From 604ab39a21e91af781c2899a6f5899dea6d1ed52 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 21 Nov 2023 05:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-21T05:00:17.793134+00:00 --- CVE-2023/CVE-2023-233xx/CVE-2023-23367.json | 275 +++++++++++++++++++- CVE-2023/CVE-2023-471xx/CVE-2023-47126.json | 72 ++++- CVE-2023/CVE-2023-471xx/CVE-2023-47127.json | 96 ++++++- CVE-2023/CVE-2023-476xx/CVE-2023-47621.json | 62 ++++- README.md | 38 +-- 5 files changed, 496 insertions(+), 47 deletions(-) diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23367.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23367.json index 60f51d59f7a..210d6b282f2 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23367.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23367.json @@ -2,16 +2,40 @@ "id": "CVE-2023-23367", "sourceIdentifier": "security@qnapsecurity.com.tw", "published": "2023-11-10T15:15:08.190", - "lastModified": "2023-11-13T03:16:20.870", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T03:08:31.447", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2376 build 20230421 and later\nQuTS hero h5.0.1.2376 build 20230421 and later\nQuTScloud c5.1.0.2498 and later\n" + }, + { + "lang": "es", + "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2376 build 20230421 y posteriores QuTS hero h5.0.1.2376 build 20230421 y posteriores QuTScloud c5.1.0.2498 y posteriores" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@qnapsecurity.com.tw", "type": "Secondary", @@ -46,10 +70,255 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1716:build_20210701:*:*:*:*:*:*", + "matchCriteriaId": "769C9869-6C7C-41CE-B873-5B5168CFC775" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1785:build_20210908:*:*:*:*:*:*", + "matchCriteriaId": "127CF4DC-A6E0-4DAB-8039-EEF0DD9F0F0E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1808:build_20211001:*:*:*:*:*:*", + "matchCriteriaId": "57CCDE9B-A5CD-4359-9D38-23DB787640F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1828:build_20211020:*:*:*:*:*:*", + "matchCriteriaId": "5D87A17C-AABE-43DC-9546-78103A611AB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1837:build_20211029:*:*:*:*:*:*", + "matchCriteriaId": "0B96B714-9AA9-4974-B968-3E3908DA41D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1850:build_20211111:*:*:*:*:*:*", + "matchCriteriaId": "60A4DE61-EC79-4B6B-A32A-B899806FB090" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1853:build_20211114:*:*:*:*:*:*", + "matchCriteriaId": "EE3A887A-05E7-499C-AB99-67E7EAC27012" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1858:build_20211119:*:*:*:*:*:*", + "matchCriteriaId": "F2E1B1D4-87F3-46A6-BBE1-5774BB9CDA1B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.0.1870:build_20211201:*:*:*:*:*:*", + "matchCriteriaId": "9206EFC0-C3EE-41AD-A864-1F9BA0C7DD77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2034:build_20220515:*:*:*:*:*:*", + "matchCriteriaId": "A014C53A-6057-46C3-ABE9-A0ACA785425B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2079:build_20220629:*:*:*:*:*:*", + "matchCriteriaId": "D57801C1-0E7C-482F-816E-A405DE4A86C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2131:build_20220820:*:*:*:*:*:*", + "matchCriteriaId": "DE301B1C-4E3E-4AC4-80BB-D06BE16D0C64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2137:build_20220826:*:*:*:*:*:*", + "matchCriteriaId": "582171F1-ADD6-4F68-8539-154E53A783A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2145:build_20220903:*:*:*:*:*:*", + "matchCriteriaId": "B621B512-940C-4C16-A64F-3E577B9DE6B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2173:build_20221001:*:*:*:*:*:*", + "matchCriteriaId": "F05F874D-52CB-49A1-AF3B-A0503C33710C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2194:build_20221022:*:*:*:*:*:*", + "matchCriteriaId": "86123F0E-3A48-45EB-B8C6-7A953E7719D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2234:build_20221201:*:*:*:*:*:*", + "matchCriteriaId": "644159A6-4018-4BDB-863B-94F5725534EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2248:build_20221215:*:*:*:*:*:*", + "matchCriteriaId": "EB42C492-9259-4A03-A65C-EACDD31E543A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2277:build_20230112:*:*:*:*:*:*", + "matchCriteriaId": "1CECD991-E1F0-4B6B-8CA4-2EEFBA071622" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qts:5.0.1.2346:build_20230322:*:*:*:*:*:*", + "matchCriteriaId": "55711131-A764-4E5C-9FF9-19DD601F5081" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1772:build_20210826:*:*:*:*:*:*", + "matchCriteriaId": "547EACCF-E416-4E97-A5C6-0617093D014B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1844:build_20211105:*:*:*:*:*:*", + "matchCriteriaId": "90C8BDBB-E32C-4BD4-85D0-7333D49A0772" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1856:build_20211117:*:*:*:*:*:*", + "matchCriteriaId": "1B716780-A0CA-4724-AC25-3CBBBE7FB4E1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1892:build