00a01.24.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BoldGrid Post y Page Builder por BoldGrid \u2013 complemento Visual Drag and Drop Editor en versiones <= 1.24.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:boldgrid:post_and_page_builder_by_boldgrid_-_visual_drag_and_drop_editor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.24.1", + "matchCriteriaId": "FA3484B5-0931-4A7F-89F4-D17FCB66F3B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-24-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-274xx/CVE-2023-27448.json b/CVE-2023/CVE-2023-274xx/CVE-2023-27448.json index 03fab6d6a26..b117bcf4824 100644 --- a/CVE-2023/CVE-2023-274xx/CVE-2023-27448.json +++ b/CVE-2023/CVE-2023-274xx/CVE-2023-27448.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27448", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.403", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:39.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <=\u00a02.8.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento MakeStories Team MakeStories (para Google Web Stories) en versiones <= 2.8.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:makestories:makestories_\\(for_google_web_stories\\):*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.8.0", + "matchCriteriaId": "E8E6C2FE-BDDF-4FA3-AF00-E89C2147DD78" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/makestories-helper/wordpress-makestories-for-google-web-stories-plugin-2-8-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27615.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27615.json index e6561aaaa53..5347f7017a1 100644 --- a/CVE-2023/CVE-2023-276xx/CVE-2023-27615.json +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27615.json @@ -2,16 +2,40 @@ "id": "CVE-2023-27615", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.487", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:27.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <=\u00a01.5.1 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Dipak C. Gajjar WP Super Minify en versiones <= 1.5.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-352" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dipakgajjar:wp_super_minify:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.1", + "matchCriteriaId": "0A60D34C-77B2-4654-8B59-138D418987A3" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-super-minify/wordpress-wp-super-minify-plugin-1-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json new file mode 100644 index 00000000000..519f69626af --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-30801", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T14:15:10.493", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1392" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/qbittorrent/qBittorrent/issues/18731", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/qbittorrent-default-creds", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json new file mode 100644 index 00000000000..52f71b11008 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30802.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-30802", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T15:15:09.880", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-540" + } + ] + } + ], + "references": [ + { + "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/sangfor-ngaf-source", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json new file mode 100644 index 00000000000..e22a0307593 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30803.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-30803", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T15:15:09.957", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "references": [ + { + "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-bypass", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json new file mode 100644 index 00000000000..19a28699734 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30804.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-30804", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T15:15:10.033", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/sangfor-ngaf-auth-file-disclosure", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json new file mode 100644 index 00000000000..d01193112b2 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30805.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-30805", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T15:15:10.107", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the \"un\" parameter.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/sangfor-ngaf-username-rce", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json new file mode 100644 index 00000000000..19d88eb7fd9 --- /dev/null +++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30806.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-30806", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2023-10-10T15:15:10.170", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://aws.amazon.com/marketplace/pp/prodview-uujwjffddxzp4", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/sangfor-ngaf-sessid-rce", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40008.