From 569e3749541c0593f8007013e33b9ab0374ce38a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 22 Sep 2023 02:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-22T02:00:24.866060+00:00 --- CVE-2023/CVE-2023-317xx/CVE-2023-31716.json | 24 +++ CVE-2023/CVE-2023-317xx/CVE-2023-31717.json | 28 ++++ CVE-2023/CVE-2023-317xx/CVE-2023-31718.json | 28 ++++ CVE-2023/CVE-2023-317xx/CVE-2023-31719.json | 28 ++++ CVE-2023/CVE-2023-345xx/CVE-2023-34576.json | 4 +- CVE-2023/CVE-2023-345xx/CVE-2023-34577.json | 8 +- CVE-2023/CVE-2023-383xx/CVE-2023-38343.json | 4 +- CVE-2023/CVE-2023-383xx/CVE-2023-38344.json | 4 +- CVE-2023/CVE-2023-388xx/CVE-2023-38886.json | 70 +++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38887.json | 70 +++++++- CVE-2023/CVE-2023-388xx/CVE-2023-38888.json | 70 +++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40931.json | 75 ++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40932.json | 74 ++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40933.json | 74 ++++++++- CVE-2023/CVE-2023-409xx/CVE-2023-40934.json | 74 ++++++++- CVE-2023/CVE-2023-410xx/CVE-2023-41064.json | 6 +- CVE-2023/CVE-2023-416xx/CVE-2023-41614.json | 4 +- CVE-2023/CVE-2023-416xx/CVE-2023-41616.json | 4 +- CVE-2023/CVE-2023-419xx/CVE-2023-41991.json | 4 +- CVE-2023/CVE-2023-419xx/CVE-2023-41992.json | 4 +- CVE-2023/CVE-2023-419xx/CVE-2023-41993.json | 4 +- CVE-2023/CVE-2023-422xx/CVE-2023-42261.json | 4 +- CVE-2023/CVE-2023-422xx/CVE-2023-42279.json | 4 +- CVE-2023/CVE-2023-422xx/CVE-2023-42280.json | 4 +- CVE-2023/CVE-2023-424xx/CVE-2023-42456.json | 4 +- CVE-2023/CVE-2023-424xx/CVE-2023-42458.json | 8 +- CVE-2023/CVE-2023-424xx/CVE-2023-42482.json | 4 +- CVE-2023/CVE-2023-425xx/CVE-2023-42521.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-425xx/CVE-2023-42522.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-425xx/CVE-2023-42523.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-425xx/CVE-2023-42524.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-425xx/CVE-2023-42525.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-425xx/CVE-2023-42526.json | 171 +++++++++++++++++++- CVE-2023/CVE-2023-428xx/CVE-2023-42805.json | 8 +- CVE-2023/CVE-2023-428xx/CVE-2023-42806.json | 8 +- CVE-2023/CVE-2023-428xx/CVE-2023-42807.json | 8 +- CVE-2023/CVE-2023-428xx/CVE-2023-42810.json | 4 +- CVE-2023/CVE-2023-431xx/CVE-2023-43114.json | 91 ++++++++++- CVE-2023/CVE-2023-431xx/CVE-2023-43128.json | 4 +- CVE-2023/CVE-2023-436xx/CVE-2023-43616.json | 8 +- CVE-2023/CVE-2023-436xx/CVE-2023-43617.json | 6 +- CVE-2023/CVE-2023-436xx/CVE-2023-43618.json | 6 +- CVE-2023/CVE-2023-436xx/CVE-2023-43619.json | 6 +- CVE-2023/CVE-2023-436xx/CVE-2023-43620.json | 6 +- CVE-2023/CVE-2023-436xx/CVE-2023-43621.json | 6 +- CVE-2023/CVE-2023-45xx/CVE-2023-4504.json | 4 +- CVE-2023/CVE-2023-48xx/CVE-2023-4863.json | 6 +- CVE-2023/CVE-2023-50xx/CVE-2023-5068.json | 4 +- README.md | 49 ++++-- 49 files changed, 1805 insertions(+), 134 deletions(-) create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31716.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31717.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31718.json create mode 100644 CVE-2023/CVE-2023-317xx/CVE-2023-31719.json diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31716.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31716.json new file mode 100644 index 00000000000..5439d3aaa1e --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31716.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-31716", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-22T00:15:09.757", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MateusTesser/CVE-2023-31716", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/frangoteam/FUXA", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31717.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31717.json new file mode 100644 index 00000000000..f9e950a16dc --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31717.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-31717", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-22T00:15:11.160", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MateusTesser/CVE-2023-31717", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/frangoteam/FUXA", + "source": "cve@mitre.org" + }, + { + "url": "https://youtu.be/IBMXTEI_5wY", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31718.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31718.json new file mode 100644 index 00000000000..62ea1b672fe --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31718.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-31718", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-22T00:15:11.353", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MateusTesser/CVE-2023-31718", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/frangoteam/FUXA", + "source": "cve@mitre.org" + }, + { + "url": "https://youtu.be/VCQkEGntN04", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-317xx/CVE-2023-31719.json b/CVE-2023/CVE-2023-317xx/CVE-2023-31719.json new file mode 100644 index 00000000000..8fee2a23338 --- /dev/null +++ b/CVE-2023/CVE-2023-317xx/CVE-2023-31719.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-31719", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-22T00:15:11.480", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MateusTesser/CVE-2023-31719", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/frangoteam/FUXA", + "source": "cve@mitre.org" + }, + { + "url": "https://youtu.be/cjb2KYpV6dY", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json index 67dbed2d984..1367d0e6bd1 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34576.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34576", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T20:15:10.133", - "lastModified": "2023-09-21T20:15:10.133", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json b/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json index 6105b5fb367..7a4d4e293f6 100644 --- a/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json +++ b/CVE-2023/CVE-2023-345xx/CVE-2023-34577.json @@ -2,12 +2,16 @@ "id": "CVE-2023-34577", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T17:15:16.050", - "lastModified": "2023-09-21T17:15:16.050", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Prestashop opartplannedpopup 1.4.11 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del m\u00e9todo OpartPlannedPopupModuleFrontController::prepareHook()." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38343.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38343.json index 70d107cdf0a..ac038359e40 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38343.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38343.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38343", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T21:15:09.747", - "lastModified": "2023-09-21T21:15:09.747", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38344.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38344.json index bcbe418a90d..56ca939c4f1 100644 --- a/CVE-2023/CVE-2023-383xx/CVE-2023-38344.json +++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38344.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38344", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T21:15:10.877", - "lastModified": "2023-09-21T21:15:10.877", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json index 59abbf22cc6..5a6b4b86c60 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38886.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38886", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T01:15:56.153", - "lastModified": "2023-09-20T10:49:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:30:11.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Un problema en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto con privilegios ejecutar c\u00f3digo arbitrario a trav\u00e9s de un comando/script maniulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "17.0.1", + "matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903" + } + ] + } + ] + } + ], "references": [ { "url": "http://dolibarr.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38886_Dolibarr_RCE-1.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json index 357e7451cac..30383e31f46 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38887", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T01:15:56.327", - "lastModified": "2023-09-20T10:49:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:48:21.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Vulnerabilidad de carga de archivos en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n sensible a trav\u00e9s de las funciones de filtrado y cambio de nombre de la extensi\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "17.0.1", + "matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903" + } + ] + } + ] + } + ], "references": [ { "url": "http://dolibarr.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38887_Dolibarr_AFU.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json index c1052b3e389..df19f7e1659 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38888.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38888", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T01:15:56.580", - "lastModified": "2023-09-20T10:49:13.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:37:33.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Vulnerabilidad de Cross Site Scripting en Dolibarr ERP CRM v.17.0.1 y anteriores permite a un atacante remoto obtener informaci\u00f3n sensible y ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00f3dulo REST API, relacionado con analyseVarsForSqlAndScriptsInjection y testSqlAndScriptInject." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:*:*:*:*:*:*:*:*", + "versionEndIncluding": "17.0.1", + "matchCriteriaId": "BCEE13D4-508A-405B-8889-8BB2F29B2903" + } + ] + } + ] + } + ], "references": [ { "url": "http://dolibarr.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://akerva.com/wp-content/uploads/2023/09/AKERVA_Security-Advisory_CVE-2023-38888_Dolibarr_XSS.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40931.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40931.json index 66f2593185f..be5d9ad79f6 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40931.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40931.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40931", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-19T23:15:09.153", - "lastModified": "2023-09-20T10:49:21.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:11:49.477", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,82 @@ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI desde la versi\u00f3n 5.11.0 hasta la 5.11.1 inclusive permite a atacantes autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro ID en la solicitud POST a /nagiosxi/admin/banner_message-ajaxhelper.php" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11.0", + "versionEndExcluding": "5.11.2", + "matchCriteriaId": "7BA69A3A-E1A4-45C5-859C-51F4E92B32C6" + } + ] + } + ] + } + ], "references": [ { "url": "http://nagios.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.nagios.com/products/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40932.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40932.json index b33af7cf592..df56e151236 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40932.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40932.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40932", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-19T23:15:10.237", - "lastModified": "2023-09-20T10:49:21.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:13:09.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Una vulnerabilidad de A Cross-Site scripting (XSS) en Nagios XI versi\u00f3n 5.11.1 y anteriores permite a atacantes autenticados con acceso al componente del logotipo personalizado inyectar javascript o HTML de su elecci\u00f3n a trav\u00e9s del campo de texto alternativo. Esto afecta a todas las p\u00e1ginas que contienen la barra de navegaci\u00f3n, incluida la p\u00e1gina de inicio de sesi\u00f3n, lo que significa que el atacante puede robar credenciales de texto plano." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.11.2", + "matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727" + } + ] + } + ] + } + ], "references": [ { "url": "http://nagios.