diff --git a/CVE-2005/CVE-2005-02xx/CVE-2005-0227.json b/CVE-2005/CVE-2005-02xx/CVE-2005-0227.json
index c770f82a716..491866e5928 100644
--- a/CVE-2005/CVE-2005-02xx/CVE-2005-0227.json
+++ b/CVE-2005/CVE-2005-02xx/CVE-2005-0227.json
@@ -2,8 +2,8 @@
"id": "CVE-2005-0227",
"sourceIdentifier": "security@debian.org",
"published": "2005-05-02T04:00:00.000",
- "lastModified": "2017-10-11T01:29:54.123",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-18T20:54:44.113",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -58,73 +58,24 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "AFF09CFB-F7CE-4659-BB20-83231539F765"
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.3.0",
+ "versionEndExcluding": "7.3.9",
+ "matchCriteriaId": "4C486421-63ED-418C-BAE1-75690B1AC07D"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "EFE8C2A3-7575-41C6-896C-C367E6D35015"
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.4",
+ "versionEndExcluding": "7.4.7",
+ "matchCriteriaId": "7B6180C2-75D0-4196-AE96-9DA773C346E5"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "88ED8E8C-9044-4E77-923A-D5C6C02A1081"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "037FF208-82A1-4448-88FE-FACB922FE1E0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "458F558C-7550-48B8-8318-A0D5FAF9ABF8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "BF1A6E7C-B1DC-45CC-90B4-AFD6F669AA94"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.2.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "23B710BA-91FF-47B9-BB56-4711CD50D50F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "0C8DDD98-9A2D-402D-9172-F3C4C4C97FEF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "20C8302B-631A-4DF7-839B-C6F3CC39E000"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "FB318EB9-1B49-452A-92CF-89D9BA990AB9"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "5913A53B-7B72-4CBD-ADAE-318333EB8B7B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "815E58C0-327D-4F14-B496-05FC8179627E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "3EF2D056-5120-4F98-8343-4EC31F962CFE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "516E0E86-3D8A-43F9-9DD5-865F5C889FC4"
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndExcluding": "8.0.1",
+ "matchCriteriaId": "05B6F332-5104-4A52-A43E-24D70BC931C4"
}
]
}
@@ -136,7 +87,8 @@
"url": "http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php",
"source": "security@debian.org",
"tags": [
- "Patch"
+ "Patch",
+ "Vendor Advisory"
]
},
{
@@ -148,62 +100,83 @@
},
{
"url": "http://marc.info/?l=bugtraq&m=110726899107148&w=2",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://secunia.com/advisories/12948",
+ "source": "security@debian.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200502-08.xml",
"source": "security@debian.org",
"tags": [
- "Patch"
+ "Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2005/dsa-668",
"source": "security@debian.org",
"tags": [
- "Patch",
- "Vendor Advisory"
+ "Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:040",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2005-138.html",
"source": "security@debian.org",
"tags": [
"Patch",
- "Vendor Advisory"
+ "Third Party Advisory"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2005-150.html",
"source": "security@debian.org",
"tags": [
- "Patch",
- "Vendor Advisory"
+ "Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/12411",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.trustix.org/errata/2005/0003/",
"source": "security@debian.org",
"tags": [
"Patch",
- "Vendor Advisory"
+ "Third Party Advisory"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10234",
- "source": "security@debian.org"
+ "source": "security@debian.org",
+ "tags": [
+ "Broken Link"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2008/CVE-2008-18xx/CVE-2008-1897.json b/CVE-2008/CVE-2008-18xx/CVE-2008-1897.json
index 8903c600259..03ca0b8046e 100644
--- a/CVE-2008/CVE-2008-18xx/CVE-2008-1897.json
+++ b/CVE-2008/CVE-2008-18xx/CVE-2008-1897.json
@@ -2,7 +2,7 @@
"id": "CVE-2008-1897",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-04-23T16:05:00.000",
- "lastModified": "2018-10-11T20:37:48.463",
+ "lastModified": "2023-10-20T02:15:07.607",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -805,6 +805,31 @@
"url": "http://downloads.digium.com/pub/security/AST-2008-006.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "http://secunia.com/advisories/29927",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "http://secunia.com/advisories/30010",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "http://secunia.com/advisories/30042",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "http://secunia.com/advisories/34982",
+ "source": "cve@mitre.org"
+ },
{
"url": "http://security.gentoo.org/glsa/glsa-200905-01.xml",
"source": "cve@mitre.org"
@@ -833,10 +858,54 @@
"url": "http://www.vupen.com/english/advisories/2008/1324",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://downloads.asterisk.org/pub/security/AST-2008-006.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41966",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://github.com/jcollie/asterisk/commit/60de4fbbdf3ede49f158e23a9e3b679f2e519c1e",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/jcollie/asterisk/commit/771b3d8749b34b6eea4e03a2e514380da9582f90",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/jcollie/asterisk/commit/a8b180875b037b8da26f6a3bcc8e5e98b8c904d2",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/kaoru6/asterisk/commit/1fe14f38dd43dc894d21f85762b51208ba5c8acb",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/lyx2014/Asterisk/commit/0670e43c30135044e25cca7f80e1833e2c128653",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/mojolingo/asterisk/commit/20ac3662f137dbf7f42d5295590069a7d3b1166b",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/pruiz/asterisk/commit/e0ef9bd22810c6969a7f222eec04798f19a7e2d6",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/silentindark/asterisk-1/commit/fe8b7f31db687f8b9992864b82c93d22833019c7",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/xrg/asterisk-xrg/commit/10da3dab24e8ca08cf2c983f8d0206e383535b5a",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/xrg/asterisk-xrg/commit/51714a24347dc57f9a208a4a8af84115ef407b83",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00581.html",
"source": "cve@mitre.org"