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40008.json index c5c14642c99..47c673fd046 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40008.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40008.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40008", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.573", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:19.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=\u00a02.3.4 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Gangesh Matta Simple Org Chart en versiones <= 2.3.4." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechforce:simple_org_chart:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.3.4", + "matchCriteriaId": "7778924C-36E7-4303-8DEF-110138627D37" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simple-org-chart/wordpress-simple-org-chart-plugin-2-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40671.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40671.json index e9cf6973762..2fd590a3233 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40671.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40671.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40671", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-06T13:15:12.660", - "lastModified": "2023-10-06T13:17:35.473", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:54:14.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <=\u00a01.4.0 versions." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento wp DX-auto-save-images en versiones <= 1.4.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:daxiawp:dx-auto-save-images:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.4.0", + "matchCriteriaId": "25029814-D742-4AA2-8BBF-8A235DAEF5BC" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/dx-auto-save-images/wordpress-dx-auto-save-images-plugin-1-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40745.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40745.json index af4bed7d5fd..b7dd786b03f 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40745.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40745.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40745", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-05T19:15:11.260", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:52:48.833", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow." + }, + { + "lang": "es", + "value": "LibTIFF es vulnerable a un desbordamiento de enteros. Esta falla permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de una imagen tiff manipulada, lo que desencadena un desbordamiento del b\u00fafer." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,76 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.6.0", + "matchCriteriaId": "B37DB8C1-31DE-4D92-B4CD-EE365959F1D2" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-40745", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235265", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41175.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41175.json index 18e41eb81a0..3ee5ac61904 100644 --- a/CVE-2023/CVE-2023-411xx/CVE-2023-41175.json +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41175.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41175", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-05T19:15:11.340", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:52:33.190", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en libtiff debido a m\u00faltiples posibles desbordamientos de enteros en raw2tiff.c. Esta falla permite a atacantes remotos provocar una denegaci\u00f3n de servicio o posiblemente ejecutar un c\u00f3digo arbitrario a trav\u00e9s de una imagen tiff manipulada, lo que desencadena un desbordamiento del b\u00fafer." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,76 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.6.0", + "matchCriteriaId": "B37DB8C1-31DE-4D92-B4CD-EE365959F1D2" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-41175", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4101.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4101.json index 1215784459b..a28620e0d79 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4101.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4101.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4101", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-03T12:15:10.973", - "lastModified": "2023-10-03T12:51:39.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:26:51.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application." + }, + { + "lang": "es", + "value": "El SSO de inicio de sesi\u00f3n de QSige no tiene un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4102.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4102.json index 5a0bd307a65..46584550a72 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4102.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4102.