_20211222:*:*:*:*:*:*", + "matchCriteriaId": "46B43DD9-29DE-4C49-B80F-3B61B2F0DAF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1900:build_20211228:*:*:*:*:*:*", + "matchCriteriaId": "B5B50FA8-CE29-40F0-B38E-59917A83E263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1949:build_20220215:*:*:*:*:*:*", + "matchCriteriaId": "5C96EFDD-376F-420F-9F49-027AFB90EA2E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.1986:build_20220324:*:*:*:*:*:*", + "matchCriteriaId": "BD25771C-5FF4-4184-97D0-5678AF65B9AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2022:build_20220428:*:*:*:*:*:*", + "matchCriteriaId": "3042A475-6EDC-438C-9B26-DBBB8325F892" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2069:build_20220614:*:*:*:*:*:*", + "matchCriteriaId": "A37AED2A-F30E-4AB4-A06A-6E866B46F796" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.0.2120:build_20220804:*:*:*:*:*:*", + "matchCriteriaId": "F22F95A3-74DF-4DCA-BDF3-CF479F8E98CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2045:build_20220526:*:*:*:*:*:*", + "matchCriteriaId": "698DB6DC-9262-48A2-9232-DFC97C8BBB61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2192:build_20221020:*:*:*:*:*:*", + "matchCriteriaId": "A728F1BE-B17B-4721-9C9E-97A666CAD07B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2248:build_20221215:*:*:*:*:*:*", + "matchCriteriaId": "85EC894E-2C81-4A9D-9AC7-2ADF74ADE7E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2269:build_20230104:*:*:*:*:*:*", + "matchCriteriaId": "8C4C9FDD-FD44-44E7-B552-40E94AC32A23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2277:build_20230112:*:*:*:*:*:*", + "matchCriteriaId": "81BA2B4F-1665-4505-96FD-FCDEE7D77583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:quts_hero:h5.0.1.2348:build_20230324:*:*:*:*:*:*", + "matchCriteriaId": "3A28B922-56DF-434B-82B8-1BFC69ED5C70" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.0.1919:build_20220119:*:*:*:*:*:*", + "matchCriteriaId": "77601C65-525D-485F-9A86-1907FB0DDC46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.1949:build_20220218:*:*:*:*:*:*", + "matchCriteriaId": "EBEC2462-A0A2-4585-9AF8-138163E793F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.1998:build_20220408:*:*:*:*:*:*", + "matchCriteriaId": "B72847AB-A9B1-497C-A95B-04ACB762C93F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2044:build_20220524:*:*:*:*:*:*", + "matchCriteriaId": "9C83D158-6298-4672-A564-8AA99E4B224E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2148:build_20220905:*:*:*:*:*:*", + "matchCriteriaId": "B1BF80AB-C87E-4D65-8147-6AA341E4706F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:qnap:qutscloud:c5.0.1.2374:build_20230419:*:*:*:*:*:*", + "matchCriteriaId": "A3DC728C-1CEB-45DA-902E-786EC74C602A" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.qnap.com/en/security-advisory/qsa-23-24", - "source": "security@qnapsecurity.com.tw" + "source": "security@qnapsecurity.com.tw", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47126.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47126.json index c8357fab6b7..5bb9dbd5049 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47126.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47126.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47126", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-14T20:15:08.037", - "lastModified": "2023-11-14T21:38:09.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T03:01:46.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - \u201cclassic\u201d non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n" + }, + { + "lang": "es", + "value": "TYPO3 es un sistema de gesti\u00f3n de contenido web basado en PHP de c\u00f3digo abierto publicado bajo GNU GPL. En las versiones afectadas, la pantalla de inicio de sesi\u00f3n de la herramienta de instalaci\u00f3n independiente revela la ruta completa del directorio de datos transitorios (por ejemplo, /var/www/html/var/transient/). Esto se aplica \u00fanicamente a escenarios basados en compositores: las instalaciones \u201ccl\u00e1sicas\u201d que no son de compositores no se ven afectadas. Este problema se solucion\u00f3 en la versi\u00f3n 12.4.8. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +80,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.0", + "versionEndExcluding": "12.4.8", + "matchCriteriaId": "25218828-9AFC-458B-A14F-7FE95B422B5D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-005", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47127.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47127.json index c3877a89295..dd9a4461f26 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47127.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47127.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47127", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-14T20:15:08.230", - "lastModified": "2023-11-16T18:15:06.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T03:05:46.