From 5e604ecb6ac809fbc498a31e76cafc53adb16921 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 10 Jan 2024 19:00:32 +0000 Subject: [PATCH] Auto-Update: 2024-01-10T19:00:28.741066+00:00 --- CVE-2016/CVE-2016-101xx/CVE-2016-10165.json | 6 +- CVE-2016/CVE-2016-109xx/CVE-2016-10962.json | 6 +- CVE-2016/CVE-2016-109xx/CVE-2016-10963.json | 6 +- CVE-2019/CVE-2019-158xx/CVE-2019-15830.json | 6 +- CVE-2021/CVE-2021-368xx/CVE-2021-36832.json | 6 +- CVE-2021/CVE-2021-403xx/CVE-2021-40367.json | 48 ++++++++- CVE-2021/CVE-2021-420xx/CVE-2021-42028.json | 48 ++++++++- CVE-2021/CVE-2021-454xx/CVE-2021-45465.json | 48 ++++++++- CVE-2022/CVE-2022-207xx/CVE-2022-20727.json | 27 ++--- CVE-2023/CVE-2023-294xx/CVE-2023-29444.json | 59 +++++++++++ CVE-2023/CVE-2023-379xx/CVE-2023-37932.json | 55 +++++++++++ CVE-2023/CVE-2023-379xx/CVE-2023-37934.json | 55 +++++++++++ CVE-2023/CVE-2023-406xx/CVE-2023-40610.json | 8 +- CVE-2023/CVE-2023-442xx/CVE-2023-44250.json | 55 +++++++++++ CVE-2023/CVE-2023-461xx/CVE-2023-46136.json | 18 +++- CVE-2023/CVE-2023-467xx/CVE-2023-46712.json | 55 +++++++++++ CVE-2023/CVE-2023-467xx/CVE-2023-46739.json | 56 ++++++++++- CVE-2023/CVE-2023-467xx/CVE-2023-46740.json | 56 ++++++++++- CVE-2023/CVE-2023-467xx/CVE-2023-46742.json | 56 ++++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47171.json | 6 +- CVE-2023/CVE-2023-478xx/CVE-2023-47861.json | 6 +- CVE-2023/CVE-2023-478xx/CVE-2023-47862.json | 6 +- CVE-2023/CVE-2023-487xx/CVE-2023-48728.json | 6 +- CVE-2023/CVE-2023-487xx/CVE-2023-48730.json | 6 +- CVE-2023/CVE-2023-487xx/CVE-2023-48783.json | 55 +++++++++++ CVE-2023/CVE-2023-495xx/CVE-2023-49589.json | 6 +- CVE-2023/CVE-2023-495xx/CVE-2023-49599.json | 6 +- CVE-2023/CVE-2023-497xx/CVE-2023-49715.json | 6 +- CVE-2023/CVE-2023-497xx/CVE-2023-49738.json | 6 +- CVE-2023/CVE-2023-498xx/CVE-2023-49810.json | 6 +- CVE-2023/CVE-2023-498xx/CVE-2023-49862.json | 6 +- CVE-2023/CVE-2023-498xx/CVE-2023-49863.json | 6 +- CVE-2023/CVE-2023-498xx/CVE-2023-49864.json | 6 +- CVE-2023/CVE-2023-501xx/CVE-2023-50172.json | 6 +- CVE-2023/CVE-2023-69xx/CVE-2023-6944.json | 79 ++++++++++++++- CVE-2024/CVE-2024-02xx/CVE-2024-0217.json | 89 ++++++++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21622.json | 103 ++++++++++++++++++-- CVE-2024/CVE-2024-216xx/CVE-2024-21631.json | 68 ++++++++++++- CVE-2024/CVE-2024-216xx/CVE-2024-21633.json | 58 ++++++++++- README.md | 91 +++++++---------- 40 files changed, 1088 insertions(+), 213 deletions(-) create mode 100644 CVE-2023/CVE-2023-294xx/CVE-2023-29444.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37932.json create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37934.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44250.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46712.json create mode 100644 CVE-2023/CVE-2023-487xx/CVE-2023-48783.json diff --git a/CVE-2016/CVE-2016-101xx/CVE-2016-10165.json b/CVE-2016/CVE-2016-101xx/CVE-2016-10165.json index 73bac56f50c..504f05e69cb 100644 --- a/CVE-2016/CVE-2016-101xx/CVE-2016-10165.json +++ b/CVE-2016/CVE-2016-101xx/CVE-2016-10165.json @@ -2,7 +2,7 @@ "id": "CVE-2016-10165", "sourceIdentifier": "cve@mitre.org", "published": "2017-02-03T19:59:00.177", - "lastModified": "2023-12-20T16:43:35.940", + "lastModified": "2024-01-10T18:26:05.273", "vulnStatus": "Analyzed", "descriptions": [ { @@ -85,8 +85,8 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*", - "versionEndIncluding": "2.8", - "matchCriteriaId": "FA7EC7D5-DF9C-4AD2-BA4F-05895AE73E25" + "versionEndExcluding": "2.11", + "matchCriteriaId": "925CF76E-7319-4178-B378-717C78627C3D" } ] } diff --git a/CVE-2016/CVE-2016-109xx/CVE-2016-10962.json b/CVE-2016/CVE-2016-109xx/CVE-2016-10962.json index 7c8c9603113..cb044c32683 100644 --- a/CVE-2016/CVE-2016-109xx/CVE-2016-10962.json +++ b/CVE-2016/CVE-2016-109xx/CVE-2016-10962.json @@ -2,7 +2,7 @@ "id": "CVE-2016-10962", "sourceIdentifier": "cve@mitre.org", "published": "2019-09-16T13:15:10.653", - "lastModified": "2019-09-16T20:33:39.160", + "lastModified": "2024-01-10T17:19:33.587", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.9.19", - "matchCriteriaId": "5D421411-DA36-4F2F-995B-3A7EAFEDEF05" + "matchCriteriaId": "551AE7BC-23D2-44C5-A274-AADCDA6990AE" } ] } diff --git a/CVE-2016/CVE-2016-109xx/CVE-2016-10963.json b/CVE-2016/CVE-2016-109xx/CVE-2016-10963.json index 65d5a1fa024..55613838707 100644 --- a/CVE-2016/CVE-2016-109xx/CVE-2016-10963.json +++ b/CVE-2016/CVE-2016-109xx/CVE-2016-10963.json @@ -2,7 +2,7 @@ "id": "CVE-2016-10963", "sourceIdentifier": "cve@mitre.org", "published": "2019-09-16T13:15:10.713", - "lastModified": "2019-09-16T17:46:43.110", + "lastModified": "2024-01-10T17:19:33.587", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.9.19", - "matchCriteriaId": "5D421411-DA36-4F2F-995B-3A7EAFEDEF05" + "matchCriteriaId": "551AE7BC-23D2-44C5-A274-AADCDA6990AE" } ] } diff --git a/CVE-2019/CVE-2019-158xx/CVE-2019-15830.json b/CVE-2019/CVE-2019-158xx/CVE-2019-15830.json index 313166e9f0c..a2cbc062fe2 100644 --- a/CVE-2019/CVE-2019-158xx/CVE-2019-15830.json +++ b/CVE-2019/CVE-2019-158xx/CVE-2019-15830.json @@ -2,7 +2,7 @@ "id": "CVE-2019-15830", "sourceIdentifier": "cve@mitre.org", "published": "2019-08-30T14:15:10.850", - "lastModified": "2019-09-03T16:44:05.993", + "lastModified": "2024-01-10T17:19:33.587", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.10.29", - "matchCriteriaId": "C7C5C869-FF32-4B43-A9CC-2A957894D701" + "matchCriteriaId": "331603CB-8AF8-4295-B8AF-31898E00862B" } ] } diff --git a/CVE-2021/CVE-2021-368xx/CVE-2021-36832.json b/CVE-2021/CVE-2021-368xx/CVE-2021-36832.json index fc84a85ed5b..7781364f07c 100644 --- a/CVE-2021/CVE-2021-368xx/CVE-2021-36832.json +++ b/CVE-2021/CVE-2021-368xx/CVE-2021-36832.json @@ -2,7 +2,7 @@ "id": "CVE-2021-36832", "sourceIdentifier": "audit@patchstack.com", "published": "2021-10-19T15:15:07.637", - "lastModified": "2021-10-22T19:39:27.277", + "lastModified": "2024-01-10T17:19:33.587", "vulnStatus": "Analyzed", "descriptions": [ { @@ -114,9 +114,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:icegram:icegram:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "2.0.2", - "matchCriteriaId": "BC966C59-FD25-4C93-B4D7-3103A2ECDB19" + "matchCriteriaId": "817F9496-3CA8-4F85-A459-23BCEE3A7F05" } ] } diff --git a/CVE-2021/CVE-2021-403xx/CVE-2021-40367.json b/CVE-2021/CVE-2021-403xx/CVE-2021-40367.json index e1d4cadaf9f..648d7fd7ef7 100644 --- a/CVE-2021/CVE-2021-403xx/CVE-2021-40367.json +++ b/CVE-2021/CVE-2021-403xx/CVE-2021-40367.json @@ -2,8 +2,8 @@ "id": "CVE-2021-40367", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-04T12:15:22.830", - "lastModified": "2024-01-04T14:58:23.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:03:28.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*", + "matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-420xx/CVE-2021-42028.json b/CVE-2021/CVE-2021-420xx/CVE-2021-42028.json index bf510610c9f..1dc01f06ee2 100644 --- a/CVE-2021/CVE-2021-420xx/CVE-2021-42028.json +++ b/CVE-2021/CVE-2021-420xx/CVE-2021-42028.json @@ -2,8 +2,8 @@ "id": "CVE-2021-42028", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-04T12:15:23.250", - "lastModified": "2024-01-04T14:58:23.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:02:58.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*", + "matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-454xx/CVE-2021-45465.json b/CVE-2021/CVE-2021-454xx/CVE-2021-45465.json index 99225415ce5..f20c25b1f7b 100644 --- a/CVE-2021/CVE-2021-454xx/CVE-2021-45465.json +++ b/CVE-2021/CVE-2021-454xx/CVE-2021-45465.json @@ -2,8 +2,8 @@ "id": "CVE-2021-45465", "sourceIdentifier": "productcert@siemens.com", "published": "2024-01-04T12:15:23.470", - "lastModified": "2024-01-04T14:58:23.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:02:35.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,7 +17,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "productcert@siemens.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -35,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:siemens-healthineers:syngo_fastview:*:*:*:*:*:*:*:*", + "matchCriteriaId": "B7D9A743-3BE4-4523-B34F-0C8461D3C63A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-688797", - "source": "productcert@siemens.com" + "source": "productcert@siemens.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-207xx/CVE-2022-20727.json b/CVE-2022/CVE-2022-207xx/CVE-2022-20727.json index 4e5af795755..de0199f34a0 100644 --- a/CVE-2022/CVE-2022-207xx/CVE-2022-20727.json +++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20727.json @@ -2,8 +2,8 @@ "id": "CVE-2022-20727", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-04-15T15:15:13.613", - "lastModified": "2023-11-07T03:42:45.410", - "vulnStatus": "Modified", + "lastModified": "2024-01-10T18:51:52.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 5.9 }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -95,7 +95,7 @@ ] }, { - "source": "d1c1063e-7a18-46af-9102-31f8928bc633", + "source": "ykramarz@cisco.com", "type": "Secondary", "description": [ { @@ -115,22 +115,20 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:cgr1000_compute_module:*:*:*:*:*:*:*:*", - "matchCriteriaId": "EBD4C0D6-AB7B-48B5-B1BD-8EBAEAC51524" + "versionEndExcluding": "1.15.0.1", + "matchCriteriaId": "A8557E8C-5F01-4610-B906-17B4F92197C6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*", - "matchCriteriaId": "6E9AF42D-A861-4585-8FA6-28BD3623681E" + "versionEndExcluding": "1.4.1", + "matchCriteriaId": "79411876-DA0F-4EC7-8883-A67287B9BFA0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*", - "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34" + "versionEndExcluding": "6.5.9", + "matchCriteriaId": "9DCCD576-D734-4722-96CF-28B66DB591AA" }, { "vulnerable": true, @@ -477,11 +475,6 @@ "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m4a:*:*:*:*:*:*:*", "matchCriteriaId": "F0E473CF-FE4B-4DBE-9EBE-337AE415FA4D" }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", - "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B" - }, { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json new file mode 100644 index 00000000000..70cd4f8ebab --- /dev/null +++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29444.