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4102", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-03T12:15:11.040", - "lastModified": "2023-10-03T12:51:39.727", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:29:05.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application." + }, + { + "lang": "es", + "value": "El SSO de inicio de sesi\u00f3n de QSige no tiene un mecanismo de control de acceso para verificar si el usuario que solicita un recurso tiene permisos suficientes para hacerlo. Como requisito previo, es necesario iniciar sesi\u00f3n en la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qsige:qsige:3.0.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5BBAF4E7-336E-4D97-BECC-0C4349F37377" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-idm-sistemas-qsige", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42449.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42449.json index 6a76a8c4252..3e058cb0773 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42449.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42449.json @@ -2,16 +2,40 @@ "id": "CVE-2023-42449", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-04T20:15:10.107", - "lastModified": "2023-10-05T00:48:59.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:53:53.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`.\n\nDuring the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom).\n\nThe malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT.\n\nVersion 0.13.0 fixes this issue." + }, + { + "lang": "es", + "value": "Hydra es la soluci\u00f3n de escalabilidad de dos capas para Cardano. Antes de la versi\u00f3n 0.13.0, es posible que un inicializador de \"head\" malicioso extraiga uno o m\u00e1s PT para el \"head\" que est\u00e1 inicializando debido a una l\u00f3gica de validaci\u00f3n de datos incorrecta en la pol\u00edtica de acu\u00f1aci\u00f3n de tokens del \"head\", lo que luego resulta en una verificaci\u00f3n defectuosa para quemar el \"head\" ST en el validador \"initial\". Esto es posible porque no se verifica en \"HeadTokens.hs\" que los datos de las salidas en el validador \"initial\" sean iguales al ID del \"head\" real, y tampoco se verifica en el \"off-chain code\". Durante el estado \"Initial\" del protocolo, si el inicializador malicioso elimina un PT de los scripts de Hydra, resulta imposible para cualquier otro participante obtener los fondos que han intentado hacer \"commit\" en el \"head\", ya que para hacerlo, la transacci\u00f3n Abort debe quemar todos los PT para el \"head\", pero no pueden quemar el PT que controla el atacante y, por lo tanto, no pueden satisfacer este requisito. Eso significa que el inicializador puede bloquear los fondos hechos \"committed\" de los otros participantes para siempre o hasta que decidan devolver el PT (rescate). El inicializador malicioso tambi\u00e9n puede usar el PT para simular un \"committed\" en un TxO particular cuando el \"head\" avanza al estado \"Open\". Por ejemplo, podr\u00edan decir que hicieron \"committed\" a un TxO residiendo en su direcci\u00f3n que conten\u00eda 100 ADA, pero en realidad estos 100 ADA no se movieron al \"head\" y, por lo tanto, para que otro participante realice el fanout se ver\u00e1n obligados a pagar al atacante los 100 ADA de sus propios fondos, ya que la transacci\u00f3n fanout debe pagar todos los TxO que hicieron \"committed\" (aunque el atacante realiz\u00f3 el \"commit\" TxO). Pueden hacer esto colocando el PT en un UTxO con un dato \"Commit\" bien formado con el contenido que deseen y luego usar este UTxO en la transacci\u00f3n \"collectCom\". Puede haber otras formas posibles de abusar del control de un PT. La versi\u00f3n 0.13.0 soluciona este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,26 +80,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iohk:hydra:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.13.0", + "matchCriteriaId": "556BF21B-9F61-4C1D-BD51-A2EC64EA1CE7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-node/src/Hydra/Chain/Direct/Tx.hs#L645-L761", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/input-output-hk/hydra/blob/1e13b60a7b21c5ccd6c36e3cf220547f5d443cef/hydra-plutus/src/Hydra/Contract/Initial.hs#L84-L91", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/input-output-hk/hydra/blob/master/CHANGELOG.md#0130---2023-10-03", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/input-output-hk/hydra/blob/master/hydra-plutus/src/Hydra/Contract/HeadTokens.hs#L76-L136", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/input-output-hk/hydra/security/advisories/GHSA-9m8q-7wxv-v65p", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44211.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44211.json index af05834b0be..a54aa7e2e69 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44211.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44211.json @@ -2,15 +2,41 @@ "id": "CVE-2023-44211", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.377", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:50:19.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31637." