From 572e21d234f6c64b50422660199744b378bad01f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 11 Sep 2023 14:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-09-11T14:00:26.165387+00:00 --- CVE-2023/CVE-2023-275xx/CVE-2023-27523.json | 47 ++++- CVE-2023/CVE-2023-275xx/CVE-2023-27526.json | 59 ++++++- CVE-2023/CVE-2023-285xx/CVE-2023-28538.json | 6 +- CVE-2023/CVE-2023-311xx/CVE-2023-31188.json | 119 ++++++++++++- CVE-2023/CVE-2023-326xx/CVE-2023-32619.json | 114 ++++++++++++- CVE-2023/CVE-2023-358xx/CVE-2023-35845.json | 4 +- CVE-2023/CVE-2023-361xx/CVE-2023-36161.json | 20 +++ CVE-2023/CVE-2023-364xx/CVE-2023-36489.json | 147 +++++++++++++++- CVE-2023/CVE-2023-36xx/CVE-2023-3612.json | 4 +- CVE-2023/CVE-2023-372xx/CVE-2023-37284.json | 81 ++++++++- CVE-2023/CVE-2023-385xx/CVE-2023-38563.json | 114 ++++++++++++- CVE-2023/CVE-2023-385xx/CVE-2023-38568.json | 81 ++++++++- CVE-2023/CVE-2023-385xx/CVE-2023-38574.json | 69 +++++++- CVE-2023/CVE-2023-385xx/CVE-2023-38588.json | 81 ++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39224.json | 81 ++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39266.json | 144 +++++++++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39267.json | 144 +++++++++++++++- CVE-2023/CVE-2023-392xx/CVE-2023-39268.json | 144 +++++++++++++++- CVE-2023/CVE-2023-399xx/CVE-2023-39935.json | 81 ++++++++- CVE-2023/CVE-2023-400xx/CVE-2023-40039.json | 4 +- CVE-2023/CVE-2023-400xx/CVE-2023-40040.json | 4 +- CVE-2023/CVE-2023-401xx/CVE-2023-40193.json | 81 ++++++++- CVE-2023/CVE-2023-403xx/CVE-2023-40357.json | 180 +++++++++++++++++++- CVE-2023/CVE-2023-405xx/CVE-2023-40531.json | 81 ++++++++- CVE-2023/CVE-2023-41xx/CVE-2023-4104.json | 4 +- CVE-2023/CVE-2023-424xx/CVE-2023-42467.json | 4 +- CVE-2023/CVE-2023-424xx/CVE-2023-42470.json | 4 +- CVE-2023/CVE-2023-424xx/CVE-2023-42471.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4573.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4574.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4575.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4576.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4577.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4578.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4579.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4580.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4581.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4582.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4583.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4584.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4585.json | 4 +- CVE-2023/CVE-2023-45xx/CVE-2023-4588.json | 61 ++++++- CVE-2023/CVE-2023-45xx/CVE-2023-4589.json | 56 +++++- CVE-2023/CVE-2023-46xx/CVE-2023-4634.json | 50 +++++- CVE-2023/CVE-2023-48xx/CVE-2023-4816.json | 4 +- README.md | 35 +++- 46 files changed, 2009 insertions(+), 155 deletions(-) create mode 100644 CVE-2023/CVE-2023-361xx/CVE-2023-36161.json diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27523.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27523.json index cb0c79850d5..4cd316ef96e 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27523.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27523.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27523", "sourceIdentifier": "security@apache.org", "published": "2023-09-06T13:15:08.017", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:46:08.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@apache.org", "type": "Secondary", @@ -46,10 +66,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.1.0", + "matchCriteriaId": "A5C7318E-1118-457F-A2BC-8B9400AE7C3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27526.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27526.json index 87b972f3437..faf2d19ebf3 100644 --- a/CVE-2023/CVE-2023-275xx/CVE-2023-27526.json +++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27526.json @@ -2,8 +2,8 @@ "id": "CVE-2023-27526", "sourceIdentifier": "security@apache.org", "published": "2023-09-06T13:15:08.300", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:46:43.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security@apache.org", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +64,43 @@ "value": "CWE-863" } ] + }, + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.1.0", + "matchCriteriaId": "A5C7318E-1118-457F-A2BC-8B9400AE7C3C" + } + ] + } + ] } ], "references": [ { "url": "https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28538.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28538.json index 23b3889369b..ea062538ffd 100644 --- a/CVE-2023/CVE-2023-285xx/CVE-2023-28538.json +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28538.json @@ -2,8 +2,8 @@ "id": "CVE-2023-28538", "sourceIdentifier": "product-security@qualcomm.com", "published": "2023-09-05T07:15:13.113", - "lastModified": "2023-09-08T18:14:46.540", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-11T13:02:29.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -61,7 +61,7 @@ "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-787" } ] } diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31188.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31188.json index a9246011106..3b230736dfc 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31188.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31188.json @@ -2,31 +2,136 @@ "id": "CVE-2023-31188", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:13.183", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:33:19.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505', Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506', and Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230506", + "matchCriteriaId": "4AF28B84-B90E-47B6-B2E8-F78CC909EEC0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1DE7FC0D-0A09-42F6-BA31-597D38208F61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230505", + "matchCriteriaId": "7B4081EE-A5EE-41E0-BA3F-39F1BE7799AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c50_v3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "01EE9C6D-D758-4015-B197-545269BF2283" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32619.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32619.json index b5569fa1f4a..7ebd256c23b 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32619.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32619.json @@ -2,27 +2,129 @@ "id": "CVE-2023-32619", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:13.650", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:35:49.