From 5f1f1e93e589b95afca83f407ec7d23444e3499d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 16 Oct 2023 16:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-16T16:00:24.520468+00:00 --- CVE-2020/CVE-2020-238xx/CVE-2020-23804.json | 8 +- CVE-2022/CVE-2022-370xx/CVE-2022-37050.json | 8 +- CVE-2022/CVE-2022-370xx/CVE-2022-37051.json | 8 +- CVE-2023/CVE-2023-418xx/CVE-2023-41843.json | 112 +++++- CVE-2023/CVE-2023-427xx/CVE-2023-42794.json | 71 +++- CVE-2023/CVE-2023-427xx/CVE-2023-42795.json | 405 ++++++++++++++++++- CVE-2023/CVE-2023-441xx/CVE-2023-44101.json | 82 +++- CVE-2023/CVE-2023-441xx/CVE-2023-44102.json | 107 ++++- CVE-2023/CVE-2023-441xx/CVE-2023-44103.json | 120 +++++- CVE-2023/CVE-2023-441xx/CVE-2023-44104.json | 127 +++++- CVE-2023/CVE-2023-441xx/CVE-2023-44111.json | 126 +++++- CVE-2023/CVE-2023-449xx/CVE-2023-44987.json | 4 +- CVE-2023/CVE-2023-456xx/CVE-2023-45648.json | 416 +++++++++++++++++++- CVE-2023/CVE-2023-457xx/CVE-2023-45757.json | 10 +- CVE-2023/CVE-2023-460xx/CVE-2023-46066.json | 4 +- CVE-2023/CVE-2023-460xx/CVE-2023-46087.json | 55 +++ CVE-2023/CVE-2023-48xx/CVE-2023-4837.json | 66 +++- CVE-2023/CVE-2023-49xx/CVE-2023-4957.json | 62 ++- CVE-2023/CVE-2023-55xx/CVE-2023-5535.json | 60 ++- CVE-2023/CVE-2023-55xx/CVE-2023-5575.json | 20 + README.md | 41 +- 21 files changed, 1823 insertions(+), 89 deletions(-) create mode 100644 CVE-2023/CVE-2023-460xx/CVE-2023-46087.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5575.json diff --git a/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json b/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json index e832bf32820..1e8f9c35e74 100644 --- a/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json +++ b/CVE-2020/CVE-2020-238xx/CVE-2020-23804.json @@ -2,8 +2,8 @@ "id": "CVE-2020-23804", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.520", - "lastModified": "2023-08-25T19:08:14.600", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T14:15:10.247", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -73,6 +73,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json b/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json index 277d2e68a19..1be36cd7496 100644 --- a/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json +++ b/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json @@ -2,8 +2,8 @@ "id": "CVE-2022-37050", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.657", - "lastModified": "2023-08-28T18:34:27.900", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T14:15:10.370", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-370xx/CVE-2022-37051.json b/CVE-2022/CVE-2022-370xx/CVE-2022-37051.json index 7bc08eb728f..7231582fceb 100644 --- a/CVE-2022/CVE-2022-370xx/CVE-2022-37051.json +++ b/CVE-2022/CVE-2022-370xx/CVE-2022-37051.json @@ -2,8 +2,8 @@ "id": "CVE-2022-37051", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.733", - "lastModified": "2023-08-25T20:14:52.957", - "vulnStatus": "Analyzed", + "lastModified": "2023-10-16T14:15:10.450", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -78,6 +78,10 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json index 32830d948b0..bbab7a434f9 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41843.json @@ -2,16 +2,40 @@ "id": "CVE-2023-41843", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-10-13T15:15:44.243", - "lastModified": "2023-10-13T15:20:17.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:27:20.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests." + }, + { + "lang": "es", + "value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web (\"cross-site scripting\") en Fortinet FortiSandbox versi\u00f3n 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 permite al atacante ejecutar c\u00f3digo no autorizado o comandos a trav\u00e9s de solicitudes HTTP manipuladas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +58,92 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.5.0", + "versionEndIncluding": "2.5.2", + "matchCriteriaId": "BE6821DD-58BA-4E28-AE24-2F121DB60C7B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndIncluding": "3.0.7", + "matchCriteriaId": "7D1EE4D7-4087-4A4A-9171-F48B1C5915C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.5", + "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "16BB4915-1330-45E5-887E-AD97C29F500B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.0.0", + "versionEndIncluding": "4.0.3", + "matchCriteriaId": "BDE7AD84-C361-4C18-9655-10698982EB17" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndIncluding": "4.2.5", + "matchCriteriaId": "4641E869-8B7B-4DD7-89A9-1EA0BCE51C35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4.0", + "versionEndIncluding": "4.4.1", + "matchCriteriaId": "9455DCAF-C39D-4C93-AFA2-48B5C1CAD0DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:2.