diff --git a/CVE-2011/CVE-2011-100xx/CVE-2011-10004.json b/CVE-2011/CVE-2011-100xx/CVE-2011-10004.json
index d7bb7c06116..e38be8f8d76 100644
--- a/CVE-2011/CVE-2011-100xx/CVE-2011-10004.json
+++ b/CVE-2011/CVE-2011-100xx/CVE-2011-10004.json
@@ -2,8 +2,8 @@
"id": "CVE-2011-10004",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-17T00:15:10.500",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:29:50.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,6 +15,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -75,18 +97,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:reciply_project:reciply:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.1.8",
+ "matchCriteriaId": "83349496-D86A-43A2-9BFF-EE1395007AA0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/reciply/commit/e3ff616dc08d3aadff9253f1085e13f677d0c676",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.242189",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required"
+ ]
},
{
"url": "https://vuldb.com/?id.242189",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2011/CVE-2011-24xx/CVE-2011-2483.json b/CVE-2011/CVE-2011-24xx/CVE-2011-2483.json
index 1e98835e508..cac43414cd4 100644
--- a/CVE-2011/CVE-2011-24xx/CVE-2011-2483.json
+++ b/CVE-2011/CVE-2011-24xx/CVE-2011-2483.json
@@ -2,8 +2,8 @@
"id": "CVE-2011-2483",
"sourceIdentifier": "secalert@redhat.com",
"published": "2011-08-25T14:22:44.913",
- "lastModified": "2017-08-29T01:29:25.580",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:23:03.017",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -640,99 +640,207 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.2.0",
+ "versionEndExcluding": "8.2.22",
+ "matchCriteriaId": "5133F766-D0DC-49A9-A2BC-3109A40F147A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.3.0",
+ "versionEndExcluding": "8.3.16",
+ "matchCriteriaId": "6688FCE5-4C30-47AC-8780-52F20AFE9916"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.4.0",
+ "versionEndExcluding": "8.4.9",
+ "matchCriteriaId": "6BE21A26-98F2-4A2B-BE67-052377A46528"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.0.5",
+ "matchCriteriaId": "65CDFDE3-89F6-4961-8675-123D9D9D2471"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://freshmeat.net/projects/crypt_blowfish",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://php.net/security/crypt_blowfish",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://support.apple.com/kb/HT5130",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.debian.org/security/2011/dsa-2340",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.debian.org/security/2012/dsa-2399",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:165",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:178",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:179",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:180",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.openwall.com/crypt/",
"source": "secalert@redhat.com",
"tags": [
- "Patch"
+ "Mailing List",
+ "Patch",
+ "Third Party Advisory"
]
},
{
"url": "http://www.php.net/ChangeLog-5.php#5.3.7",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.php.net/archive/2011.php#id2011-08-18-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-9.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-1377.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-1378.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.securityfocus.com/bid/49241",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-1229-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69319",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2012/CVE-2012-100xx/CVE-2012-10016.json b/CVE-2012/CVE-2012-100xx/CVE-2012-10016.json
index c4797d54ed8..61103bec66d 100644
--- a/CVE-2012/CVE-2012-100xx/CVE-2012-10016.json
+++ b/CVE-2012/CVE-2012-100xx/CVE-2012-10016.json
@@ -2,8 +2,8 @@
"id": "CVE-2012-10016",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-17T00:15:10.603",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:30:01.200",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,6 +15,28 @@
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -65,8 +87,18 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -75,18 +107,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:halulu:simple-download-button-shortcode:1.0:*:*:*:*:wordpress:*:*",
+ "matchCriteriaId": "32AD9DB1-C290-4DAF-9DF2-B90916CB7AE6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/simple-download-button-shortcode/commit/e648a8706818297cf02a665ae0bae1c069dea5f1",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.242190",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required"
+ ]
},
{
"url": "https://vuldb.com/?id.242190",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2012/CVE-2012-33xx/CVE-2012-3380.json b/CVE-2012/CVE-2012-33xx/CVE-2012-3380.json
index c57867c0cc0..d4e25e55a6a 100644
--- a/CVE-2012/CVE-2012-33xx/CVE-2012-3380.json
+++ b/CVE-2012/CVE-2012-33xx/CVE-2012-3380.json
@@ -2,7 +2,7 @@
"id": "CVE-2012-3380",
"sourceIdentifier": "secalert@redhat.com",
"published": "2012-08-31T18:55:03.387",
- "lastModified": "2012-09-05T04:00:00.000",
+ "lastModified": "2023-10-17T17:00:32.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -62,9 +62,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:naxsi_project:naxsi:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.46",
- "matchCriteriaId": "6073CD69-CC51-442E-A5FC-4C5AC5405CD6"
+ "matchCriteriaId": "82590000-E9C8-4907-B363-8568BA6E0C9A"
}
]
}
@@ -83,6 +83,13 @@
"Patch"
]
},
+ {
+ "url": "http://secunia.com/advisories/49811",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
{
"url": "http://www.openwall.com/lists/oss-security/2012/07/05/1",
"source": "secalert@redhat.com"
@@ -90,6 +97,10 @@
{
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/3",
"source": "secalert@redhat.com"
+ },
+ {
+ "url": "http://www.osvdb.org/83617",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10021.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10021.json
index 8876da31e4e..de8bc327109 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10021.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10021.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-11T21:15:09.247",
- "lastModified": "2023-03-15T21:01:53.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:07.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739."