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-29444", + "sourceIdentifier": "ot-cert@dragos.com", + "published": "2024-01-10T17:15:08.493", + "lastModified": "2024-01-10T17:15:08.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ot-cert@dragos.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-03", + "source": "ot-cert@dragos.com" + }, + { + "url": "https://www.ptc.com/en/support/article/cs399528", + "source": "ot-cert@dragos.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json new file mode 100644 index 00000000000..0ee249f83ee --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37932.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37932", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-01-10T18:15:45.570", + "lastModified": "2024-01-10T18:15:45.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-219", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json new file mode 100644 index 00000000000..66e0f3fef8f --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37934.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37934", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-01-10T18:15:45.823", + "lastModified": "2024-01-10T18:15:45.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-226", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40610.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40610.json index fb0e528c712..c6faf5232d8 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40610.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40610.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40610", "sourceIdentifier": "security@apache.org", "published": "2023-11-27T11:15:07.293", - "lastModified": "2023-12-01T02:31:09.203", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T17:15:08.717", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -97,6 +97,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot", "source": "security@apache.org", diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json new file mode 100644 index 00000000000..eff3fcd4abd --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44250.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44250", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-01-10T18:15:46.030", + "lastModified": "2024-01-10T18:15:46.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-315", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46136.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46136.json index 07038a16117..cece24df411 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46136.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46136.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46136", "sourceIdentifier": "security-advisories@github.com", "published": "2023-10-25T18:17:36.753", - "lastModified": "2023-11-01T16:50:46.043", + "lastModified": "2024-01-10T18:58:41.083", "vulnStatus": "Analyzed", "descriptions": [ { @@ -94,8 +94,13 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*", - "versionEndExcluding": "3.0.1", - "matchCriteriaId": "5E265D2D-FFA1-45CB-BF14-37C7906A45BC" + "versionEndExcluding": "2.3.8", + "matchCriteriaId": "F6578217-312C-44C5-851E-7F6FC6C0F8C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:palletsprojects:werkzeug:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3ECAF2F0-90D0-4564-93A5-0EAE8B317123" } ] } @@ -116,6 +121,13 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20231124-0008/", + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json new file mode 100644 index 00000000000..ff2a7f32dd6 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46712.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46712", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-01-10T18:15:46.223", + "lastModified": "2024-01-10T18:15:46.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-395", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46739.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46739.json index 6eec084b12a..e7aa1fdc346 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46739.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46739.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46739", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:10.303", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:06:39.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading." + }, + { + "lang": "es", + "value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se encontr\u00f3 una vulnerabilidad en el componente maestro de CubeFS en versiones anteriores a la 3.3.1 que podr\u00eda permitir a un atacante no confiable robar contrase\u00f1as de usuario mediante la realizaci\u00f3n de un ataque de sincronizaci\u00f3n. El caso ra\u00edz de la vulnerabilidad fue que CubeFS utiliz\u00f3 una comparaci\u00f3n de contrase\u00f1as sin formato. La parte vulnerable de CubeFS era el UserService del componente maestro. Se crea una instancia de UserService al iniciar el servidor del componente maestro. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. Para los usuarios afectados, no hay otra forma de mitigar el problema adem\u00e1s de actualizar." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3.1", + "matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cubefs/cubefs/commit/6a0d5fa45a77ff20c752fa9e44738bf5d86c84bd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-8579-7p32-f398", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46740.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46740.json index 13d52aa7169..4d71676d27f 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46740.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46740.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46740", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:10.590", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:45:07.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the \u201caccessKey\u201d. To create the \"accesKey\", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade." + }, + { + "lang": "es", + "value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Antes de la versi\u00f3n 3.3.1, CubeFS usaba un generador de cadenas aleatorias inseguras para generar claves confidenciales espec\u00edficas del usuario utilizadas para autenticar a los usuarios en una implementaci\u00f3n de CubeFS. Esto podr\u00eda permitir a un atacante predecir y/o adivinar la cadena generada y hacerse pasar por un usuario, obteniendo as\u00ed mayores privilegios. Cuando CubeFS crea nuevos usuarios, crea una informaci\u00f3n confidencial para el usuario llamada \"clave de acceso\". Para crear la \"clave de acceso\", CubeFS utiliza un generador de cadenas inseguro que hace que sea f\u00e1cil de adivinar y, por lo tanto, suplantar al usuario creado. Un atacante podr\u00eda aprovechar el predecible generador de cadenas aleatorias y adivinar la clave de acceso de un usuario y hacerse pasar por el usuario para obtener mayores privilegios. El problema se solucion\u00f3 en v3.3.1. No hay otra mitigaci\u00f3n que actualizar." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3.1", + "matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cubefs/cubefs/commit/8555c6402794cabdf2cc025c8bea1576122c07ba", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-4248-p65p-hcrm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46742.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46742.json index 4f974228521..94f46cd5111 100644 --- a/CVE-2023/CVE-2023-467xx/CVE-2023-46742.json +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46742.json @@ -2,16 +2,40 @@ "id": "CVE-2023-46742", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:11.010", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:53:48.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS." + }, + { + "lang": "es", + "value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se descubri\u00f3 que CubeFS anterior a la versi\u00f3n 3.3.1 filtraba claves secretas de usuarios y claves de acceso en los registros de m\u00faltiples componentes. Cuando CubeCS crea nuevos usuarios, filtra la clave secreta de los usuarios. Esto podr\u00eda permitir que un usuario con menos privilegios y acceso a los registros recupere informaci\u00f3n confidencial y se haga pasar por otros usuarios con mayores privilegios que \u00e9l. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. No hay otra mitigaci\u00f3n que actualizar CubeFS." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3.1", + "matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json index c7c32cada86..3be204bb147 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47171.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47171", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.063", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:46.410", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1869", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1869", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json index fb0faa9ff83..5085cae7a6e 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47861.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47861", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.260", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:46.497", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1884", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1884", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json index 06e563eca4d..ac8e1b16b4b 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47862.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47862", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.443", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:46.570", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1886", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1886", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json index fa731bc2a31..29674491012 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48728.