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +80,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.7.55", + "matchCriteriaId": "97CE2630-5AA6-4531-9EDC-A973359351EA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.5.44", + "matchCriteriaId": "CB75C6A4-F25A-4943-8683-6D373DFAEAAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:elts:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.4.41", + "matchCriteriaId": "BE95F6C1-238A-48B3-BBA7-57A7C875AFA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndExcluding": "11.5.33", + "matchCriteriaId": "6C21A23C-E558-4B9C-AFCD-7C1D37B2D1CF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0.0", + "versionEndExcluding": "12.4.8", + "matchCriteriaId": "A5B21F62-A105-487E-B52A-0E7501A4ADEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json index dc71ad89465..80dadf1fd70 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47621.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47621", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-13T20:15:28.840", - "lastModified": "2023-11-14T15:15:58.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T03:10:58.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:duncanmcclean:guest_entries:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.3", + "matchCriteriaId": "19D836F5-2480-4AD1-885E-4F8F8B7494B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/duncanmcclean/guest-entries/commit/a8e17b4413bfbbc337a887761a6c858ef1ddb4da", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/duncanmcclean/guest-entries/security/advisories/GHSA-rw82-mhmx-grmj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index df10070d8cb..5a8000ad477 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-21T03:00:19.228727+00:00 +2023-11-21T05:00:17.793134+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-21T02:58:51.787000+00:00 +2023-11-21T03:10:58.357000+00:00 ``` ### Last Data Feed Release @@ -34,40 +34,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `0` -* [CVE-2023-42770](CVE-2023/CVE-2023-427xx/CVE-2023-42770.json) (`2023-11-21T01:15:07.100`) ### CVEs modified in the last Commit -Recently modified CVEs: `62` +Recently modified CVEs: `4` -* [CVE-2023-48051](CVE-2023/CVE-2023-480xx/CVE-2023-48051.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-48310](CVE-2023/CVE-2023-483xx/CVE-2023-48310.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-6199](CVE-2023/CVE-2023-61xx/CVE-2023-6199.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-40151](CVE-2023/CVE-2023-401xx/CVE-2023-40151.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-6142](CVE-2023/CVE-2023-61xx/CVE-2023-6142.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-6144](CVE-2023/CVE-2023-61xx/CVE-2023-6144.json) (`2023-11-21T01:38:10.777`) -* [CVE-2023-41840](CVE-2023/CVE-2023-418xx/CVE-2023-41840.json) (`2023-11-21T01:38:25.570`) -* [CVE-2023-44248](CVE-2023/CVE-2023-442xx/CVE-2023-44248.json) (`2023-11-21T01:39:38.243`) -* [CVE-2023-43275](CVE-2023/CVE-2023-432xx/CVE-2023-43275.json) (`2023-11-21T01:51:11.677`) -* [CVE-2023-48204](CVE-2023/CVE-2023-482xx/CVE-2023-48204.json) (`2023-11-21T01:55:53.100`) -* [CVE-2023-32204](CVE-2023/CVE-2023-322xx/CVE-2023-32204.json) (`2023-11-21T01:57:53.810`) -* [CVE-2023-29161](CVE-2023/CVE-2023-291xx/CVE-2023-29161.json) (`2023-11-21T01:59:16.600`) -* [CVE-2023-40719](CVE-2023/CVE-2023-407xx/CVE-2023-40719.json) (`2023-11-21T02:05:04.860`) -* [CVE-2023-29157](CVE-2023/CVE-2023-291xx/CVE-2023-29157.json) (`2023-11-21T02:09:32.690`) -* [CVE-2023-47003](CVE-2023/CVE-2023-470xx/CVE-2023-47003.json) (`2023-11-21T02:14:29.237`) -* [CVE-2023-25652](CVE-2023/CVE-2023-256xx/CVE-2023-25652.json) (`2023-11-21T02:15:29.633`) -* [CVE-2023-5997](CVE-2023/CVE-2023-59xx/CVE-2023-5997.json) (`2023-11-21T02:16:59.767`) -* [CVE-2023-40923](CVE-2023/CVE-2023-409xx/CVE-2023-40923.json) (`2023-11-21T02:28:24.897`) -* [CVE-2023-4723](CVE-2023/CVE-2023-47xx/CVE-2023-4723.json) (`2023-11-21T02:30:52.053`) -* [CVE-2023-48088](CVE-2023/CVE-2023-480xx/CVE-2023-48088.json) (`2023-11-21T02:36:38.983`) -* [CVE-2023-48089](CVE-2023/CVE-2023-480xx/CVE-2023-48089.json) (`2023-11-21T02:37:44.817`) -* [CVE-2023-48087](CVE-2023/CVE-2023-480xx/CVE-2023-48087.json) (`2023-11-21T02:42:52.163`) -* [CVE-2023-5381](CVE-2023/CVE-2023-53xx/CVE-2023-5381.json) (`2023-11-21T02:45:00.847`) -* [CVE-2023-43591](CVE-2023/CVE-2023-435xx/CVE-2023-43591.json) (`2023-11-21T02:48:29.027`) -* [CVE-2023-47125](CVE-2023/CVE-2023-471xx/CVE-2023-47125.json) (`2023-11-21T02:58:51.787`) +* [CVE-2023-47126](CVE-2023/CVE-2023-471xx/CVE-2023-47126.json) (`2023-11-21T03:01:46.133`) +* [CVE-2023-47127](CVE-2023/CVE-2023-471xx/CVE-2023-47127.json) (`2023-11-21T03:05:46.807`) +* [CVE-2023-23367](CVE-2023/CVE-2023-233xx/CVE-2023-23367.json) (`2023-11-21T03:08:31.447`) +* [CVE-2023-47621](CVE-2023/CVE-2023-476xx/CVE-2023-47621.json) (`2023-11-21T03:10:58.357`) ## Download and Usage