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.02", + "matchCriteriaId": "6F4ABAEF-E87F-40CF-B8DA-5E70F9A480B1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-4061", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44212.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44212.json index 367ac224241..6d7d6cb22eb 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44212.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44212.json @@ -2,15 +2,41 @@ "id": "CVE-2023-44212", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.447", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:56:45.633", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n y manipulaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 31477." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,14 +82,60 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.01", + "matchCriteriaId": "0C48880C-A725-47B7-89C3-06963A2B89B1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/SEC-2159", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://security-advisory.acronis.com/advisories/SEC-5528", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44213.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44213.json index 8ea8f0777fb..a268ee71f06 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44213.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44213.json @@ -2,15 +2,41 @@ "id": "CVE-2023-44213", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.520", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:56:30.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n sensible debido a la recopilaci\u00f3n excesiva de informaci\u00f3n del sistema. Los siguientes productos se ven afectados: Acronis Agent (Windows) anterior a la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5286", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44214.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44214.json index faa6019110b..4c3baa04fc0 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44214.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44214.json @@ -2,15 +2,41 @@ "id": "CVE-2023-44214", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.587", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:56:49.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5902", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44241.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44241.json new file mode 100644 index 00000000000..185ddc5c447 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44241.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44241", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T14:15:10.617", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <=\u00a01.4.2 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/infusionsoft-landing-pages/wordpress-keap-landing-pages-plugin-1-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44470.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44470.json new file mode 100644 index 00000000000..61fefcde513 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44470.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44470", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T14:15:10.797", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <=\u00a01.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kv-tinymce-editor-fonts/wordpress-kv-tinymce-editor-add-fonts-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44471.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44471.json new file mode 100644 index 00000000000..7db7718e133 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44471.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44471", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T15:15:10.243", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <=\u00a02.1.10 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kau-boys-backend-localization/wordpress-backend-localization-plugin-2-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44475.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44475.json new file mode 100644 index 00000000000..2e78a909513 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44475.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44475", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T15:15:10.320", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <=\u00a02.0.9 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/add-actions-and-filters/wordpress-add-shortcodes-actions-and-filters-plugin-2-0-9-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44476.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44476.json new file mode 100644 index 00000000000..2019bd6cf55 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44476.