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48728", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.627", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:46.647", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1883", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1883", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json index d508fff5e2f..542dd00892e 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48730.json @@ -2,7 +2,7 @@ "id": "CVE-2023-48730", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:47.833", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:46.723", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1882", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1882", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json new file mode 100644 index 00000000000..e1e4dbbf31d --- /dev/null +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48783.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-48783", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-01-10T18:15:46.807", + "lastModified": "2024-01-10T18:15:46.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An\u00a0Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-408", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json index 284ca53d71b..8be9cf63b44 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49589.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49589", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.063", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.040", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1896", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1896", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json index 3ab3eb8d3cc..fd7ff393e5f 100644 --- a/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json +++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49599.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49599", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.257", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.117", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1900", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1900", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json index ebb4775c5dc..b87ea1117ba 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49715.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49715", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.440", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.200", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1885", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1885", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json index 9052aa4d068..de0a80680be 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49738.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49738", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.620", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.267", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1881", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1881", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json index b7ada537b4a..03a2efc3232 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49810.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49810", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.803", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.337", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1898", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1898", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json index b20f7bb7533..d375d1cbad7 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49862.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49862", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:48.997", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.410", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json index ea19df5b48e..6df37d9ebdb 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49863.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49863", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:49.180", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.483", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49864.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49864.json index 92ffd89019f..a8a30770eba 100644 --- a/CVE-2023/CVE-2023-498xx/CVE-2023-49864.json +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49864.json @@ -2,7 +2,7 @@ "id": "CVE-2023-49864", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:49.367", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.553", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1880", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1880", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50172.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50172.json index 2b364fc8c71..8c2a8ad09bc 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50172.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50172.json @@ -2,7 +2,7 @@ "id": "CVE-2023-50172", "sourceIdentifier": "talos-cna@cisco.com", "published": "2024-01-10T16:15:49.583", - "lastModified": "2024-01-10T16:59:48.970", + "lastModified": "2024-01-10T18:15:47.627", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -50,10 +50,6 @@ { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897", "source": "talos-cna@cisco.com" - }, - { - "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1897", - "source": "talos-cna@cisco.