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.nagios.com/products/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40933.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40933.json index 1c15c3d2bf4..a92e4b101bd 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40933.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40933.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40933", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-19T23:15:10.533", - "lastModified": "2023-09-20T10:49:21.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:05:36.347", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI v5.11.1 y anteriores permite a atacantes autenticados con privilegios de configuraci\u00f3n de banners de anuncios ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ID enviado a la funci\u00f3n update_banner_message()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.11.2", + "matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727" + } + ] + } + ] + } + ], "references": [ { "url": "http://nagios.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.nagios.com/products/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40934.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40934.json index 5c6cdc3eb70..b52556c564d 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40934.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40934.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40934", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-19T23:15:10.677", - "lastModified": "2023-09-20T10:49:21.820", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T01:20:26.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Nagios XI 5.11.1 y versiones anteriores permite a atacantes autenticados con privilegios administrar las escaladas en m\u00e1quinas anfitri\u00f3n en Core Configuration Manager para ejecutar comandos SQL arbitrarios a trav\u00e9s de la configuraci\u00f3n de notificaci\u00f3n de escalada de host." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.11.2", + "matchCriteriaId": "9DDB8315-F31F-4D8D-B78D-586732BDC727" + } + ] + } + ] + } + ], "references": [ { "url": "http://nagios.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://outpost24.com/blog/nagios-xi-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.nagios.com/products/security/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json index c65d0c5e6a4..bcc2912a81a 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41064", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-07T18:15:07.727", - "lastModified": "2023-09-21T19:15:10.657", + "lastModified": "2023-09-22T00:15:11.780", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-11", "cisaActionDue": "2023-10-02", @@ -113,6 +113,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213905", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json index 22760541ba9..3861e5af399 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41614", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T23:15:09.947", - "lastModified": "2023-09-21T23:15:09.947", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json index 78b230368ac..02b023e2cc0 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41616", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T23:15:11.737", - "lastModified": "2023-09-21T23:15:11.737", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json index bacdbdc12cc..931d45ef9c3 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41991.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41991", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.283", - "lastModified": "2023-09-21T20:15:10.343", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json index dde478e884e..a96ac7c6ca1 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41992.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41992", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.520", - "lastModified": "2023-09-21T20:15:10.467", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json index a2bd07936ec..2e0887b4815 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41993.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41993", "sourceIdentifier": "product-security@apple.com", "published": "2023-09-21T19:15:11.660", - "lastModified": "2023-09-21T19:15:11.660", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json index 8ab43c6ff6f..ded274df728 100644 --- a/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42261", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T22:15:11.823", - "lastModified": "2023-09-21T22:15:11.823", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json index ef5d74d761b..3f3b5e74c11 100644 --- a/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42279.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42279", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T18:15:12.200", - "lastModified": "2023-09-21T18:15:12.200", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json index 4a78ced65ce..2687c3fac95 100644 --- a/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42280.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42280", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T19:15:11.823", - "lastModified": "2023-09-21T19:15:11.823", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42456.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42456.json index 1d005f24f94..59b670d01b3 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42456.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42456.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42456", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T16:15:09.980", - "lastModified": "2023-09-21T16:15:09.980", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42458.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42458.json index 0e72e31738b..6095ec1e112 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42458.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42458.