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44476", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T15:15:10.397", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <=\u00a02.1 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/copyrightpro/wordpress-copyrightpro-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json new file mode 100644 index 00000000000..68e33afb47e --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2023-44487", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-10T14:15:10.883", + "lastModified": "2023-10-10T15:15:10.470", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", + "source": "cve@mitre.org" + }, + { + "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", + "source": "cve@mitre.org" + }, + { + "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", + "source": "cve@mitre.org" + }, + { + "url": "https://chaos.social/@icing/111210915918780532", + "source": "cve@mitre.org" + }, + { + "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", + "source": "cve@mitre.org" + }, + { + "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", + "source": "cve@mitre.org" + }, + { + "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/alibaba/tengine/issues/1872", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/bcdannyboy/CVE-2023-44487", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/caddyserver/caddy/issues/5877", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/eclipse/jetty.project/issues/10679", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/envoyproxy/envoy/pull/30055", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/haproxy/haproxy/issues/2312", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/hyperium/hyper/issues/3337", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/nghttp2/nghttp2/pull/1961", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=37830987", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=37830998", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=37831062", + "source": "cve@mitre.org" + }, + { + "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-448xx/CVE-2023-44821.json b/CVE-2023/CVE-2023-448xx/CVE-2023-44821.json index 5f1ad8b5623..d2976bdbb5b 100644 --- a/CVE-2023/CVE-2023-448xx/CVE-2023-44821.json +++ b/CVE-2023/CVE-2023-448xx/CVE-2023-44821.json @@ -2,12 +2,12 @@ "id": "CVE-2023-44821", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-09T20:15:10.583", - "lastModified": "2023-10-10T12:16:32.703", + "lastModified": "2023-10-10T15:15:10.547", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability in gifsicle v.1.92 allows a remote attacker to cause a denial of service via the --crop parameter in the command line parameters." + "value": "** DISPUTED ** Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line." }, { "lang": "es", @@ -19,6 +19,10 @@ { "url": "https://github.com/kohler/gifsicle/issues/195", "source": "cve@mitre.org" + }, + { + "url": "https://github.com/kohler/gifsicle/issues/65", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44994.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44994.json new file mode 100644 index 00000000000..dee82dda62e --- /dev/null +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44994.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44994", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-10T15:15:10.607", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <=\u00a01.9.8 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/shortcodes-ui/wordpress-shortcodes-ui-plugin-1-9-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45240.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45240.json index e9a9a378d4b..7448096418f 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45240.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45240.json @@ -2,15 +2,41 @@ "id": "CVE-2023-45240", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.680", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:55:56.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5904", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45241.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45241.json index 8d47f4ac83e..03786874c92 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45241.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45241.json @@ -2,15 +2,41 @@ "id": "CVE-2023-45241", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.757", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:55:45.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + }, + { + "lang": "es", + "value": "Se filtra informaci\u00f3n confidencial a trav\u00e9s de archivos de registro. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-5999", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45242.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45242.json index f9276b5f6e2..b44aa3b6765 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45242.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45242.json @@ -2,15 +2,41 @@ "id": "CVE-2023-45242", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.827", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:55:33.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-6018", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45243.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45243.json index 8cfef62049b..e76f424d30c 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45243.