+ "value": "A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The patch is named 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10022.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10022.json
index 898ebdda502..c85e6a2b1cc 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10022.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10022.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-05T13:15:06.830",
- "lastModified": "2023-04-11T14:46:04.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:11.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The patch is identified as 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10023.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10023.json
index c741d0685ac..556b8ed55e6 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10023.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10023.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10023",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T09:15:07.000",
- "lastModified": "2023-04-17T14:12:43.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:11.833",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151."
+ "value": "A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The patch is named a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10024.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10024.json
index 8ca9ce2e6c6..ed71ff0b2d0 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10024.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10024.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10024",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T17:15:06.920",
- "lastModified": "2023-04-17T13:50:16.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:12.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The identifier of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10025.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10025.json
index f8937b7707e..6bc481270aa 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10025.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10025.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10025",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T17:15:06.987",
- "lastModified": "2023-04-17T13:59:28.013",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:12.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10026.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10026.json
index 51307802463..d981ed1d42c 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10026.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10026.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-02T02:15:27.267",
- "lastModified": "2023-05-09T17:18:59.857",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:13.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The identifier of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-100xx/CVE-2013-10027.json b/CVE-2013/CVE-2013-100xx/CVE-2013-10027.json
index 711fbc2d799..8d23b204368 100644
--- a/CVE-2013/CVE-2013-100xx/CVE-2013-10027.json
+++ b/CVE-2013/CVE-2013-100xx/CVE-2013-10027.json
@@ -2,12 +2,12 @@
"id": "CVE-2013-10027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-04T14:15:09.397",
- "lastModified": "2023-06-09T19:05:15.310",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:13.627",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The name of the patch is b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The patch is identified as b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2013/CVE-2013-43xx/CVE-2013-4300.json b/CVE-2013/CVE-2013-43xx/CVE-2013-4300.json
index 7acc38f3c9f..2aef53eea23 100644
--- a/CVE-2013/CVE-2013-43xx/CVE-2013-4300.json
+++ b/CVE-2013/CVE-2013-43xx/CVE-2013-4300.json
@@ -2,8 +2,8 @@
"id": "CVE-2013-4300",
"sourceIdentifier": "secalert@redhat.com",
"published": "2013-09-25T10:31:29.160",
- "lastModified": "2023-02-13T04:46:23.940",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:05:02.173",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -63,1143 +63,21 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "3.10.12",
- "matchCriteriaId": "A6B914D2-8827-4C24-AB90-8BF833364126"
+ "versionStartIncluding": "3.8.6",
+ "versionEndExcluding": "3.9",
+ "matchCriteriaId": "0E995DC9-9601-451D-827F-FBB0F55E5F32"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "D30AEC07-3CBD-4F4F-9646-BEAA1D98750B"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.10",
+ "versionEndExcluding": "3.10.13",
+ "matchCriteriaId": "D94B2ABE-93E9-44C8-B7A2-E6F5D155DE30"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*",
- "matchCriteriaId": "C2AA8E68-691B-499C-AEDD-3C0BFFE70044"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*",
- "matchCriteriaId": "9440475B-5960-4066-A204-F30AAFC87846"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*",
- "matchCriteriaId": "53BCFBFB-6AF0-4525-8623-7633CC5E17DB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*",
- "matchCriteriaId": "6ED4E86A-74F0-436A-BEB4-3F4EE93A5421"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*",
- "matchCriteriaId": "BF0365B0-8E16-4F30-BD92-5DD538CC8135"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*",
- "matchCriteriaId": "079505E8-2942-4C33-93D1-35ADA4C39E72"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "38989541-2360-4E0A-AE5A-3D6144AA6114"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "4E51646B-7A0E-40F3-B8C9-239C1DA81DD1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "42A8A507-F8E2-491C-A144-B2448A1DB26E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "901FC6F3-2C2A-4112-AE27-AB102BBE8DEE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "203AD334-DB9F-41B0-A4D1-A6C158EF8C40"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "B3611753-E440-410F-8250-600C996A4B8E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "9739BB47-EEAF-42F1-A557-2AE2EA9526A3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "5A95E3BB-0AFC-4C2E-B9BE-C975E902A266"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "482A6C9A-9B8E-4D1C-917A-F16370745E7C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "C6D87357-63E0-41D0-9F02-1BCBF9A77E63"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "3765A2D6-2D78-4FB1-989E-D5106BFA3F5E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "F54257DB-7023-43C4-AC4D-9590B815CD92"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*",
- "matchCriteriaId": "61FF5FCD-A4A1-4803-AC53-320A4C838AF6"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*",
- "matchCriteriaId": "9F096553-064F-46A2-877B-F32F163A0F49"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*",
- "matchCriteriaId": "C0D762D1-E3AD-40EA-8D39-83EEB51B5E85"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*",
- "matchCriteriaId": "A6187D19-7148-4B87-AD7E-244FF9EE0FA6"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*",