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B260DC-5C02-400B-9595-4E452B235074" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-273", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json index f9d43cf77f7..601d04b5e2c 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42794.json @@ -2,15 +2,42 @@ "id": "CVE-2023-42794", "sourceIdentifier": "security@apache.org", "published": "2023-10-10T18:15:18.863", - "lastModified": "2023-10-10T21:15:09.440", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:00:56.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de limpieza incompleta en Apache Tomcat. El fork interno de Commons FileUpload empaquetado con Apache Tomcat 9.0.70 a 9.0.80 y 8.5.85 a 8.5.93 inclu\u00eda una refactorizaci\u00f3n en curso que expuso una posible denegaci\u00f3n de servicio en Windows si una aplicaci\u00f3n web abr\u00eda una secuencia para un archivo cargado pero no lograba cerrar la secuencia. El archivo nunca se eliminar\u00eda del disco, creando la posibilidad de una eventual denegaci\u00f3n de servicio debido a que el disco est\u00e9 lleno. Se recomienda a los usuarios actualizar a la versi\u00f3n 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,14 +50,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.85", + "versionEndExcluding": "8.5.94", + "matchCriteriaId": "7EFFF75C-6B29-4D93-A8EC-BC8360D0048E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.70", + "versionEndExcluding": "9.0.81", + "matchCriteriaId": "F819B992-BA2C-4A30-A8A1-C57806AB1C31" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/10/10/8", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/vvbr2ms7lockj1hlhz5q3wmxb2mwcw82", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json index 9524c179565..cfa37a2e18b 100644 --- a/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42795.json @@ -2,8 +2,8 @@ "id": "CVE-2023-42795", "sourceIdentifier": "security@apache.org", "published": "2023-10-10T18:15:18.933", - "lastModified": "2023-10-13T16:15:11.740", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-16T15:39:39.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,7 +14,30 @@ "value": "Vulnerabilidad de limpieza incompleta en Apache Tomcat. Al reciclar varios objetos internos en Apache Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.80 y Desde 8.5.0 hasta 8.5.93, un error podr\u00eda hacer que Tomcat se salte algunas partes del proceso de reciclaje, lo que provocar\u00eda que se filtrara informaci\u00f3n de la solicitud/respuesta actual a la siguiente. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -27,26 +50,392 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndExcluding": "8.5.94", + "matchCriteriaId": "FE1F7111-22BD-489A-B2C9-E67E0D601824" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.1", + "versionEndExcluding": "9.0.81", + "matchCriteriaId": "37FCE624-DD65-4AC5-A602-BB66E0E54CFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.1", + "versionEndExcluding": "10.1.14", + "matchCriteriaId": "0995DE67-7E3B-4CFE-AB96-E2243F994755" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", + "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", + "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", + "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", + "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", + "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", + "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", + "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/10/10/9", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5521", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5522", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44101.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44101.json index a7711955cf1..c56db13be4f 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44101.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44101.json @@ -2,19 +2,93 @@ "id": "CVE-2023-44101", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T12:15:11.250", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:06:18.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality." + }, + { + "lang": "es", + "value": "El m\u00f3dulo Bluetooth tiene una vulnerabilidad en el control de permisos para notificaciones de transmisi\u00f3n. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44102.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44102.json index 99991d8aef8..08b5403e21f 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44102.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44102.json @@ -2,23 +2,120 @@ "id": "CVE-2023-44102", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T12:15:11.313", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:08:39.