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45243.json @@ -2,15 +2,41 @@ "id": "CVE-2023-45243", "sourceIdentifier": "security@acronis.com", "published": "2023-10-05T22:15:12.890", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-10T14:55:20.177", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n sensible por falta de autorizaci\u00f3n. Los siguientes productos se ven afectados: Acronis Agent (Linux, macOS, Windows) antes de la compilaci\u00f3n 35739." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +61,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +82,53 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "c23.06", + "matchCriteriaId": "9E60A3DC-753B-453B-B288-58010A7B6E3E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-6019", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4966.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4966.json new file mode 100644 index 00000000000..4f18c6647d9 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4966.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4966", + "sourceIdentifier": "secure@citrix.com", + "published": "2023-10-10T14:15:10.977", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA ?virtual?server.\u00a0\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "secure@citrix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://support.citrix.com/article/CTX579459", + "source": "secure@citrix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5168.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5168.json index fcbb16fd4dc..827edc7161b 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5168.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5168.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5168", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-27T15:19:42.067", - "lastModified": "2023-09-29T18:44:04.247", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-10T15:15:10.773", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3." + "value": "A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json index a7a1a130504..cb62a5c3b41 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5370.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5370", "sourceIdentifier": "secteam@freebsd.org", "published": "2023-10-04T04:15:15.593", - "lastModified": "2023-10-04T12:56:06.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:58:09.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "En la CPU 0, se llama a la verificaci\u00f3n del workaround de SMCCC antes de que se haya inicializado el soporte de SMCCC. Esto result\u00f3 en que no se instalaran workarounds de ejecuci\u00f3n especulativa en la CPU 0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-665" + } + ] + }, { "source": "secteam@freebsd.org", "type": "Secondary", @@ -27,10 +60,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:freebsd:freebsd:13.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A87EFA20-DD6B-41C5-98FD-A29F67D2E732" + } + ] + } + ] + } + ], "references": [ { "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc", - "source": "secteam@freebsd.org" + "source": "secteam@freebsd.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json index 0a5126a9411..01ea0ff5eda 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5441", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-05T21:15:11.413", - "lastModified": "2023-10-05T23:14:04.503", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-10T14:51:58.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960." + }, + { + "lang": "es", + "value": "Desreferencia del puntero NULL en el repositorio de GitHub vim/vim anterior a 20d161ace307e28690229b68584f2d84556f8960." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.1994", + "matchCriteriaId": "B5232E4F-BD11-4DBF-B60E-C211E5D1B724" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5488.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5488.json new file mode 100644 index 00000000000..06a36c81848 --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5488.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5488", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-10T14:15:11.123", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241640", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241640", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5489.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5489.json new file mode 100644 index 00000000000..63a057d33eb --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5489.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5489", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-10T15:15:10.850", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20uploadfile.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241641", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241641", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5490.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5490.json new file mode 100644 index 00000000000..6f724ca619c --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5490.