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42458", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T17:15:22.483", - "lastModified": "2023-09-21T17:15:22.483", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission." + }, + { + "lang": "es", + "value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. Antes de las versiones 4.8.10 y 5.8.5, existe una vulnerabilidad de Stored Cross Site Scripting para im\u00e1genes SVG. Tenga en cuenta que una etiqueta de imagen con una imagen SVG como fuente nunca es vulnerable, incluso cuando la imagen SVG contiene c\u00f3digo malicioso. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que cargar una imagen y luego enga\u00f1ar al usuario para que siga un enlace especialmente manipulado. Los parches est\u00e1n disponibles en Zope 4.8.10 y 5.8.5. Como workaround, aseg\u00farese de que el permiso \"Agregar documentos, im\u00e1genes y archivos\" solo est\u00e9 asignado a roles confiables. De forma predeterminada, s\u00f3lo el Administrador tiene este permiso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json index 9148c3c7ec0..d3f83705ba3 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42482.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42482", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T20:15:10.550", - "lastModified": "2023-09-21T20:15:10.550", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42521.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42521.json index 0fbd78c10e0..ef40efb7b95 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42521.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42521.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42521", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:37.663", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:41:18.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s del procesamiento de un archivo comprimido. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42522.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42522.json index fe81f874652..12adc6d4471 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42522.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42522.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42522", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:37.880", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:49:00.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s del procesamiento de una estructura de importaci\u00f3n en un archivo PE. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42523.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42523.json index 08c5479d7a3..fb26d96d857 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42523.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42523.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42523", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:37.953", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:52:35.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bloqueo remoto de un motor de escaneo mediante el desempaquetado de un archivo PE. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42524.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42524.json index b5545216ab2..a3789650ee6 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42524.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42524.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42524", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:38.040", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:53:34.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bucle infinito en un motor de escaneo a trav\u00e9s de tipos de archivos no especificados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42525.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42525.json index aabe0dc6d03..32744176f8d 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42525.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42525.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42525", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:38.193", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:55:05.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Ciertos productos WithSecure permiten un bucle infinito en un motor de escaneo a trav\u00e9s de tipos de archivos no especificados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-425xx/CVE-2023-42526.json b/CVE-2023/CVE-2023-425xx/CVE-2023-42526.json index b22783d1c70..9aef3fc61fd 100644 --- a/CVE-2023/CVE-2023-425xx/CVE-2023-42526.json +++ b/CVE-2023/CVE-2023-425xx/CVE-2023-42526.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42526", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T06:15:08.203", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:35:53.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,174 @@ "value": "Algunos productos WithSecure permiten un bloqueo remoto de un motor de escaneo a trav\u00e9s de la descompresi\u00f3n de archivos de datos manipulados. Esto afecta a WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email y Server Security 15, WithSecure Elements Endpoint Protection 17 y versiones posteriores, WithSecure Client Security para Mac 15, WithSecure Elements Endpoint Protection para Mac 17 y versiones posteriores, Linux Security 64 12.0, Linux Protection 12.0 y WithSecure Atlant (anteriormente F-Secure Atlant) 1.0.35-1. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B31DD-3C88-4826-8E24-588FED197C5D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "015D02AD-F46F-46DF-9CD8-E0DB78CE17DD" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*", + "matchCriteriaId": "1755AB17-E9C9-4616-98B4-843B75668CA4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17", + "matchCriteriaId": "B92950AC-F16B-4935-93D8-39E6DC6B0B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FCA1C33E-551B-4CBF-A0C0-663A32611D29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "ACBC6F42-8F62-4599-83F3-9E9147D46129" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*", + "matchCriteriaId": "3BA1712F-D879-44CA-BCAD-49D6533D1E8E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.withsecure.com/en/support/security-advisories", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42805.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42805.json index 10a363afedd..a9af4b6c54e 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42805.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42805.