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c55_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230506", + "matchCriteriaId": "4AF28B84-B90E-47B6-B2E8-F78CC909EEC0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c55:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1DE7FC0D-0A09-42F6-BA31-597D38208F61" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c50_v3_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230505", + "matchCriteriaId": "7B4081EE-A5EE-41E0-BA3F-39F1BE7799AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c50_v3:-:*:*:*:*:*:*:*", + "matchCriteriaId": "01EE9C6D-D758-4015-B197-545269BF2283" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c50/v3/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c55/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35845.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35845.json index 956939e95dd..496224e0097 100644 --- a/CVE-2023/CVE-2023-358xx/CVE-2023-35845.json +++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35845.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35845", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T08:15:07.493", - "lastModified": "2023-09-11T08:15:07.493", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36161.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36161.json new file mode 100644 index 00000000000..f6ac6012341 --- /dev/null +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36161.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-36161", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-11T13:15:24.947", + "lastModified": "2023-09-11T13:15:24.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Yashodhanvivek/Qubo_smart_switch_security_assessment/blob/main/Qubo_Smart_Plug_10A_Security_Assessment.pdf", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36489.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36489.json index c08eac2a22d..0f96e09c55f 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36489.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36489.json @@ -2,31 +2,164 @@ "id": "CVE-2023-36489", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:13.710", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:36:35.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: TL-WR802N firmware versions prior to 'TL-WR802N(JP)_V4_221008', TL-WR841N firmware versions prior to 'TL-WR841N(JP)_V14_230506', and TL-WR902AC firmware versions prior to 'TL-WR902AC(JP)_V3_230506'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr902ac_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230506", + "matchCriteriaId": "3376E9AB-5749-4129-BF47-B9378E073B5A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr902ac:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5541D281-8231-4724-BF9B-4E0FF61215A0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr802n_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "221008", + "matchCriteriaId": "EC40A74F-6DCC-4DEB-A38F-D293BE80303F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr802n:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2E1B4F55-1FCF-4557-A051-2EBC1414DD00" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tl-wr841n_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230506", + "matchCriteriaId": "93ED2916-46C6-43BE-A163-4AC82874869A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tl-wr841n:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD44582F-0CC5-4A71-8FE8-2BEF65EB717E" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/tl-wr802n/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/tl-wr841n/v14/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/tl-wr902ac/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3612.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3612.json index 53803c5568c..fa93d27c7e0 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3612.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3612.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3612", "sourceIdentifier": "incident@nbu.gov.sk", "published": "2023-09-11T10:15:07.603", - "lastModified": "2023-09-11T10:15:07.603", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37284.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37284.json index f30c8a0b239..bbfe96e689d 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37284.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37284.json @@ -2,23 +2,94 @@ "id": "CVE-2023-37284", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:13.770", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:39:06.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c20_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230616", + "matchCriteriaId": "8ACB29AC-C8FF-44C0-AB62-3F7B62F2EAC7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c20:1:*:*:*:*:*:*:*", + "matchCriteriaId": "9D159009-CF48-4631-9139-5AB553B58018" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c20/v1/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38563.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38563.json index b9a151c2c5f..a181403656d 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38563.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38563.json @@ -2,27 +2,129 @@ "id": "CVE-2023-38563", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.030", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:39:23.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c1200_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230508", + "matchCriteriaId": "C389ECDD-7BF0-4BF6-94AB-09BC0E1A8BEF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c1200:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A981E118-B897-4B68-A1FB-379C803FD5DC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c9_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230508", + "matchCriteriaId": "ED0E2942-F39F-4A96-8FC0-A14225B58FA5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c9:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "18F528AA-045C-4111-BFD7-0597CC758E52" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c1200/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c9/v3/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38568.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38568.json index 2f001ebe718..d2d3bdc328e 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38568.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38568.json @@ -2,23 +2,94 @@ "id": "CVE-2023-38568", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.273", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:39:55.