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5490", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-10T15:15:10.927", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/llixixi/cve/blob/main/s45_upload_%20userattestation.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241642", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241642", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5491.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5491.json new file mode 100644 index 00000000000..5c7c80f9bac --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5491.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5491", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-10T15:15:11.003", + "lastModified": "2023-10-10T15:47:36.710", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/llixixi/cve/blob/main/s45_upload_changelogo.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241643", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241643", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json new file mode 100644 index 00000000000..6c7368605b0 --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5499.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5499", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2023-10-10T14:15:11.213", + "lastModified": "2023-10-10T14:58:46.263", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/shenzhen-reachfar-v28-information-exposure", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a5e194ebf67..85941c61f43 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-10T14:00:25.269803+00:00 +2023-10-10T16:00:25.314327+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-10T13:44:00.017000+00:00 +2023-10-10T15:47:36.710000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227341 +227360 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `19` -* [CVE-2023-44763](CVE-2023/CVE-2023-447xx/CVE-2023-44763.json) (`2023-10-10T12:15:09.870`) -* [CVE-2023-39447](CVE-2023/CVE-2023-394xx/CVE-2023-39447.json) (`2023-10-10T13:15:20.613`) -* [CVE-2023-40534](CVE-2023/CVE-2023-405xx/CVE-2023-40534.json) (`2023-10-10T13:15:20.730`) -* [CVE-2023-40537](CVE-2023/CVE-2023-405xx/CVE-2023-40537.json) (`2023-10-10T13:15:20.840`) -* [CVE-2023-40542](CVE-2023/CVE-2023-405xx/CVE-2023-40542.json) (`2023-10-10T13:15:20.937`) -* [CVE-2023-41085](CVE-2023/CVE-2023-410xx/CVE-2023-41085.json) (`2023-10-10T13:15:21.050`) -* [CVE-2023-41253](CVE-2023/CVE-2023-412xx/CVE-2023-41253.json) (`2023-10-10T13:15:21.150`) -* [CVE-2023-41373](CVE-2023/CVE-2023-413xx/CVE-2023-41373.json) (`2023-10-10T13:15:21.227`) -* [CVE-2023-41964](CVE-2023/CVE-2023-419xx/CVE-2023-41964.json) (`2023-10-10T13:15:21.417`) -* [CVE-2023-42768](CVE-2023/CVE-2023-427xx/CVE-2023-42768.json) (`2023-10-10T13:15:21.507`) -* [CVE-2023-43485](CVE-2023/CVE-2023-434xx/CVE-2023-43485.json) (`2023-10-10T13:15:21.590`) -* [CVE-2023-43611](CVE-2023/CVE-2023-436xx/CVE-2023-43611.json) (`2023-10-10T13:15:21.687`) -* [CVE-2023-43746](CVE-2023/CVE-2023-437xx/CVE-2023-43746.json) (`2023-10-10T13:15:21.783`) -* [CVE-2023-43785](CVE-2023/CVE-2023-437xx/CVE-2023-43785.json) (`2023-10-10T13:15:21.877`) -* [CVE-2023-43786](CVE-2023/CVE-2023-437xx/CVE-2023-43786.json) (`2023-10-10T13:15:22.023`) -* [CVE-2023-43787](CVE-2023/CVE-2023-437xx/CVE-2023-43787.json) (`2023-10-10T13:15:22.083`) -* [CVE-2023-43788](CVE-2023/CVE-2023-437xx/CVE-2023-43788.json) (`2023-10-10T13:15:22.137`) -* [CVE-2023-45219](CVE-2023/CVE-2023-452xx/CVE-2023-45219.json) (`2023-10-10T13:15:22.297`) -* [CVE-2023-45226](CVE-2023/CVE-2023-452xx/CVE-2023-45226.json) (`2023-10-10T13:15:22.383`) -* [CVE-2023-5450](CVE-2023/CVE-2023-54xx/CVE-2023-5450.json) (`2023-10-10T13:15:22.617`) +* [CVE-2023-30801](CVE-2023/CVE-2023-308xx/CVE-2023-30801.json) (`2023-10-10T14:15:10.493`) +* [CVE-2023-44241](CVE-2023/CVE-2023-442xx/CVE-2023-44241.json) (`2023-10-10T14:15:10.617`) +* [CVE-2023-44470](CVE-2023/CVE-2023-444xx/CVE-2023-44470.json) (`2023-10-10T14:15:10.797`) +* [CVE-2023-4966](CVE-2023/CVE-2023-49xx/CVE-2023-4966.json) (`2023-10-10T14:15:10.977`) +* [CVE-2023-5488](CVE-2023/CVE-2023-54xx/CVE-2023-5488.json) (`2023-10-10T14:15:11.123`) +* [CVE-2023-5499](CVE-2023/CVE-2023-54xx/CVE-2023-5499.json) (`2023-10-10T14:15:11.213`) +* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T14:15:10.883`) +* [CVE-2023-30802](CVE-2023/CVE-2023-308xx/CVE-2023-30802.json) (`2023-10-10T15:15:09.880`) +* [CVE-2023-30803](CVE-2023/CVE-2023-308xx/CVE-2023-30803.json) (`2023-10-10T15:15:09.957`) +* [CVE-2023-30804](CVE-2023/CVE-2023-308xx/CVE-2023-30804.json) (`2023-10-10T15:15:10.033`) +* [CVE-2023-30805](CVE-2023/CVE-2023-308xx/CVE-2023-30805.json) (`2023-10-10T15:15:10.107`) +* [CVE-2023-30806](CVE-2023/CVE-2023-308xx/CVE-2023-30806.json) (`2023-10-10T15:15:10.170`) +* [CVE-2023-44471](CVE-2023/CVE-2023-444xx/CVE-2023-44471.json) (`2023-10-10T15:15:10.243`) +* [CVE-2023-44475](CVE-2023/CVE-2023-444xx/CVE-2023-44475.json) (`2023-10-10T15:15:10.320`) +* [CVE-2023-44476](CVE-2023/CVE-2023-444xx/CVE-2023-44476.json) (`2023-10-10T15:15:10.397`) +* [CVE-2023-44994](CVE-2023/CVE-2023-449xx/CVE-2023-44994.json) (`2023-10-10T15:15:10.607`) +* [CVE-2023-5489](CVE-2023/CVE-2023-54xx/CVE-2023-5489.json) (`2023-10-10T15:15:10.850`) +* [CVE-2023-5490](CVE-2023/CVE-2023-54xx/CVE-2023-5490.json) (`2023-10-10T15:15:10.927`) +* [CVE-2023-5491](CVE-2023/CVE-2023-54xx/CVE-2023-5491.json) (`2023-10-10T15:15:11.003`) ### CVEs modified in the last Commit -Recently modified CVEs: `157` +Recently modified CVEs: `25` -* [CVE-2023-44084](CVE-2023/CVE-2023-440xx/CVE-2023-44084.