- "matchCriteriaId": "99AC64C2-E391-485C-9CD7-BA09C8FA5E63"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*",
- "matchCriteriaId": "8CDA5E95-7805-441B-BEF7-4448EA45E964"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*",
- "matchCriteriaId": "51561053-6C28-4F38-BC9B-3F7A7508EB72"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*",
- "matchCriteriaId": "118F4A5B-C498-4FC3-BE28-50D18EBE4F22"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*",
- "matchCriteriaId": "BD38EBE6-FE1A-4B55-9FB5-07952253B7A5"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*",
- "matchCriteriaId": "3A491E47-82AD-4055-9444-2EC0D6715326"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*",
- "matchCriteriaId": "13C5FD16-23B6-467F-9438-5B554922F974"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*",
- "matchCriteriaId": "9C67235F-5B51-4BF7-89EC-4810F720246F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*",
- "matchCriteriaId": "08405DEF-05F4-45F0-AC95-DBF914A36D93"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*",
- "matchCriteriaId": "1A7B9C4B-4A41-4175-9F07-191C1EE98C1F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*",
- "matchCriteriaId": "B306E0A8-4D4A-4895-8128-A500D30A7E0C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*",
- "matchCriteriaId": "295C839A-F34E-4853-A926-55EABC639412"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*",
- "matchCriteriaId": "2AFD5F49-7EF9-4CFE-95BD-8FD19B500B0A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*",
- "matchCriteriaId": "00B3DDDD-B2F6-4753-BA38-65A24017857D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*",
- "matchCriteriaId": "33FCD39E-F4BF-432D-9CF9-F195CF5844F3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*",
- "matchCriteriaId": "C7308690-CB0D-4758-B80F-D2ADCD2A9D66"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*",
- "matchCriteriaId": "313A470B-8A2B-478A-82B5-B27D2718331C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*",
- "matchCriteriaId": "83FF021E-07E3-41CC-AAE8-D99D7FF24B9D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*",
- "matchCriteriaId": "F72412E3-8DA9-4CC9-A426-B534202ADBA4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*",
- "matchCriteriaId": "FCAA9D7A-3C3E-4C0B-9D38-EA80E68C2E46"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*",
- "matchCriteriaId": "4A9E3AE5-3FCF-4CBB-A30B-082BCFBFB0CB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*",
- "matchCriteriaId": "CF715657-4C3A-4392-B85D-1BBF4DE45D89"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*",
- "matchCriteriaId": "4B63C618-AC3D-4EF7-AFDF-27B9BF482B78"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*",
- "matchCriteriaId": "C33DA5A9-5E40-4365-9602-82FB4DCD15B2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*",
- "matchCriteriaId": "EFAFDB74-40BD-46FA-89AC-617EB2C7160B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*",
- "matchCriteriaId": "CF5F17DA-30A7-40CF-BD7C-CEDF06D64617"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*",
- "matchCriteriaId": "71A276F5-BD9D-4C1B-90DF-9B0C15B6F7DF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*",
- "matchCriteriaId": "F8F6EBEC-3C29-444B-BB85-6EF239B59EC1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.45:*:*:*:*:*:*:*",
- "matchCriteriaId": "FDB91302-FD18-44CF-A8A8-B31483328539"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.46:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B81DC2B-46FA-4640-AD6C-2A404D94BA0B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.47:*:*:*:*:*:*:*",
- "matchCriteriaId": "BA6A1663-BC4C-4FC9-B5EB-A52EDED17B26"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.48:*:*:*:*:*:*:*",
- "matchCriteriaId": "69C33D6C-6B9F-49F4-B505-E7B589CDEC50"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.49:*:*:*:*:*:*:*",
- "matchCriteriaId": "C464796B-2F31-4159-A132-82A0C74137B7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.50:*:*:*:*:*:*:*",
- "matchCriteriaId": "1D6C6E46-FE29-4D2D-A0EC-43DA5112BCC3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.51:*:*:*:*:*:*:*",
- "matchCriteriaId": "1A370E91-73A1-4D62-8E7B-696B920203F8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.52:*:*:*:*:*:*:*",
- "matchCriteriaId": "340197CD-9645-4B7E-B976-F3F5A7D4C5BE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.53:*:*:*:*:*:*:*",
- "matchCriteriaId": "96030636-0C4A-4A10-B768-525D6A0E18CB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.54:*:*:*:*:*:*:*",
- "matchCriteriaId": "A42D8419-914F-4AD6-B0E9-C1290D514FF1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.55:*:*:*:*:*:*:*",
- "matchCriteriaId": "F4E2C88B-42EA-4F4F-B1F6-A9332EC6888B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.56:*:*:*:*:*:*:*",
- "matchCriteriaId": "2449D13B-3314-4182-832F-03F6B11AA31F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.57:*:*:*:*:*:*:*",
- "matchCriteriaId": "9A35B66C-F050-4462-A58E-FEE061B5582E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.58:*:*:*:*:*:*:*",
- "matchCriteriaId": "1B551164-0167-49BB-A3AE-4034BDA3DCB4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.59:*:*:*:*:*:*:*",
- "matchCriteriaId": "7244278E-49B6-4405-A14C-F3540C8F5AF8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.60:*:*:*:*:*:*:*",
- "matchCriteriaId": "B4C3E4B8-7274-4ABB-B7CE-6A39C183CE18"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.61:*:*:*:*:*:*:*",
- "matchCriteriaId": "6501EDB9-4847-47F8-90EE-B295626E4CDC"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.62:*:*:*:*:*:*:*",
- "matchCriteriaId": "2D676D48-7521-45E2-8563-6B966FF86A35"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.63:*:*:*:*:*:*:*",
- "matchCriteriaId": "3B69FA17-0AB9-4986-A5A7-2A4C1DD24222"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.64:*:*:*:*:*:*:*",
- "matchCriteriaId": "7BC35593-96C7-41F0-B738-1568F8129121"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.65:*:*:*:*:*:*:*",
- "matchCriteriaId": "38D23794-0E7C-4FA5-A7A8-CF940E3FA962"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.66:*:*:*:*:*:*:*",
- "matchCriteriaId": "008E1E7D-4C20-4560-9288-EF532ADB0029"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.67:*:*:*:*:*:*:*",
- "matchCriteriaId": "3B3A7044-A92E-47A9-A7BD-35E5B575F5FD"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.0.68:*:*:*:*:*:*:*",
- "matchCriteriaId": "783E2980-B6AB-489E-B157-B6A2E10A32CA"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "13BBD2A3-AE10-48B9-8776-4FB1CAC37D44"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*",
- "matchCriteriaId": "B25680CC-8918-4F27-8D7E-A6579215450B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*",
- "matchCriteriaId": "92C48B4C-410C-4BA8-A28A-B2E928320FCC"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*",