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230504", + "matchCriteriaId": "B5612D48-5BAD-440D-B684-172A6BF981FF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_a10:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9D8B95AD-ED3B-4050-A1E9-D5F7A657D5CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38574.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38574.json index 44729443683..9972341da28 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38574.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38574.json @@ -2,23 +2,82 @@ "id": "CVE-2023-38574", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-05T09:15:08.037", - "lastModified": "2023-09-05T12:54:46.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T12:50:00.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:i-pro:video_insight:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.9.6", + "matchCriteriaId": "823D3E01-7D44-4F00-B770-4E1FB0F5AA19" + } + ] + } + ] + } + ], "references": [ { "url": "https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes" + ] }, { "url": "https://jvn.jp/en/jp/JVN60140221/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38588.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38588.json index 39b5b983dc0..836a4a3fd29 100644 --- a/CVE-2023/CVE-2023-385xx/CVE-2023-38588.json +++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38588.json @@ -2,23 +2,94 @@ "id": "CVE-2023-38588", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.490", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:40:16.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c3150_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230511", + "matchCriteriaId": "9DF6A4B7-C5FC-4107-BFC3-BA6AB03AED15" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c3150:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "824535E7-66E1-4776-BA64-D95A128512C4" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c3150/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39224.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39224.json index 28eae56e63c..5fef5e9c213 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39224.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39224.json @@ -2,23 +2,94 @@ "id": "CVE-2023-39224", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.587", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:40:42.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c7_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230602", + "matchCriteriaId": "8F37BD5C-4B5B-4DB2-81DB-249D53A3CD43" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c7:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "27AE1E18-D939-4DB3-984A-85CB4962861C" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c7/v2/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39266.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39266.json index 02d15c49dbd..b732bd8ec25 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39266.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39266.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39266", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-08-29T20:15:09.637", - "lastModified": "2023-08-29T20:41:07.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:38:57.110", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,128 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "a.15.16.0026", + "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.01.0000", + "versionEndExcluding": "16.04.0027", + "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.05.0000", + "versionEndExcluding": "16.08.0027", + "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.10.0001", + "versionEndExcluding": "16.10.0024", + "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.11.0001", + "versionEndExcluding": "16.11.0013", + "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39267.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39267.json index da10398b479..0b2b12003cf 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39267.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39267.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39267", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-08-29T20:15:09.743", - "lastModified": "2023-08-29T20:41:07.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:52:50.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,128 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "a.15.16.0026", + "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.01.0000", + "versionEndExcluding": "16.04.0027", + "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.05.0000", + "versionEndExcluding": "16.08.0027", + "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.10.0001", + "versionEndExcluding": "16.10.0024", + "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.11.0001", + "versionEndExcluding": "16.11.0013", + "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39268.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39268.json index 54d5f3686ef..787f576a28e 100644 --- a/CVE-2023/CVE-2023-392xx/CVE-2023-39268.json +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39268.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39268", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-08-29T20:15:09.830", - "lastModified": "2023-08-29T20:41:07.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:59:16.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +54,128 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "a.15.16.0026", + "matchCriteriaId": "6EF6288C-3E1F-4E2F-BDE2-319E6774F1BD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.01.0000", + "versionEndExcluding": "16.04.0027", + "matchCriteriaId": "D421C423-B11A-43F0-A0E9-9ABD0CC3E7A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.05.0000", + "versionEndExcluding": "16.08.0027", + "matchCriteriaId": "90E95208-9E6A-4A27-91EF-EFF9EBB5CDF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.10.0001", + "versionEndExcluding": "16.10.0024", + "matchCriteriaId": "3A977A83-A7F4-4FE7-9AC9-5584801CC039" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hpe:arubaos-switch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.11.0001", + "versionEndExcluding": "16.11.0013", + "matchCriteriaId": "EF10EBA8-E257-4E81-8B5A-04E643FD27F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA0DC0DE-5F4A-4D2A-AFCA-E36A103D5A6E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530ya:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B8251986-B9F2-4345-A4D7-EB3737F12AE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2530yb:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3D7A8F42-55C8-4A2B-8A34-1B1B8BE3BEDF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2540:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FDEDD15E-289E-4B15-8620-547EA19CAEE7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B1782D4A-AD68-4BD2-8453-EE22BCF2DC99" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C4FCD2-BB70-4848-B08A-223B5C3467BB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_2930m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2561E158-FB61-4FFD-B680-DADF7BC2C6D1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_3810m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F3CE933B-68BA-45BA-81BD-95D873B858B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5406r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E982204-9ADC-4242-86C2-A407D6EA7DB0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:arubanetworks:aruba_5412r_zl2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8549CD94-50E2-4615-94C2-D76FADFBA3AC" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-013.