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-44085](CVE-2023/CVE-2023-440xx/CVE-2023-44085.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-44086](CVE-2023/CVE-2023-440xx/CVE-2023-44086.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-44087](CVE-2023/CVE-2023-440xx/CVE-2023-44087.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-44315](CVE-2023/CVE-2023-443xx/CVE-2023-44315.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-45204](CVE-2023/CVE-2023-452xx/CVE-2023-45204.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-45205](CVE-2023/CVE-2023-452xx/CVE-2023-45205.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-45601](CVE-2023/CVE-2023-456xx/CVE-2023-45601.json) (`2023-10-10T12:16:32.703`) -* [CVE-2023-45245](CVE-2023/CVE-2023-452xx/CVE-2023-45245.json) (`2023-10-10T12:22:17.773`) -* [CVE-2023-38537](CVE-2023/CVE-2023-385xx/CVE-2023-38537.json) (`2023-10-10T13:05:44.463`) -* [CVE-2023-5399](CVE-2023/CVE-2023-53xx/CVE-2023-5399.json) (`2023-10-10T13:07:01.630`) -* [CVE-2023-5391](CVE-2023/CVE-2023-53xx/CVE-2023-5391.json) (`2023-10-10T13:07:17.587`) -* [CVE-2023-42448](CVE-2023/CVE-2023-424xx/CVE-2023-42448.json) (`2023-10-10T13:07:59.467`) -* [CVE-2023-3576](CVE-2023/CVE-2023-35xx/CVE-2023-3576.json) (`2023-10-10T13:09:39.637`) -* [CVE-2023-3428](CVE-2023/CVE-2023-34xx/CVE-2023-3428.json) (`2023-10-10T13:10:46.850`) -* [CVE-2023-5371](CVE-2023/CVE-2023-53xx/CVE-2023-5371.json) (`2023-10-10T13:13:05.367`) -* [CVE-2023-44270](CVE-2023/CVE-2023-442xx/CVE-2023-44270.json) (`2023-10-10T13:15:22.197`) -* [CVE-2023-4586](CVE-2023/CVE-2023-45xx/CVE-2023-4586.json) (`2023-10-10T13:29:19.913`) -* [CVE-2023-2422](CVE-2023/CVE-2023-24xx/CVE-2023-2422.json) (`2023-10-10T13:30:12.550`) -* [CVE-2023-1584](CVE-2023/CVE-2023-15xx/CVE-2023-1584.json) (`2023-10-10T13:30:47.280`) -* [CVE-2023-44272](CVE-2023/CVE-2023-442xx/CVE-2023-44272.json) (`2023-10-10T13:31:11.370`) -* [CVE-2023-38538](CVE-2023/CVE-2023-385xx/CVE-2023-38538.json) (`2023-10-10T13:33:25.143`) -* [CVE-2023-20268](CVE-2023/CVE-2023-202xx/CVE-2023-20268.json) (`2023-10-10T13:35:15.353`) -* [CVE-2023-5369](CVE-2023/CVE-2023-53xx/CVE-2023-5369.json) (`2023-10-10T13:36:09.800`) -* [CVE-2023-43804](CVE-2023/CVE-2023-438xx/CVE-2023-43804.json) (`2023-10-10T13:44:00.017`) +* [CVE-2015-8104](CVE-2015/CVE-2015-81xx/CVE-2015-8104.json) (`2023-10-10T15:15:09.550`) +* [CVE-2022-47175](CVE-2022/CVE-2022-471xx/CVE-2022-47175.json) (`2023-10-10T14:54:55.443`) +* [CVE-2023-4101](CVE-2023/CVE-2023-41xx/CVE-2023-4101.json) (`2023-10-10T14:26:51.557`) +* [CVE-2023-4102](CVE-2023/CVE-2023-41xx/CVE-2023-4102.json) (`2023-10-10T14:29:05.477`) +* [CVE-2023-44211](CVE-2023/CVE-2023-442xx/CVE-2023-44211.json) (`2023-10-10T14:50:19.777`) +* [CVE-2023-5441](CVE-2023/CVE-2023-54xx/CVE-2023-5441.json) (`2023-10-10T14:51:58.117`) +* [CVE-2023-41175](CVE-2023/CVE-2023-411xx/CVE-2023-41175.json) (`2023-10-10T14:52:33.190`) +* [CVE-2023-40745](CVE-2023/CVE-2023-407xx/CVE-2023-40745.json) (`2023-10-10T14:52:48.833`) +* [CVE-2023-42449](CVE-2023/CVE-2023-424xx/CVE-2023-42449.json) (`2023-10-10T14:53:53.467`) +* [CVE-2023-40671](CVE-2023/CVE-2023-406xx/CVE-2023-40671.json) (`2023-10-10T14:54:14.250`) +* [CVE-2023-40008](CVE-2023/CVE-2023-400xx/CVE-2023-40008.json) (`2023-10-10T14:54:19.977`) +* [CVE-2023-27615](CVE-2023/CVE-2023-276xx/CVE-2023-27615.json) (`2023-10-10T14:54:27.890`) +* [CVE-2023-25480](CVE-2023/CVE-2023-254xx/CVE-2023-25480.json) (`2023-10-10T14:54:34.353`) +* [CVE-2023-27448](CVE-2023/CVE-2023-274xx/CVE-2023-27448.json) (`2023-10-10T14:54:39.070`) +* [CVE-2023-25033](CVE-2023/CVE-2023-250xx/CVE-2023-25033.json) (`2023-10-10T14:54:49.983`) +* [CVE-2023-45243](CVE-2023/CVE-2023-452xx/CVE-2023-45243.json) (`2023-10-10T14:55:20.177`) +* [CVE-2023-45242](CVE-2023/CVE-2023-452xx/CVE-2023-45242.json) (`2023-10-10T14:55:33.760`) +* [CVE-2023-45241](CVE-2023/CVE-2023-452xx/CVE-2023-45241.json) (`2023-10-10T14:55:45.433`) +* [CVE-2023-45240](CVE-2023/CVE-2023-452xx/CVE-2023-45240.json) (`2023-10-10T14:55:56.860`) +* [CVE-2023-44213](CVE-2023/CVE-2023-442xx/CVE-2023-44213.json) (`2023-10-10T14:56:30.940`) +* [CVE-2023-44212](CVE-2023/CVE-2023-442xx/CVE-2023-44212.json) (`2023-10-10T14:56:45.633`) +* [CVE-2023-44214](CVE-2023/CVE-2023-442xx/CVE-2023-44214.json) (`2023-10-10T14:56:49.937`) +* [CVE-2023-5370](CVE-2023/CVE-2023-53xx/CVE-2023-5370.json) (`2023-10-10T14:58:09.733`) +* [CVE-2023-44821](CVE-2023/CVE-2023-448xx/CVE-2023-44821.json) (`2023-10-10T15:15:10.547`) +* [CVE-2023-5168](CVE-2023/CVE-2023-51xx/CVE-2023-5168.json) (`2023-10-10T15:15:10.773`) ## Download and Usage