- "matchCriteriaId": "CB447523-855B-461E-8197-95169BE86EB0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "B155BBDF-6DF6-4FF5-9C41-D8A5266DCC67"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "28476DEC-9630-4B40-9D4D-9BC151DC4CA4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "5646880A-2355-4BDD-89E7-825863A0311F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "7FF99148-267A-46F8-9927-A9082269BAF6"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "A783C083-5D9C-48F9-B5A6-A97A9604FB19"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "2B817A24-03AC-46CD-BEFA-505457FD2A5D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "51CF1BCE-090E-4B70-BA16-ACB74411293B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "187AAD67-10D7-4B57-B4C6-00443E246AF3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "F341CE88-C5BC-4CDD-9CB5-B6BAD7152E63"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "37ACE2A6-C229-4236-8E9F-235F008F3AA0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "D3220B70-917F-4F9F-8A3B-2BF581281E8D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*",
- "matchCriteriaId": "99372D07-C06A-41FA-9843-6D57F99AB5AF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*",
- "matchCriteriaId": "2B9DC110-D260-4DB4-B8B0-EF1D160ADA07"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*",
- "matchCriteriaId": "6192FE84-4D53-40D4-AF61-78CE7136141A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*",
- "matchCriteriaId": "42FEF3CF-1302-45EB-89CC-3786FE4BAC1F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*",
- "matchCriteriaId": "AE6A6B58-2C89-4DE4-BA57-78100818095C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*",
- "matchCriteriaId": "1D467F87-2F13-4D26-9A93-E0BA526FEA24"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "FE348F7B-02DE-47D5-8011-F83DA9426021"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "E91594EA-F0A3-41B3-A9C6-F7864FC2F229"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "9E1ECCDB-0208-48F6-B44F-16CC0ECE3503"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "FBA8B5DE-372E-47E0-A0F6-BE286D509CC3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "9A1CA083-2CF8-45AE-9E15-1AA3A8352E3B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "19D69A49-5290-4C5F-8157-719AD58D253D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "290BD969-42E7-47B0-B21B-06DE4865432C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "23A9E29E-DE78-4C73-9FBD-C2410F5FC8B8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "018434C9-E75F-45CB-A169-DAB4B1D864D7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "DC0AC68F-EC58-4C4F-8CBC-A59ECC00CCDE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "C123C844-F6D7-471E-A62E-F756042FB1CD"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "A11C38BB-7FA2-49B0-AAC9-83DB387A06DB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*",
- "matchCriteriaId": "61F3733C-E5F6-4855-B471-DF3FB823613B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*",
- "matchCriteriaId": "1DDCA75F-9A06-4457-9A45-38A38E7F7086"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*",
- "matchCriteriaId": "7AEA837E-7864-4003-8DB7-111ED710A7E1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*",
- "matchCriteriaId": "B6FE471F-2D1F-4A1D-A197-7E46B75787E1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*",
- "matchCriteriaId": "FDA9E6AB-58DC-4EC5-A25C-11F9D0B38BF7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*",
- "matchCriteriaId": "DC6B8DB3-B05B-41A2-B091-342D66AAE8F5"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*",
- "matchCriteriaId": "958F0FF8-33EF-4A71-A0BD-572C85211DBA"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*",
- "matchCriteriaId": "FBA39F48-B02F-4C48-B304-DA9CCA055244"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*",
- "matchCriteriaId": "1FF841F3-48A7-41D7-9C45-A8170435A5EB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*",
- "matchCriteriaId": "EF506916-A6DC-4B1E-90E5-959492AF55F4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*",
- "matchCriteriaId": "B3CDAD1F-2C6A-48C0-8FAB-C2659373FA25"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*",
- "matchCriteriaId": "4FFE4B22-C96A-43D0-B993-F51EDD9C5E0E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*",
- "matchCriteriaId": "F571CC8B-B212-4553-B463-1DB01D616E8A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*",
- "matchCriteriaId": "84E3E151-D437-48ED-A529-731EEFF88567"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*",
- "matchCriteriaId": "E9E3EA3C-CCA5-4433-86E0-3D02C4757A0A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*",
- "matchCriteriaId": "F7AC4F7D-9FA6-4CF1-B2E9-70BF7D4D177C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*",
- "matchCriteriaId": "3CE3A80D-9648-43CC-8F99-D741ED6552BF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*",
- "matchCriteriaId": "C8A98C03-A465-41B4-A551-A26FEC7FFD94"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "AFB76697-1C2F-48C0-9B14-517EC053D4B3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "BED88DFD-1DC5-4505-A441-44ECDEF0252D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*",
- "matchCriteriaId": "DBFD2ACD-728A-4082-BB6A-A1EF6E58E47D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*",
- "matchCriteriaId": "C31B0E51-F62D-4053-B04F-FC4D5BC373D2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*",
- "matchCriteriaId": "A914303E-1CB6-4AAD-9F5F-DE5433C4E814"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*",
- "matchCriteriaId": "203BBA69-90B2-4C5E-8023-C14180742421"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*",
- "matchCriteriaId": "0DBFAB53-B889-4028-AC0E-7E165B152A18"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*",
- "matchCriteriaId": "FE409AEC-F677-4DEF-8EB7-2C35809043CE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "578EC12B-402F-4AD4-B8F8-C9B2CAB06891"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "877002ED-8097-4BB4-BB88-6FC6306C38B2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "76294CE3-D72C-41D5-9E0F-B693D0042699"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "916E97D4-1FAB-42F5-826B-653B1C0909A8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "33FD2217-C5D0-48C1-AD74-3527127FEF9C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "2E92971F-B629-4E0A-9A50-8B235F9704B8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "EDD3A069-3829-4EE2-9D5A-29459F29D4C1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "A4A0964C-CEB2-41D7-A69C-1599B05B6171"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "0F960FA6-F904-4A4E-B483-44C70090E9A1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "261C1B41-C9E0-414F-8368-51C0C0B8AD38"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*",
- "matchCriteriaId": "5CCA261D-2B97-492F-89A0-5F209A804350"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*",
- "matchCriteriaId": "1B1C0C68-9194-473F-BE5E-EC7F184899FA"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*",