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de permisos de transmisi\u00f3n en el m\u00f3dulo Bluetooth. La explotaci\u00f3n exitosa de esta vulnerabilidad puede causar que la funci\u00f3n Bluetooth no est\u00e9 disponible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44103.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44103.json index b1b84f7fce1..df22e7051e4 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44103.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44103.json @@ -2,16 +2,53 @@ "id": "CVE-2023-44103", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T12:15:11.357", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:09:47.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de lectura fuera de los l\u00edmites en el m\u00f3dulo Bluetooth. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "psirt@huawei.com", "type": "Secondary", @@ -23,14 +60,87 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44104.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44104.json index 413e195b693..d7923b81a7f 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44104.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44104.json @@ -2,23 +2,140 @@ "id": "CVE-2023-44104", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T12:15:11.520", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:12:54.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de control de permisos de transmisi\u00f3n en el m\u00f3dulo Bluetooth. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-669" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:11.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "511F8CE2-C2B6-4A08-B992-49D9B75B8655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44111.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44111.json index 068e58aac88..4e1832c6834 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44111.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44111.json @@ -2,23 +2,139 @@ "id": "CVE-2023-44111", "sourceIdentifier": "psirt@huawei.com", "published": "2023-10-11T12:15:11.713", - "lastModified": "2023-10-11T12:54:05.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:16:11.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ataques de fuerza bruta al m\u00f3dulo device authentication. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-307" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "64118936-E2A5-4935-8594-29DF29B5475A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "81995662-9C41-4E88-888D-C50703F858F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "2DF07E7F-3A18-4B74-B73D-DF3647C2A48F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/10/", + "source": "nvd@nist.gov" }, { "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202310-0000001663676540", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44987.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44987.json index 3596158b2e9..6045062c82d 100644 --- a/CVE-2023/CVE-2023-449xx/CVE-2023-44987.json +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44987.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44987", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-16T12:15:10.200", - "lastModified": "2023-10-16T12:15:10.200", - "vulnStatus": "Received", + "lastModified": "2023-10-16T14:01:11.953", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json index 59f18898133..d04fce99752 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45648.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45648", "sourceIdentifier": "security@apache.org", "published": "2023-10-10T19:15:09.690", - "lastModified": "2023-10-13T16:15:13.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-10-16T15:43:48.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,44 @@ "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no v\u00e1lido y especialmente manipulado podr\u00eda hacer que Tomcat trate una sola solicitud como solicitudes m\u00faltiples, lo que genera la posibilidad de contrabando de solicitudes cuando est\u00e1 detr\u00e1s de un proxy inverso. Se recomienda a los usuarios actualizar a la versi\u00f3n 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { - "source": "security@apache.org", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "security@apache.org", + "type": "Secondary", "description": [ { "lang": "en", @@ -27,26 +60,391 