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json index 0a7c6ca34cd..ac042ec5b72 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6944.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6944", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-04T10:15:11.517", - "lastModified": "2024-01-04T14:58:23.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T17:04:57.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,14 +80,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:red_hat_developer_hub:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.21.0", + "matchCriteriaId": "03D5A3A5-63FC-42D4-BF87-4B2B466EDB3F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:backstage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.21.0", + "matchCriteriaId": "9DD9C33C-E29A-4DFF-9C5A-CA2A87D0B6C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6944", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255204", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0217.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0217.json index b05393c0ef4..86fede520f9 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0217.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0217.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0217", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-03T17:15:12.110", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T18:10:24.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un fallo de use after free en PackageKitd. En algunas condiciones, el orden de los mecanismos de limpieza de una transacci\u00f3n podr\u00eda verse afectado. Como resultado, podr\u00eda producirse cierto acceso a la memoria en regiones de memoria que se liberaron previamente. Una vez liberada, una regi\u00f3n de memoria se puede reutilizar para otras asignaciones y cualquier dato previamente almacenado en esta regi\u00f3n de memoria se considera perdido." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +80,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:packagekit_project:packagekit:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.7", + "matchCriteriaId": "2E42E6D2-CD64-440D-8A80-CA4103E1C4D7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2024-0217", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256624", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21622.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21622.json index fbd990c3e6b..711062f6d76 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21622.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21622.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21622", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:12.330", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T18:34:46.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions." + }, + { + "lang": "es", + "value": "Craft es un sistema de gesti\u00f3n de contenidos. Esta es una posible vulnerabilidad de escalada de privilegios de baja complejidad y impacto moderado en Craft a partir de 3.x anterior a 3.9.6 y 4.x anterior a 4.4.16 con ciertas configuraciones de permisos de usuario. Esto se ha solucionado en Craft 4.4.16 y Craft 3.9.6. Los usuarios deben asegurarse de estar ejecutando al menos esas versiones." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,34 +80,83 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndExcluding": "3.9.6", + "matchCriteriaId": "36AC4498-6DDF-4F74-BD12-86BF5479F10A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.5.15", + "matchCriteriaId": "9B004CCA-A979-42AD-ADD4-1BEFDB964C78" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/craftcms/cms/pull/13931", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/craftcms/cms/pull/13932", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch" + ] }, { "url": "https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21631.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21631.json index 31a11ff8102..908c50e2cf8 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21631.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21631.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21631", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:12.790", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T18:40:48.587", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.\n" + }, + { + "lang": "es", + "value": "Vapor es un framework web HTTP para Swift. Antes de la versi\u00f3n 4.90.0, la funci\u00f3n `vapor_urlparser_parse` de Vapor utiliza \u00edndices `uint16_t` al analizar los componentes de un URI, lo que puede causar desbordamientos de enteros al analizar entradas que no son de confianza. Esta vulnerabilidad no afecta a Vapor directamente, pero podr\u00eda afectar a las aplicaciones que dependen del tipo de URI para validar la entrada del usuario. El tipo URI se utiliza en varios lugares de Vapor. Un desarrollador puede decidir utilizar URI para representar una URL en su aplicaci\u00f3n (especialmente si esa URL luego se pasa al Cliente HTTP) y confiar en sus propiedades y m\u00e9todos p\u00fablicos. Sin embargo, es posible que el URI no pueda analizar correctamente una URL v\u00e1lida (aunque anormalmente larga), debido a que los rangos de cadenas se convierten a enteros de 16 bits. Un atacante puede utilizar este comportamiento para enga\u00f1ar a la aplicaci\u00f3n para que acepte una URL a un destino que no es de confianza. Al rellenar el n\u00famero de puerto con ceros, un atacante puede provocar un desbordamiento de enteros cuando se analiza la autoridad de la URL y, como resultado, falsificar el host. La versi\u00f3n 4.90.0 contiene un parche para este problema. Como workaround, valide la entrada del usuario antes de analizarla como URI o, si es posible, utilice las utilidades `URL` y `URLComponents` de Foundation." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -54,14 +88,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vapor:vapor:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.90.0", + "matchCriteriaId": "D7A4A9F5-B5B1-480E-9922-AF35861D75AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21633.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21633.json index 9e671073506..5c63b19d770 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21633.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21633.json @@ -2,16 +2,40 @@ "id": "CVE-2024-21633", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-03T17:15:13.103", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-10T18:50:41.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue." + }, + { + "lang": "es", + "value": "Apktool es una herramienta para realizar ingenier\u00eda inversa en archivos APK de Android. En las versiones 2.9.1 y anteriores, Apktool infiere la ruta de salida de los archivos de recursos de acuerdo con sus nombres de recursos, que el atacante puede manipular para colocar los archivos en la ubicaci\u00f3n deseada en el sistema en el que se ejecuta Apktool. Los entornos afectados son aquellos en los que un atacante puede escribir/sobrescribir cualquier archivo en el que el usuario tenga acceso de escritura y en el que el nombre de usuario sea conocido o cwd est\u00e9 en la carpeta del usuario. El commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contiene un parche para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apktool:apktool:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.9.2", + "matchCriteriaId": "895E73D0-A24D-4B95-9F32-697AABEF73E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index bcd99b9b157..a4d7435b612 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-10T17:00:31.473797+00:00 +2024-01-10T19:00:28.741066+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-10T16:59:53.407000+00:00 +2024-01-10T18:58:41.083000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235459 +235465 ``` ### CVEs added in the last Commit -Recently added CVEs: `34` +Recently added CVEs: `6` -* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-10T16:15:48.620`) -* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-10T16:15:48.803`) -* [CVE-2023-49862](CVE-2023/CVE-2023-498xx/CVE-2023-49862.json) (`2024-01-10T16:15:48.997`) -* [CVE-2023-49863](CVE-2023/CVE-2023-498xx/CVE-2023-49863.json) (`2024-01-10T16:15:49.180`) -* [CVE-2023-49864](CVE-2023/CVE-2023-498xx/CVE-2023-49864.json) (`2024-01-10T16:15:49.367`) -* [CVE-2023-50172](CVE-2023/CVE-2023-501xx/CVE-2023-50172.json) (`2024-01-10T16:15:49.583`) -* [CVE-2023-51962](CVE-2023/CVE-2023-519xx/CVE-2023-51962.json) (`2024-01-10T16:15:49.763`) -* [CVE-2023-51967](CVE-2023/CVE-2023-519xx/CVE-2023-51967.json) (`2024-01-10T16:15:49.840`) -* [CVE-2023-51968](CVE-2023/CVE-2023-519xx/CVE-2023-51968.json) (`2024-01-10T16:15:49.887`) -* [CVE-2023-51969](CVE-2023/CVE-2023-519xx/CVE-2023-51969.json) (`2024-01-10T16:15:49.930`) -* [CVE-2023-51970](CVE-2023/CVE-2023-519xx/CVE-2023-51970.json) (`2024-01-10T16:15:49.977`) -* [CVE-2023-51952](CVE-2023/CVE-2023-519xx/CVE-2023-51952.json) (`2024-01-10T15:15:08.997`) -* [CVE-2023-51953](CVE-2023/CVE-2023-519xx/CVE-2023-51953.json) (`2024-01-10T15:15:09.043`) -* [CVE-2023-51954](CVE-2023/CVE-2023-519xx/CVE-2023-51954.json) (`2024-01-10T15:15:09.093`) -* [CVE-2023-51955](CVE-2023/CVE-2023-519xx/CVE-2023-51955.json) (`2024-01-10T15:15:09.150`) -* [CVE-2023-51956](CVE-2023/CVE-2023-519xx/CVE-2023-51956.json) (`2024-01-10T15:15:09.200`) -* [CVE-2023-51957](CVE-2023/CVE-2023-519xx/CVE-2023-51957.json) (`2024-01-10T15:15:09.247`) -* [CVE-2023-51958](CVE-2023/CVE-2023-519xx/CVE-2023-51958.json) (`2024-01-10T15:15:09.290`) -* [CVE-2023-51959](CVE-2023/CVE-2023-519xx/CVE-2023-51959.json) (`2024-01-10T15:15:09.347`) -* [CVE-2023-51960](CVE-2023/CVE-2023-519xx/CVE-2023-51960.json) (`2024-01-10T15:15:09.450`) -* [CVE-2023-51963](CVE-2023/CVE-2023-519xx/CVE-2023-51963.json) (`2024-01-10T15:15:09.557`) -* [CVE-2023-51964](CVE-2023/CVE-2023-519xx/CVE-2023-51964.json) (`2024-01-10T15:15:09.610`) -* [CVE-2023-51965](CVE-2023/CVE-2023-519xx/CVE-2023-51965.json) (`2024-01-10T15:15:09.663`) -* [CVE-2023-6158](CVE-2023/CVE-2023-61xx/CVE-2023-6158.json) (`2024-01-10T15:15:10.167`) -* [CVE-2023-41056](CVE-2023/CVE-2023-410xx/CVE-2023-41056.json) (`2024-01-10T16:15:46.557`) +* [CVE-2023-29444](CVE-2023/CVE-2023-294xx/CVE-2023-29444.json) (`2024-01-10T17:15:08.493`) +* [CVE-2023-37932](CVE-2023/CVE-2023-379xx/CVE-2023-37932.json) (`2024-01-10T18:15:45.570`) +* [CVE-2023-37934](CVE-2023/CVE-2023-379xx/CVE-2023-37934.json) (`2024-01-10T18:15:45.823`) +* [CVE-2023-44250](CVE-2023/CVE-2023-442xx/CVE-2023-44250.json) (`2024-01-10T18:15:46.030`) +* [CVE-2023-46712](CVE-2023/CVE-2023-467xx/CVE-2023-46712.json) (`2024-01-10T18:15:46.223`) +* [CVE-2023-48783](CVE-2023/CVE-2023-487xx/CVE-2023-48783.json) (`2024-01-10T18:15:46.807`) ### CVEs