- "matchCriteriaId": "D7A6AC9E-BEA6-44B0-B3B3-F0F94E32424A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*",
- "matchCriteriaId": "16038328-9399-4B85-B777-BA4757D02C9B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*",
- "matchCriteriaId": "16CA2757-FA8D-43D9-96E8-D3C0EB6E1DEF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*",
- "matchCriteriaId": "E8CB5481-5EAE-401E-BD7E-D3095CCA9E94"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "A0F36FAC-141D-476D-84C5-A558C199F904"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "51D64824-25F6-4761-BD6A-29038A143744"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "E284C8A1-740F-454D-A774-99CD3A21B594"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "C70D72AE-0CBF-4324-9935-57E28EC6279C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "F674B06B-7E86-4E41-9126-8152D0DDABAE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "7039B3EC-8B22-413E-B582-B4BEC6181241"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "35CF1DD2-80B9-4476-8963-5C3EF52B33F4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "BFB0B05B-A5CE-4B9C-AE7F-83062868D35B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "D166A66E-7454-47EC-BB56-861A9AFEAFE1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "7DA94F50-2A62-4300-BF4D-A342AAE35629"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "252D937B-50DC-444F-AE73-5FCF6203DF27"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "F6D8EE51-02C1-47BC-A92C-0A8ABEFD28FF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*",
- "matchCriteriaId": "7F20A5D7-3B38-4911-861A-04C8310D5916"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*",
- "matchCriteriaId": "D472DE3A-71D8-4F40-9DDE-85929A2B047D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*",
- "matchCriteriaId": "B2AED943-65A8-4FDB-BBD0-CCEF8682A48C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*",
- "matchCriteriaId": "D4640185-F3D8-4575-A71D-4C889A93DE2C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*",
- "matchCriteriaId": "144CCF7C-025E-4879-B2E7-ABB8E4390BE5"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*",
- "matchCriteriaId": "B6FAA052-0B2B-40CE-8C98-919B8D08A5ED"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*",
- "matchCriteriaId": "4B5A53DE-9C83-4A6B-96F3-23C03BF445D9"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*",
- "matchCriteriaId": "063EB879-CB05-4E33-AA90-9E43516839B5"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*",
- "matchCriteriaId": "2D25764F-4B02-4C65-954E-8C7D6632DE00"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*",
- "matchCriteriaId": "F31F5BF3-CD0A-465C-857F-273841BCD28A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*",
- "matchCriteriaId": "FF302C8A-079B-42B9-B455-CD9083BFA067"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*",
- "matchCriteriaId": "744999C0-33D3-4363-B3DB-E0D02CDD3918"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.25:*:*:*:*:*:*:*",
- "matchCriteriaId": "C2E77A76-2A60-45D8-9337-867BC22C5110"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.26:*:*:*:*:*:*:*",
- "matchCriteriaId": "C9F4AAE7-C870-46B7-B559-2949737BE777"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.27:*:*:*:*:*:*:*",
- "matchCriteriaId": "20FA2824-20B0-48B8-BB0A-4904C1D3E8AA"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.28:*:*:*:*:*:*:*",
- "matchCriteriaId": "9F9B347E-61AC-419F-9701-B862BBFA46F2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.29:*:*:*:*:*:*:*",
- "matchCriteriaId": "989F351C-8B7C-4C1B-AFA2-AE9431576368"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.30:*:*:*:*:*:*:*",
- "matchCriteriaId": "8D22172A-9FA7-42E0-8451-165D8E47A573"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.31:*:*:*:*:*:*:*",
- "matchCriteriaId": "CE31624C-94F9-45D8-9B4A-D0028F10602F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.4.32:*:*:*:*:*:*:*",
- "matchCriteriaId": "70967A83-28F6-4568-9ADA-6EF232E5BBC2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "962B0C45-AB29-4383-AC16-C6E8245D0FF7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "A0EE126B-74B2-4F79-BFE1-3DC169F3F9B2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "392075E0-A9C7-4B4A-90F9-7F1ADFF5EFA7"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "ECC66968-06F0-4874-A95A-A292C36E45C1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "5FE986E6-1068-4E1B-8EAB-DF1EAF32B4E3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "543E8536-1A8E-4E76-B89F-1B1F9F26FAB8"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "EC2B45E3-31E1-4B46-85FA-3A84E75B8F84"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "DDB8CC75-D3EE-417C-A83D-CB6D666FE595"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "09A072F1-7BEE-4236-ACBB-55DB8FEF4A03"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "E19D5A58-17D6-4502-A57A-70B2F84817A4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "D58BA035-1204-4DFA-98A1-12111FB6222E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "A17F2E87-8EB8-476A-B5B5-9AE5CF53D9FE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "A8CCC101-5852-4299-9B67-EA1B149D58C0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "B8074D32-C252-4AD3-A579-1C5EDDD7014B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "962AA802-8179-4606-AAC0-9363BAEABC9F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "1286C858-D5A2-45F3-86D1-E50FE53FB23C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "5AC4A13E-F560-4D01-98A3-E2A2B82EB25B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "942C462A-5398-4BB9-A792-598682E1FEF2"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "B852F7E0-0282-483D-BB4D-18CB7A4F1392"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "53ED9A31-99CC-41C8-8B72-5B2A9B49AA6C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "EFD646BC-62F7-47CF-B0BE-768F701F7D9A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "F43D418E-87C1-4C83-9FF1-4F45B4F452DD"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "680D0E00-F29A-487C-8770-8E7EAC672B7C"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "2DCA96A4-A836-4E94-A39C-3AD3EA1D9611"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "753C05E3-B603-4E36-B9BA-FAEDCBF62A7D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "E385C2E0-B9F1-4564-8E6D-56FD9E762405"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "041335D4-05E1-4004-9381-28AAD5994B47"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "370F2AE5-3DBC-46B9-AC70-F052C9229C00"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "7A971BE3-259D-4494-BBC5-12793D92DB57"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.7.