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42805", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T17:15:23.353", - "lastModified": "2023-09-21T17:15:23.353", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases." + }, + { + "lang": "es", + "value": "quinn-proto es una m\u00e1quina de estados para el protocolo de transporte QUIC. Antes de las versiones 0.9.5 y 0.10.5, recibir tramas QUIC desconocidas en un paquete QUIC pod\u00eda provocar p\u00e1nico. El problema se solucion\u00f3 en las versiones de mantenimiento 0.9.5 y 0.10.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42806.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42806.json index 63481cf8625..c965887a0f5 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42806.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42806.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42806", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T17:15:23.583", - "lastModified": "2023-09-21T17:15:23.583", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants." + }, + { + "lang": "es", + "value": " Hydra es the layer-two scalability solution para Cardano. Antes de la versi\u00f3n 0.13.0, no firmar ni verificar `$\\mathsf{cid}$` permite que un atacante (que debe ser un participante de este encabezado) use una instant\u00e1nea de una instancia principal anterior con los mismos participantes para cerrar el encabezado o disputar al Estado. Esto puede llevar a una distribuci\u00f3n incorrecta del valor (= ataque de extracci\u00f3n de valor; dif\u00edcil, pero posible) o impedir que la cabeza finalice porque el valor disponible no es consistente con el estado utxo cerrado (= denegaci\u00f3n de servicio; f\u00e1cil). Est\u00e1 previsto un parche para la versi\u00f3n 0.13.0. Como workaround, rote las claves entre los cabezales para no reutilizarlas y no generar los mismos participantes con firmas m\u00faltiples." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42807.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42807.json index 8afb0c1b480..2472190361a 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42807.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42807.json @@ -2,12 +2,16 @@ "id": "CVE-2023-42807", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T17:15:23.950", - "lastModified": "2023-09-21T17:15:23.950", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app." + }, + { + "lang": "es", + "value": "Frappe LMS es un sistema de gesti\u00f3n de aprendizaje de c\u00f3digo abierto. En las versiones 1.0.0 y anteriores, en la P\u00e1gina Personas de LMS, hab\u00eda una vulnerabilidad de inyecci\u00f3n SQL. El problema se ha solucionado en la rama \"principal\". Los usuarios no enfrentar\u00e1n este problema si usan la \u00faltima rama principal de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json index c4550b47142..3ac878c7838 100644 --- a/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json +++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42810.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42810", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-21T18:15:12.327", - "lastModified": "2023-09-21T18:15:12.327", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43114.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43114.json index 61108a292d9..7ca364b4934 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43114.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43114.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43114", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T07:15:38.333", - "lastModified": "2023-09-18T13:26:56.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-22T00:34:04.087", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,94 @@ "value": "Se descubri\u00f3 un problema en Qt antes de 5.15.16, 6.x antes de 6.2.10 y 6.3.x a 6.5.x antes de 6.5.3 en Windows. Cuando se utiliza el motor de fuentes GDI, si se carga una fuente da\u00f1ada a trav\u00e9s de QFontDatabase::addApplicationFont{FromData], puede hacer que la aplicaci\u00f3n se bloquee debido a la falta de comprobaciones de longitud. " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.16", + "matchCriteriaId": "3F65E936-073F-4BA7-94D5-8B0FF18647DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.2.10", + "matchCriteriaId": "54D034EA-7845-4FE1-BA22-0C12D61054B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5.0", + "versionEndExcluding": "6.5.3", + "matchCriteriaId": "E1D0B762-A0E6-4FAB-BC87-20AC3B0D2534" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://codereview.qt-project.org/c/qt/qtbase/+/503026", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json index a8354b10bcd..701ad02eca4 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43128", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-21T23:15:12.133", - "lastModified": "2023-09-21T23:15:12.133", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43616.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43616.json index 4cd4db92c08..51a05478083 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43616.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43616.json @@ -2,8 +2,8 @@ "id": "CVE-2023-43616", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.523", - "lastModified": "2023-09-20T15:17:16.780", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-22T00:15:13.173", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -69,6 +69,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/594", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43617.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43617.json index aeedca311b3..3df33c9a90d 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43617.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43617.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43617", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.617", - "lastModified": "2023-09-20T10:48:49.100", + "lastModified": "2023-09-22T00:15:14.017", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/596", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43618.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43618.json index aadff3208b2..b9eaa3b1a1f 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43618.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43618.