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.0", + "versionEndExcluding": "8.5.94", + "matchCriteriaId": "FE1F7111-22BD-489A-B2C9-E67E0D601824" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.1", + "versionEndExcluding": "9.0.81", + "matchCriteriaId": "37FCE624-DD65-4AC5-A602-BB66E0E54CFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.1.1", + "versionEndExcluding": "10.1.14", + "matchCriteriaId": "0995DE67-7E3B-4CFE-AB96-E2243F994755" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", + "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", + "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", + "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", + "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", + "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", + "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", + "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "33C71AE1-B38E-4783-BAC2-3CDA7B4D9EBA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "F6BD4180-D3E8-42AB-96B1-3869ECF47F6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone12:*:*:*:*:*:*", + "matchCriteriaId": "64668CCF-DBC9-442D-9E0F-FD40E1D0DDB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone13:*:*:*:*:*:*", + "matchCriteriaId": "FC64BB57-4912-481E-AE8D-C8FCD36142BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone14:*:*:*:*:*:*", + "matchCriteriaId": "49B43BFD-6B6C-4E6D-A9D8-308709DDFB44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone15:*:*:*:*:*:*", + "matchCriteriaId": "919C16BD-79A7-4597-8D23-2CBDED2EF615" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone16:*:*:*:*:*:*", + "matchCriteriaId": "81B27C03-D626-42EC-AE4E-1E66624908E3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone17:*:*:*:*:*:*", + "matchCriteriaId": "BD81405D-81A5-4683-A355-B39C912DAD2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*", + "matchCriteriaId": "2DCE3576-86BC-4BB8-A5FB-1274744DFD7F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone19:*:*:*:*:*:*", + "matchCriteriaId": "5571F54A-2EAC-41B6-BDA9-7D33CFE97F70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone20:*:*:*:*:*:*", + "matchCriteriaId": "ED30E850-C475-4133-BDE3-74CB3768D787" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "D334103F-F64E-4869-BCC8-670A5AFCC76C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "941FCF7B-FFB6-4967-95C7-BB3D32C73DAF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "CE1A9030-B397-4BA6-8E13-DA1503872DDB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "6284B74A-1051-40A7-9D74-380FEEEC3F88" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*", + "matchCriteriaId": "D1AA7FF6-E8E7-4BF6-983E-0A99B0183008" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone10:*:*:*:*:*:*", + "matchCriteriaId": "57088BDD-A136-45EF-A8A1-2EBF79CEC2CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone11:*:*:*:*:*:*", + "matchCriteriaId": "B32D1D7A-A04F-444E-8F45-BB9A9E4B0199" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone2:*:*:*:*:*:*", + "matchCriteriaId": "2AAD52CE-94F5-4F98-A027-9A7E68818CB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone3:*:*:*:*:*:*", + "matchCriteriaId": "F1F981F5-035A-4EDD-8A9F-481EE8BC7FF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone4:*:*:*:*:*:*", + "matchCriteriaId": "03A171AF-2EC8-4422-912C-547CDB58CAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone5:*:*:*:*:*:*", + "matchCriteriaId": "538E68C4-0BA4-495F-AEF8-4EF6EE7963CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone6:*:*:*:*:*:*", + "matchCriteriaId": "49350A6E-5E1D-45B2-A874-3B8601B3ADCC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone7:*:*:*:*:*:*", + "matchCriteriaId": "5F50942F-DF54-46C0-8371-9A476DD3EEA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone8:*:*:*:*:*:*", + "matchCriteriaId": "D12C2C95-B79F-4AA4-8CE3-99A3EE7991AB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:tomcat:11.0.0:milestone9:*:*:*:*:*:*", + "matchCriteriaId": "98792138-DD56-42DF-9612-3BDC65EEC117" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/10/10/10", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5521", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5522", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45757.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45757.json index c6f9db920d4..9130e701fae 100644 --- a/CVE-2023/CVE-2023-457xx/CVE-2023-45757.json +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45757.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45757", "sourceIdentifier": "security@apache.org", "published": "2023-10-16T09:15:11.563", - "lastModified": "2023-10-16T11:58:00.980", + "lastModified": "2023-10-16T15:15:17.613", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page.\nAn attacker that can send http request to bRPC server with rpcz enabled can\u00a0inject arbitrary XSS code to the builtin rpcz page.