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "8E4719A6-FDEA-4714-A830-E23A52AE90BC"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "1A6E41FB-38CE-49F2-B796-9A5AA648E73F"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "93523FE1-5993-46CB-9299-7C8C1A04E873"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "27ADC356-6BE9-43A3-9E0B-393DC4B1559A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "4F543D23-1774-4D14-A7D1-AD49EDEA94DD"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "FC323F58-CA00-4C3C-BA4D-CC2C0A6E5F43"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "FEA0B2E3-668D-40ED-9D3D-709EB6449F8D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "3431B258-4EC8-4E7F-87BB-4D934880601E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "1B09FA1E-8B28-4F2A-BA7E-8E1C40365970"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "91917120-9D68-41C0-8B5D-85C256BC6200"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "AAD268A0-096C-4C31-BEC5-D47F5149D462"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "32BD2427-C47F-4660-A1D9-448E500EF5B9"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "02048CE5-81C7-4DFB-BC40-CE4C86B7E022"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "934D2B37-0575-4A75-B00B-0028316D6DF0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.8.13:*:*:*:*:*:*:*",
- "matchCriteriaId": "06754C21-995C-4850-A4DC-F21826C0F8C5"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:-:*:*:*:*:*:*",
+ "matchCriteriaId": "526A1838-B777-4270-82B2-E8BC398CB046"
},
{
"vulnerable": true,
@@ -1220,136 +98,43 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
"matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.8.6",
+ "versionEndExcluding": "3.9",
+ "matchCriteriaId": "0E995DC9-9601-451D-827F-FBB0F55E5F32"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*",
- "matchCriteriaId": "BEE406E7-87BA-44BA-BF61-673E6CC44A2F"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "42633FF9-FB0C-4095-B4A1-8D623A98683B"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*",
- "matchCriteriaId": "29FBA173-658F-45DC-8205-934CACD67166"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
+ "matchCriteriaId": "08C04619-89A2-4B15-82A2-48BCC662C1F1"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc7:*:*:*:*:*:*",
- "matchCriteriaId": "139700F0-BA32-40CF-B9DF-C9C450384FDE"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
+ "matchCriteriaId": "5B039196-7159-476C-876A-C61242CC41DA"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "E578085C-3968-4543-BEBA-EE3C3CB4FA02"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "4DCFA441-68FB-4559-A245-FF0B79DE43CA"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "8C2508D8-6571-4B81-A0D7-E494CCD039CE"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "8B516926-5E86-4C0A-85F3-F64E1FCDA249"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "069D774D-79BE-479F-BF4E-F021AD808114"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "D15B27A9-46E0-4DDF-A00C-29F8F1F18D73"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "A381BB4A-28B4-4672-87EE-91B3DDD6C71A"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "922F80CF-937D-4FA2-AFF2-6E47FFE9E1E9"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "A548ADF4-9E3B-407C-A5ED-05150EB3A185"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "9C623230-4497-41B9-9BD2-7A6CFDD77983"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "C72FA8A6-60A6-4486-A245-7BEF8B2A2711"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.9.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "0A498D90-BB99-405E-9FA6-1FBFE179787E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "D0D32776-8ADB-4E79-846A-C0C99FED19E0"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "B7D01673-D13F-487F-81B6-1279C187277E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:*:*",
- "matchCriteriaId": "ADB27A3E-78E4-40F7-9716-A1099B0D85FB"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:*:*",
- "matchCriteriaId": "16E7136A-A8A6-4BF5-AF5D-AFB5C7A10712"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "6FE127AC-E61D-427A-B998-D60DF5AABA21"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:*:*",
- "matchCriteriaId": "3819FF99-AEC5-4466-8542-D395419E4308"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.7:*:*:*:*:*:*:*",
- "matchCriteriaId": "E621FA1A-464B-4D2A-A0D6-EDA475A3709B"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.8:*:*:*:*:*:*:*",
- "matchCriteriaId": "B760B422-EA11-43AB-B6D2-CA54E7229663"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "D2CA7BBC-917C-4F31-A442-465C30444836"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "AE778000-4FD5-4032-86CE-5930EF4CB7C1"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.11:*:*:*:*:*:*:*",
- "matchCriteriaId": "B3344EEB-F037-48FE-81DC-67F6384F7D9A"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
+ "matchCriteriaId": "3A9E0457-53C9-44DD-ACFB-31EE1D1E060E"
}
]
}
@@ -1359,29 +144,42 @@
"references": [
{
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d661684cf6820331feae71146c35da83d794467e",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/09/05/3",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
+ "Mailing List",
"Patch"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-1995-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.ubuntu.com/usn/USN-1998-1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004736",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
+ "Issue Tracking",
"Patch"
]
},
diff --git a/CVE-2013/CVE-2013-45xx/CVE-2013-4584.json b/CVE-2013/CVE-2013-45xx/CVE-2013-4584.json
index 1bae0c49539..1c221a5eb12 100644
--- a/CVE-2013/CVE-2013-45xx/CVE-2013-4584.json
+++ b/CVE-2013/CVE-2013-45xx/CVE-2013-4584.json
@@ -2,8 +2,8 @@
"id": "CVE-2013-4584",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-11-15T15:15:11.450",
- "lastModified": "2019-11-22T19:02:05.860",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T13:15:08.520",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,13 @@
"VDB Entry"
]
},
+ {
+ "url": "https://access.redhat.com/security/cve/cve-2013-4584",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Broken Link"
+ ]
+ },
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89184",
"source": "secalert@redhat.com",
@@ -144,6 +151,10 @@
"VDB Entry"
]
},
+ {
+ "url": "https://github.com/horms/perdition/commit/62a0ce94aeb7dd99155882956ce9e327ab914ddf",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4584",
"source": "secalert@redhat.com",
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125027.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125027.json
index bcb72835477..45eebaf57b6 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125027.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125027.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T16:15:08.650",
- "lastModified": "2023-01-09T15:05:52.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:14.350",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The name of the patch is 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147."