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43618", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.693", - "lastModified": "2023-09-20T10:48:49.100", + "lastModified": "2023-09-22T00:15:14.457", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/597", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43619.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43619.json index a4e27e52548..b46be05b43b 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43619.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43619.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43619", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.773", - "lastModified": "2023-09-20T10:48:49.100", + "lastModified": "2023-09-22T00:15:14.680", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/593", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43620.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43620.json index c7c04c9854f..557f4624a40 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43620.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43620.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43620", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.870", - "lastModified": "2023-09-20T10:48:49.100", + "lastModified": "2023-09-22T00:15:15.040", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/595", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43621.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43621.json index 13d14b10e89..245ab5e0028 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43621.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43621.json @@ -2,7 +2,7 @@ "id": "CVE-2023-43621", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-20T06:15:10.950", - "lastModified": "2023-09-20T10:48:49.100", + "lastModified": "2023-09-22T00:15:15.380", "vulnStatus": "Undergoing Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/5", + "source": "cve@mitre.org" + }, { "url": "https://github.com/schollz/croc/issues/598", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json index 06ef736b7b0..8c2a7400683 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4504", "sourceIdentifier": "cve@takeonme.org", "published": "2023-09-21T23:15:12.293", - "lastModified": "2023-09-21T23:15:12.293", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json index 6ba00dfa659..e4e7bcdb880 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4863", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-12T15:15:24.327", - "lastModified": "2023-09-21T03:15:11.910", + "lastModified": "2023-09-22T00:15:15.637", "vulnStatus": "Modified", "cisaExploitAdd": "2023-09-13", "cisaActionDue": "2023-10-04", @@ -197,6 +197,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/21/4", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json index e0c7cc1ff69..c75699991ee 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5068", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-09-21T23:15:13.497", - "lastModified": "2023-09-21T23:15:13.497", - "vulnStatus": "Received", + "lastModified": "2023-09-22T01:25:45.750", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 8df9225186b..a38f3540fc9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-21T23:55:24.894197+00:00 +2023-09-22T02:00:24.866060+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-21T23:15:13.497000+00:00 +2023-09-22T01:48:21.710000+00:00 ``` ### Last Data Feed Release @@ -23,33 +23,54 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-21T00:00:13.549918+00:00 +2023-09-22T00:00:13.541260+00:00 ``` ### Total Number of included CVEs ```plain -226021 +226025 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `4` -* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-21T22:15:11.823`) -* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-21T23:15:09.947`) -* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-21T23:15:11.737`) -* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-21T23:15:12.133`) -* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-21T23:15:12.293`) -* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-21T23:15:13.497`) +* [CVE-2023-31716](CVE-2023/CVE-2023-317xx/CVE-2023-31716.json) (`2023-09-22T00:15:09.757`) +* [CVE-2023-31717](CVE-2023/CVE-2023-317xx/CVE-2023-31717.json) (`2023-09-22T00:15:11.160`) +* [CVE-2023-31718](CVE-2023/CVE-2023-317xx/CVE-2023-31718.json) (`2023-09-22T00:15:11.353`) +* [CVE-2023-31719](CVE-2023/CVE-2023-317xx/CVE-2023-31719.json) (`2023-09-22T00:15:11.480`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `44` -* [CVE-2022-30114](CVE-2022/CVE-2022-301xx/CVE-2022-30114.json) (`2023-09-21T22:15:09.740`) -* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-09-21T22:15:12.180`) +* [CVE-2023-42456](CVE-2023/CVE-2023-424xx/CVE-2023-42456.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-34577](CVE-2023/CVE-2023-345xx/CVE-2023-34577.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42458](CVE-2023/CVE-2023-424xx/CVE-2023-42458.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42805](CVE-2023/CVE-2023-428xx/CVE-2023-42805.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42806](CVE-2023/CVE-2023-428xx/CVE-2023-42806.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42807](CVE-2023/CVE-2023-428xx/CVE-2023-42807.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42279](CVE-2023/CVE-2023-422xx/CVE-2023-42279.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42810](CVE-2023/CVE-2023-428xx/CVE-2023-42810.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42280](CVE-2023/CVE-2023-422xx/CVE-2023-42280.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42482](CVE-2023/CVE-2023-424xx/CVE-2023-42482.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-38343](CVE-2023/CVE-2023-383xx/CVE-2023-38343.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-38344](CVE-2023/CVE-2023-383xx/CVE-2023-38344.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-22T01:25:45.750`) +* [CVE-2023-38886](CVE-2023/CVE-2023-388xx/CVE-2023-38886.json) (`2023-09-22T01:30:11.830`) +* [CVE-2023-38888](CVE-2023/CVE-2023-388xx/CVE-2023-38888.json) (`2023-09-22T01:37:33.650`) +* [CVE-2023-38887](CVE-2023/CVE-2023-388xx/CVE-2023-38887.json) (`2023-09-22T01:48:21.710`) ## Download and Usage