\n\nSolution\u00a0(choose one of three):\n1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:\u00a0 https://github.com/apache/brpc/pull/2411 \n3. disable rpcz feature" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de seguridad en Apache bRPC en versiones <=1.6.0 en todas las plataformas permite a los atacantes inyectar c\u00f3digo XSS en la p\u00e1gina rpcz incorporada. Un atacante que pueda enviar una solicitud http al servidor bRPC con rpcz habilitado puede inyectar c\u00f3digo XSS arbitrario en la p\u00e1gina rpcz incorporada. Soluci\u00f3n (elija una de estas tres): \n1. actualice a bRPC versi\u00f3n > 1.6.0, enlace de descarga: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ \n2. Si est\u00e1 utilizando un versi\u00f3n antigua de bRPC y dif\u00edcil de actualizar, puede aplicar este parche: https://github.com/apache/brpc/pull/2411 \n3. deshabilite la funci\u00f3n rpcz" } ], "metrics": {}, @@ -24,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/10/16/8", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/6syxv32fqgl30brfpttrk4rfsb983hl4", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46066.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46066.json index 2e0f3c6b872..55eb1a0c808 100644 --- a/CVE-2023/CVE-2023-460xx/CVE-2023-46066.json +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46066.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46066", "sourceIdentifier": "audit@patchstack.com", "published": "2023-10-16T12:15:10.300", - "lastModified": "2023-10-16T12:15:10.300", - "vulnStatus": "Received", + "lastModified": "2023-10-16T14:01:11.953", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json b/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json new file mode 100644 index 00000000000..4b130617be5 --- /dev/null +++ b/CVE-2023/CVE-2023-460xx/CVE-2023-46087.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46087", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-10-16T15:15:17.690", + "lastModified": "2023-10-16T15:15:17.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page \u2013 Hit Counter plugin <=\u00a01.4.14.3 versions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/who-hit-the-page-hit-counter/wordpress-who-hit-the-page-hit-counter-plugin-1-4-14-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4837.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4837.json index df282c96011..4f55673b484 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4837.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4837.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4837", "sourceIdentifier": "cvd@cert.pl", "published": "2023-10-10T10:15:10.100", - "lastModified": "2023-10-10T12:16:32.703", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T16:00:01.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "cvd@cert.pl", "type": "Secondary", @@ -50,18 +80,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smod:smodbip:*:*:*:*:*:*:*:*", + "matchCriteriaId": "F9B45085-41FA-4406-A4CE-1010C45DD858" + } + ] + } + ] + } + ], "references": [ { "url": "https://cert.pl/en/posts/2023/10/CVE-2023-4837/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://cert.pl/posts/2023/10/CVE-2023-4837/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://smod.pl/", - "source": "cvd@cert.pl" + "source": "cvd@cert.pl", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4957.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4957.json index b2fd9be9d61..862d9b796c2 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4957.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4957.json @@ -2,16 +2,40 @@ "id": "CVE-2023-4957", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-10-11T14:15:10.047", - "lastModified": "2023-10-11T14:23:06.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:08:22.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": " A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en una impresora ZPL ZTC ZT410-203dpi de Zebra Technologies. Esta vulnerabilidad permite a un atacante que se encuentra en la misma red que la impresora, cambiar el nombre de usuario y la contrase\u00f1a de la p\u00e1gina web enviando una solicitud POST especialmente manipulada al archivo setvarsResults.cgi. Para que esta vulnerabilidad sea explotable, el modo protegido de la impresora debe estar desactivado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,10 +70,42 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zebra:zt410_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "65BC1222-C5EB-4A4A-B1B1-3140D902D797" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zebra:zt410:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FFB9B490-0581-4AFD-9305-56F28FEE4479" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/authentication-bypass-zebra-ztc", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5535.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5535.json index 4df4b96a6cb..23760179304 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5535.