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39935.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39935.json index 04b3bb90aa2..6716c6986b0 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39935.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39935.json @@ -2,23 +2,94 @@ "id": "CVE-2023-39935", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.643", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:41:11.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_c5400_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230506", + "matchCriteriaId": "8FFB9EE1-3A2F-4CC1-A0D3-0F713D352B4A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_c5400:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21A6A32C-1B83-4B4B-BEFD-9B785D7FCD52" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-c5400/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40039.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40039.json index e4fc269790c..cbabc3445dc 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40039.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40039.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40039", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T07:15:08.123", - "lastModified": "2023-09-11T07:15:08.123", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40040.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40040.json index f743bd659e5..36a62b9dbb5 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40040.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40040.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40040", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T06:15:43.830", - "lastModified": "2023-09-11T06:15:43.830", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40193.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40193.json index 801881320d2..49f8f51cb3a 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40193.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40193.json @@ -2,23 +2,94 @@ "id": "CVE-2023-40193", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.697", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:41:36.760", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 20230619' allows a network-adjacent authenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:deco_m4_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.5.8", + "matchCriteriaId": "1C911A31-E31C-424A-8CAC-87CB7277BCB3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:deco_m4:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B0E129FC-090F-422D-89CB-AE537FEDA708" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/deco-m4/v2/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40357.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40357.json index 8e7922dd46e..9f4b261cd23 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40357.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40357.json @@ -2,35 +2,199 @@ "id": "CVE-2023-40357", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:14.820", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:42:13.197", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax50_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230529", + "matchCriteriaId": "6FED5A58-CE05-4048-AD76-985B28F1E059" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax50:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CAFA093D-FBF5-4B8D-87FD-DA09B0EEF9C8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_a10_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "230504", + "matchCriteriaId": "DC497214-6875-43D7-A8FB-9E6B2D307DE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_a10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "617EFAC4-CAB1-41FB-BC30-29ED4A84D74A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax10_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230508", + "matchCriteriaId": "3DC73D06-13CF-47C5-81C4-37C8348CED43" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "307B80ED-EEBB-4378-ADA3-B9E821AA3B36" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax11000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "230523", + "matchCriteriaId": "A5D83433-6BAB-42DB-A0DB-F4C95F7E7BDE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax11000:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75171CD1-0D58-472F-AA60-A990FCA157DA" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-a10/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-ax10/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-ax11000/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-ax50/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40531.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40531.json index 532f0105963..6c54e19c0f3 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40531.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40531.json @@ -2,23 +2,94 @@ "id": "CVE-2023-40531", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-09-06T10:15:15.097", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:42:39.903", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:archer_ax6000_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "6E490D46-4F1A-4BCF-8519-68FE647BBC1B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:archer_ax6000:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "800AD82D-B7F1-4497-A072-A9ACC1A4775E" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/vu/JVNVU99392903/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tp-link.com/jp/support/download/archer-ax6000/v1/#Firmware", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4104.