modified in the last Commit -Recently modified CVEs: `56` +Recently modified CVEs: `33` -* [CVE-2023-45043](CVE-2023/CVE-2023-450xx/CVE-2023-45043.json) (`2024-01-10T16:54:50.930`) -* [CVE-2023-45042](CVE-2023/CVE-2023-450xx/CVE-2023-45042.json) (`2024-01-10T16:57:07.187`) -* [CVE-2023-45041](CVE-2023/CVE-2023-450xx/CVE-2023-45041.json) (`2024-01-10T16:57:18.450`) -* [CVE-2023-45040](CVE-2023/CVE-2023-450xx/CVE-2023-45040.json) (`2024-01-10T16:57:27.477`) -* [CVE-2023-41289](CVE-2023/CVE-2023-412xx/CVE-2023-41289.json) (`2024-01-10T16:58:08.423`) -* [CVE-2023-41288](CVE-2023/CVE-2023-412xx/CVE-2023-41288.json) (`2024-01-10T16:58:29.147`) -* [CVE-2023-41287](CVE-2023/CVE-2023-412xx/CVE-2023-41287.json) (`2024-01-10T16:58:39.310`) -* [CVE-2023-52137](CVE-2023/CVE-2023-521xx/CVE-2023-52137.json) (`2024-01-10T16:59:18.837`) -* [CVE-2023-45039](CVE-2023/CVE-2023-450xx/CVE-2023-45039.json) (`2024-01-10T16:59:35.883`) -* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-10T16:59:52.620`) -* [CVE-2023-51961](CVE-2023/CVE-2023-519xx/CVE-2023-51961.json) (`2024-01-10T16:59:53.407`) -* [CVE-2023-51966](CVE-2023/CVE-2023-519xx/CVE-2023-51966.json) (`2024-01-10T16:59:53.407`) -* [CVE-2024-22075](CVE-2024/CVE-2024-220xx/CVE-2024-22075.json) (`2024-01-10T15:06:42.563`) -* [CVE-2024-22050](CVE-2024/CVE-2024-220xx/CVE-2024-22050.json) (`2024-01-10T15:10:36.697`) -* [CVE-2024-0241](CVE-2024/CVE-2024-02xx/CVE-2024-0241.json) (`2024-01-10T15:11:15.457`) -* [CVE-2024-22368](CVE-2024/CVE-2024-223xx/CVE-2024-22368.json) (`2024-01-10T15:15:10.453`) -* [CVE-2024-20807](CVE-2024/CVE-2024-208xx/CVE-2024-20807.json) (`2024-01-10T15:34:00.523`) -* [CVE-2024-20805](CVE-2024/CVE-2024-208xx/CVE-2024-20805.json) (`2024-01-10T15:36:42.927`) -* [CVE-2024-21636](CVE-2024/CVE-2024-216xx/CVE-2024-21636.json) (`2024-01-10T15:45:31.947`) -* [CVE-2024-20806](CVE-2024/CVE-2024-208xx/CVE-2024-20806.json) (`2024-01-10T16:09:31.110`) -* [CVE-2024-20804](CVE-2024/CVE-2024-208xx/CVE-2024-20804.json) (`2024-01-10T16:10:45.437`) -* [CVE-2024-20803](CVE-2024/CVE-2024-208xx/CVE-2024-20803.json) (`2024-01-10T16:11:26.313`) -* [CVE-2024-20802](CVE-2024/CVE-2024-208xx/CVE-2024-20802.json) (`2024-01-10T16:14:57.787`) -* [CVE-2024-21634](CVE-2024/CVE-2024-216xx/CVE-2024-21634.json) (`2024-01-10T16:38:20.853`) -* [CVE-2024-0389](CVE-2024/CVE-2024-03xx/CVE-2024-0389.json) (`2024-01-10T16:59:53.407`) +* [CVE-2022-20727](CVE-2022/CVE-2022-207xx/CVE-2022-20727.json) (`2024-01-10T18:51:52.693`) +* [CVE-2023-6944](CVE-2023/CVE-2023-69xx/CVE-2023-6944.json) (`2024-01-10T17:04:57.170`) +* [CVE-2023-46739](CVE-2023/CVE-2023-467xx/CVE-2023-46739.json) (`2024-01-10T17:06:39.047`) +* [CVE-2023-40610](CVE-2023/CVE-2023-406xx/CVE-2023-40610.json) (`2024-01-10T17:15:08.717`) +* [CVE-2023-46740](CVE-2023/CVE-2023-467xx/CVE-2023-46740.json) (`2024-01-10T17:45:07.017`) +* [CVE-2023-46742](CVE-2023/CVE-2023-467xx/CVE-2023-46742.json) (`2024-01-10T17:53:48.967`) +* [CVE-2023-47171](CVE-2023/CVE-2023-471xx/CVE-2023-47171.json) (`2024-01-10T18:15:46.410`) +* [CVE-2023-47861](CVE-2023/CVE-2023-478xx/CVE-2023-47861.json) (`2024-01-10T18:15:46.497`) +* [CVE-2023-47862](CVE-2023/CVE-2023-478xx/CVE-2023-47862.json) (`2024-01-10T18:15:46.570`) +* [CVE-2023-48728](CVE-2023/CVE-2023-487xx/CVE-2023-48728.json) (`2024-01-10T18:15:46.647`) +* [CVE-2023-48730](CVE-2023/CVE-2023-487xx/CVE-2023-48730.json) (`2024-01-10T18:15:46.723`) +* [CVE-2023-49589](CVE-2023/CVE-2023-495xx/CVE-2023-49589.json) (`2024-01-10T18:15:47.040`) +* [CVE-2023-49599](CVE-2023/CVE-2023-495xx/CVE-2023-49599.json) (`2024-01-10T18:15:47.117`) +* [CVE-2023-49715](CVE-2023/CVE-2023-497xx/CVE-2023-49715.json) (`2024-01-10T18:15:47.200`) +* [CVE-2023-49738](CVE-2023/CVE-2023-497xx/CVE-2023-49738.json) (`2024-01-10T18:15:47.267`) +* [CVE-2023-49810](CVE-2023/CVE-2023-498xx/CVE-2023-49810.json) (`2024-01-10T18:15:47.337`) +* [CVE-2023-49862](CVE-2023/CVE-2023-498xx/CVE-2023-49862.json) (`2024-01-10T18:15:47.410`) +* [CVE-2023-49863](CVE-2023/CVE-2023-498xx/CVE-2023-49863.json) (`2024-01-10T18:15:47.483`) +* [CVE-2023-49864](CVE-2023/CVE-2023-498xx/CVE-2023-49864.json) (`2024-01-10T18:15:47.553`) +* [CVE-2023-50172](CVE-2023/CVE-2023-501xx/CVE-2023-50172.json) (`2024-01-10T18:15:47.627`) +* [CVE-2023-46136](CVE-2023/CVE-2023-461xx/CVE-2023-46136.json) (`2024-01-10T18:58:41.083`) +* [CVE-2024-0217](CVE-2024/CVE-2024-02xx/CVE-2024-0217.json) (`2024-01-10T18:10:24.033`) +* [CVE-2024-21622](CVE-2024/CVE-2024-216xx/CVE-2024-21622.json) (`2024-01-10T18:34:46.497`) +* [CVE-2024-21631](CVE-2024/CVE-2024-216xx/CVE-2024-21631.json) (`2024-01-10T18:40:48.587`) +* [CVE-2024-21633](CVE-2024/CVE-2024-216xx/CVE-2024-21633.json) (`2024-01-10T18:50:41.510`) ## Download and Usage