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5535.json @@ -2,15 +2,41 @@ "id": "CVE-2023-5535", "sourceIdentifier": "security@huntr.dev", "published": "2023-10-11T20:15:10.967", - "lastModified": "2023-10-11T21:04:47.110", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-16T14:16:54.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to v9.0.2010." + }, + { + "lang": "es", + "value": "Use After Free en el repositorio de GitHub vim/vim anterior a la versi\u00f3n 9.0.2010." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +72,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.2010", + "matchCriteriaId": "D3708EBB-2B49-42E7-8DEF-3E70C5DDBAEE" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json new file mode 100644 index 00000000000..52ca019ef8c --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5575.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5575", + "sourceIdentifier": "security@devolutions.net", + "published": "2023-10-16T14:15:10.550", + "lastModified": "2023-10-16T14:15:10.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\nImproper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.\n\n\n" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://devolutions.net/security/advisories/DEVO-2023-0018", + "source": "security@devolutions.net" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4ff37ce64be..e553551d9e8 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-16T14:00:25.587729+00:00 +2023-10-16T16:00:24.520468+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-16T13:54:13.537000+00:00 +2023-10-16T16:00:01.083000+00:00 ``` ### Last Data Feed Release @@ -29,32 +29,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227901 +227903 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -* [CVE-2023-44987](CVE-2023/CVE-2023-449xx/CVE-2023-44987.json) (`2023-10-16T12:15:10.200`) -* [CVE-2023-46066](CVE-2023/CVE-2023-460xx/CVE-2023-46066.json) (`2023-10-16T12:15:10.300`) +* [CVE-2023-5575](CVE-2023/CVE-2023-55xx/CVE-2023-5575.json) (`2023-10-16T14:15:10.550`) +* [CVE-2023-46087](CVE-2023/CVE-2023-460xx/CVE-2023-46087.json) (`2023-10-16T15:15:17.690`) ### CVEs modified in the last Commit -Recently modified CVEs: `11` +Recently modified CVEs: `18` -* [CVE-2018-4858](CVE-2018/CVE-2018-48xx/CVE-2018-4858.json) (`2023-10-16T13:52:15.963`) -* [CVE-2023-45068](CVE-2023/CVE-2023-450xx/CVE-2023-45068.json) (`2023-10-16T12:56:22.313`) -* [CVE-2023-27315](CVE-2023/CVE-2023-273xx/CVE-2023-27315.json) (`2023-10-16T12:56:41.307`) -* [CVE-2023-32124](CVE-2023/CVE-2023-321xx/CVE-2023-32124.json) (`2023-10-16T12:56:58.477`) -* [CVE-2023-41131](CVE-2023/CVE-2023-411xx/CVE-2023-41131.json) (`2023-10-16T12:57:06.543`) -* [CVE-2023-45102](CVE-2023/CVE-2023-451xx/CVE-2023-45102.json) (`2023-10-16T12:57:20.570`) -* [CVE-2023-45103](CVE-2023/CVE-2023-451xx/CVE-2023-45103.json) (`2023-10-16T12:57:31.997`) -* [CVE-2023-45106](CVE-2023/CVE-2023-451xx/CVE-2023-45106.json) (`2023-10-16T12:57:39.573`) -* [CVE-2023-43149](CVE-2023/CVE-2023-431xx/CVE-2023-43149.json) (`2023-10-16T12:57:49.633`) -* [CVE-2023-4309](CVE-2023/CVE-2023-43xx/CVE-2023-4309.json) (`2023-10-16T13:15:59.920`) -* [CVE-2023-5459](CVE-2023/CVE-2023-54xx/CVE-2023-5459.json) (`2023-10-16T13:54:13.537`) +* [CVE-2020-23804](CVE-2020/CVE-2020-238xx/CVE-2020-23804.json) (`2023-10-16T14:15:10.247`) +* [CVE-2022-37050](CVE-2022/CVE-2022-370xx/CVE-2022-37050.json) (`2023-10-16T14:15:10.370`) +* [CVE-2022-37051](CVE-2022/CVE-2022-370xx/CVE-2022-37051.json) (`2023-10-16T14:15:10.450`) +* [CVE-2023-42794](CVE-2023/CVE-2023-427xx/CVE-2023-42794.json) (`2023-10-16T14:00:56.317`) +* [CVE-2023-44987](CVE-2023/CVE-2023-449xx/CVE-2023-44987.json) (`2023-10-16T14:01:11.953`) +* [CVE-2023-46066](CVE-2023/CVE-2023-460xx/CVE-2023-46066.json) (`2023-10-16T14:01:11.953`) +* [CVE-2023-44101](CVE-2023/CVE-2023-441xx/CVE-2023-44101.json) (`2023-10-16T14:06:18.530`) +* [CVE-2023-4957](CVE-2023/CVE-2023-49xx/CVE-2023-4957.json) (`2023-10-16T14:08:22.900`) +* [CVE-2023-44102](CVE-2023/CVE-2023-441xx/CVE-2023-44102.json) (`2023-10-16T14:08:39.900`) +* [CVE-2023-44103](CVE-2023/CVE-2023-441xx/CVE-2023-44103.json) (`2023-10-16T14:09:47.430`) +* [CVE-2023-44104](CVE-2023/CVE-2023-441xx/CVE-2023-44104.json) (`2023-10-16T14:12:54.343`) +* [CVE-2023-44111](CVE-2023/CVE-2023-441xx/CVE-2023-44111.json) (`2023-10-16T14:16:11.993`) +* [CVE-2023-5535](CVE-2023/CVE-2023-55xx/CVE-2023-5535.json) (`2023-10-16T14:16:54.577`) +* [CVE-2023-41843](CVE-2023/CVE-2023-418xx/CVE-2023-41843.json) (`2023-10-16T14:27:20.917`) +* [CVE-2023-45757](CVE-2023/CVE-2023-457xx/CVE-2023-45757.json) (`2023-10-16T15:15:17.613`) +* [CVE-2023-42795](CVE-2023/CVE-2023-427xx/CVE-2023-42795.json) (`2023-10-16T15:39:39.563`) +* [CVE-2023-45648](CVE-2023/CVE-2023-456xx/CVE-2023-45648.json) (`2023-10-16T15:43:48.103`) +* [CVE-2023-4837](CVE-2023/CVE-2023-48xx/CVE-2023-4837.json) (`2023-10-16T16:00:01.083`) ## Download and Usage