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4104.json index abcb54efe1c..538c3c413f5 100644 --- a/CVE-2023/CVE-2023-41xx/CVE-2023-4104.json +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4104.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4104", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:08.997", - "lastModified": "2023-09-11T09:15:08.997", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42467.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42467.json index f102ce03832..61bbbdc6445 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42467.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42467.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42467", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T04:15:10.720", - "lastModified": "2023-09-11T04:15:10.720", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json index dc7f73818b6..9ad2c6a93ac 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42470.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42470", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T08:15:07.647", - "lastModified": "2023-09-11T08:15:07.647", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-424xx/CVE-2023-42471.json b/CVE-2023/CVE-2023-424xx/CVE-2023-42471.json index 5d1675ab8e1..c3fd8d92f3b 100644 --- a/CVE-2023/CVE-2023-424xx/CVE-2023-42471.json +++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42471.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42471", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-11T08:15:07.703", - "lastModified": "2023-09-11T08:15:07.703", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4573.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4573.json index cf091f17049..20c471c67c0 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4573.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4573.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4573", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T08:15:07.847", - "lastModified": "2023-09-11T08:15:07.847", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4574.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4574.json index 97ccf27f30c..0bb64daa4c9 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4574.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4574.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4574", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.087", - "lastModified": "2023-09-11T09:15:09.087", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4575.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4575.json index 7a9b87cd2fb..cdda576dc87 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4575.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4575.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4575", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.143", - "lastModified": "2023-09-11T09:15:09.143", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4576.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4576.json index 4cd07cc3de9..96b4ca3038c 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4576.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4576.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4576", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.217", - "lastModified": "2023-09-11T09:15:09.217", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4577.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4577.json index da1c4adf769..272d3ad63a7 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4577.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4577.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4577", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.287", - "lastModified": "2023-09-11T09:15:09.287", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4578.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4578.json index a0a73b1334b..e849e7edfe3 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4578.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4578.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4578", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.347", - "lastModified": "2023-09-11T09:15:09.347", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4579.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4579.json index 75e5fabd2ef..e272dcbaf8a 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4579.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4579.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4579", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.407", - "lastModified": "2023-09-11T09:15:09.407", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4580.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4580.json index 5f479a97b62..e51cad01634 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4580.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4580", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.477", - "lastModified": "2023-09-11T09:15:09.477", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4581.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4581.json index d4e59643975..a224acc12f8 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4581.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4581", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.550", - "lastModified": "2023-09-11T09:15:09.550", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4582.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4582.json index 9fb58c636e0..0b215258ed0 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4582.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4582.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4582", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.617", - "lastModified": "2023-09-11T09:15:09.617", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4583.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4583.json index d7c1c098fab..00cab913494 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4583.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4583.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4583", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.680", - "lastModified": "2023-09-11T09:15:09.680", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4584.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4584.json index 8a25caeaa81..7b3213bf970 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4584.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4584.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4584", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.740", - "lastModified": "2023-09-11T09:15:09.740", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4585.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4585.json index 8ce1b879cc3..5b540f00cef 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4585.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4585.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4585", "sourceIdentifier": "security@mozilla.org", "published": "2023-09-11T09:15:09.797", - "lastModified": "2023-09-11T09:15:09.797", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4588.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4588.json index 0970a8daf0a..48d2e950aec 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4588.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4588.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4588", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-06T12:15:07.827", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:44:02.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +76,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*", + "matchCriteriaId": "0549C65A-06F9-41D4-BF9C-D303A8BC578C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:delinea:secret_server:11.4.000002:*:*:*:*:*:*:*", + "matchCriteriaId": "26B9E59F-98C5-4AAE-B0BD-418B8D7EC723" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4589.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4589.json index 7ce92fe8c24..ab1b216223e 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4589.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4589.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4589", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-06T12:15:07.967", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:44:47.663", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-345" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +76,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*", + "matchCriteriaId": "0549C65A-06F9-41D4-BF9C-D303A8BC578C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4634.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4634.json index c22eb4dccf5..1d201d9e196 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4634.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4634.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4634", "sourceIdentifier": "security@wordfence.com", "published": "2023-09-06T09:15:08.873", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-11T13:29:41.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,26 +46,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:davidlingren:media_library_assistant:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.10", + "matchCriteriaId": "5C1D11EB-8D81-458F-972A-2143B2D66FB7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Patrowl/CVE-2023-4634/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com/files/174508/wpmla309-lfiexec.tgz", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://patrowl.io/blog-wordpress-media-library-rce-cve-2023-4634/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2955933%40media-library-assistant&new=2955933%40media-library-assistant&sfp_email=&sfph_mail=#file4", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4816.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4816.json index cc46e4ced53..0e5d0a5dbbb 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4816.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4816.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4816", "sourceIdentifier": "cybersecurity@hitachienergy.com", "published": "2023-09-11T08:15:07.917", - "lastModified": "2023-09-11T08:15:07.917", - "vulnStatus": "Received", + "lastModified": "2023-09-11T12:41:46.007", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 1174682c08c..fb7460723a3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-11T12:00:26.438117+00:00 +2023-09-11T14:00:26.165387+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-11T10:15:07.603000+00:00 +2023-09-11T13:59:16.787000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224589 +224590 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -* [CVE-2023-3612](CVE-2023/CVE-2023-36xx/CVE-2023-3612.json) (`2023-09-11T10:15:07.603`) +* [CVE-2023-36161](CVE-2023/CVE-2023-361xx/CVE-2023-36161.json) (`2023-09-11T13:15:24.947`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `44` +* [CVE-2023-4584](CVE-2023/CVE-2023-45xx/CVE-2023-4584.json) (`2023-09-11T12:41:46.007`) +* [CVE-2023-4585](CVE-2023/CVE-2023-45xx/CVE-2023-4585.json) (`2023-09-11T12:41:46.007`) +* [CVE-2023-3612](CVE-2023/CVE-2023-36xx/CVE-2023-3612.json) (`2023-09-11T12:41:46.007`) +* [CVE-2023-38574](CVE-2023/CVE-2023-385xx/CVE-2023-38574.json) (`2023-09-11T12:50:00.413`) +* [CVE-2023-28538](CVE-2023/CVE-2023-285xx/CVE-2023-28538.json) (`2023-09-11T13:02:29.710`) +* [CVE-2023-4634](CVE-2023/CVE-2023-46xx/CVE-2023-4634.json) (`2023-09-11T13:29:41.373`) +* [CVE-2023-31188](CVE-2023/CVE-2023-311xx/CVE-2023-31188.json) (`2023-09-11T13:33:19.063`) +* [CVE-2023-32619](CVE-2023/CVE-2023-326xx/CVE-2023-32619.json) (`2023-09-11T13:35:49.373`) +* [CVE-2023-36489](CVE-2023/CVE-2023-364xx/CVE-2023-36489.json) (`2023-09-11T13:36:35.507`) +* [CVE-2023-39266](CVE-2023/CVE-2023-392xx/CVE-2023-39266.json) (`2023-09-11T13:38:57.110`) +* [CVE-2023-37284](CVE-2023/CVE-2023-372xx/CVE-2023-37284.json) (`2023-09-11T13:39:06.927`) +* [CVE-2023-38563](CVE-2023/CVE-2023-385xx/CVE-2023-38563.json) (`2023-09-11T13:39:23.730`) +* [CVE-2023-38568](CVE-2023/CVE-2023-385xx/CVE-2023-38568.json) (`2023-09-11T13:39:55.610`) +* [CVE-2023-38588](CVE-2023/CVE-2023-385xx/CVE-2023-38588.json) (`2023-09-11T13:40:16.047`) +* [CVE-2023-39224](CVE-2023/CVE-2023-392xx/CVE-2023-39224.json) (`2023-09-11T13:40:42.273`) +* [CVE-2023-39935](CVE-2023/CVE-2023-399xx/CVE-2023-39935.json) (`2023-09-11T13:41:11.193`) +* [CVE-2023-40193](CVE-2023/CVE-2023-401xx/CVE-2023-40193.json) (`2023-09-11T13:41:36.760`) +* [CVE-2023-40357](CVE-2023/CVE-2023-403xx/CVE-2023-40357.json) (`2023-09-11T13:42:13.197`) +* [CVE-2023-40531](CVE-2023/CVE-2023-405xx/CVE-2023-40531.json) (`2023-09-11T13:42:39.903`) +* [CVE-2023-4588](CVE-2023/CVE-2023-45xx/CVE-2023-4588.json) (`2023-09-11T13:44:02.943`) +* [CVE-2023-4589](CVE-2023/CVE-2023-45xx/CVE-2023-4589.json) (`2023-09-11T13:44:47.663`) +* [CVE-2023-27523](CVE-2023/CVE-2023-275xx/CVE-2023-27523.json) (`2023-09-11T13:46:08.797`) +* [CVE-2023-27526](CVE-2023/CVE-2023-275xx/CVE-2023-27526.json) (`2023-09-11T13:46:43.207`) +* [CVE-2023-39267](CVE-2023/CVE-2023-392xx/CVE-2023-39267.json) (`2023-09-11T13:52:50.330`) +* [CVE-2023-39268](CVE-2023/CVE-2023-392xx/CVE-2023-39268.json) (`2023-09-11T13:59:16.787`) ## Download and Usage