+ "value": "A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function get_user_icons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.18 is able to address this issue. The patch is named 0ba3fd4be29dd48fa4455c236a9403b3149a4fd4. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217147."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125029.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125029.json
index b625d73fe15..d5b54e86bbe 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125029.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125029.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T22:15:08.637",
- "lastModified": "2023-01-12T20:05:10.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:14.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125030.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125030.json
index 55b7670dc09..b8c3266ab46 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125030.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125030.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-01T09:15:09.463",
- "lastModified": "2023-01-09T16:33:36.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:15.220",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The name of the patch is 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in taoeffect Empress. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. The patch is identified as 557e177d8a309d6f0f26de46efb38d43e000852d. It is recommended to apply a patch to fix this issue. VDB-217154 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125032.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125032.json
index 53c27009c41..05281164af6 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125032.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125032.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125032",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T08:15:09.827",
- "lastModified": "2023-01-09T17:11:56.250",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:15.700",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The name of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability."
+ "value": "A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125033.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125033.json
index 1965234e480..4dda59c24cf 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125033.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125033.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125033",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T08:15:09.930",
- "lastModified": "2023-01-09T17:50:38.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:16.107",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The name of the patch is 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in rails-cv-app. It has been rated as problematic. Affected by this issue is some unknown functionality of the file app/controllers/uploaded_files_controller.rb. The manipulation with the input ../../../etc/passwd leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The patch is identified as 0d20362af0a5f8a126f67c77833868908484a863. It is recommended to apply a patch to fix this issue. VDB-217178 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125034.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125034.json
index 23d7c7e4732..cdb1150e1e3 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125034.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125034.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125034",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T11:15:09.963",
- "lastModified": "2023-01-09T17:20:15.007",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:16.547",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The name of the patch is 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183."
+ "value": "A vulnerability has been found in stiiv contact_app and classified as problematic. Affected by this vulnerability is the function render of the file libs/View.php. The manipulation of the argument var leads to cross site scripting. The attack can be launched remotely. The patch is named 67bec33f559da9d41a1b45eb9e992bd8683a7f8c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217183."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125035.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125035.json
index 8beace66b32..89fcf0143fa 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125035.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125035.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T16:15:10.330",
- "lastModified": "2023-01-09T18:29:06.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T06:15:16.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125036.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125036.json
index 745738234d2..1170ef4ab0e 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125036.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125036.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125036",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T19:15:10.280",
- "lastModified": "2023-01-09T19:01:33.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:09.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The name of the patch is ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125037.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125037.json
index dfe62e443db..b3fdbb2654b 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125037.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125037.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125037",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T18:15:18.787",
- "lastModified": "2023-01-09T19:01:31.350",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:10.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The name of the patch is cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191."
+ "value": "A vulnerability, which was classified as critical, was found in License to Kill. This affects an unknown part of the file models/injury.rb. The manipulation of the argument name leads to sql injection. The patch is named cd11cf174f361c98e9b1b4c281aa7b77f46b5078. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217191."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125041.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125041.json
index 28eb1a36316..fecf1f62f5a 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125041.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125041.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125041",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T15:15:10.177",
- "lastModified": "2023-01-11T20:05:13.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.023",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125044.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125044.json
index f6c65b98c0d..ca60043aeb1 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125044.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125044.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125044",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T20:15:18.150",
- "lastModified": "2023-01-12T02:47:06.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515."
+ "value": "A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This affects an unknown part of the file index.php. The manipulation of the argument p leads to file inclusion. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is named 567bc33e6ed82b0d0179c9add707ac2b257aeaf2. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217515."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125045.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125045.json
index adc9dea6d7f..82e1affecb2 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125045.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125045.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125045",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T22:15:08.700",
- "lastModified": "2023-01-11T21:09:49.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.293",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The name of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in meol1 and classified as critical. Affected by this vulnerability is the function GetAnimal of the file opdracht4/index.php. The manipulation of the argument where leads to sql injection. The identifier of the patch is 82441e413f87920d1e8f866e8ef9d7f353a7c583. It is recommended to apply a patch to fix this issue. The identifier VDB-217525 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125046.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125046.json
index 9b23c325807..824820c9ebc 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125046.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125046.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125046",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T10:15:09.437",
- "lastModified": "2023-01-12T13:53:18.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551."
+ "value": "A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125047.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125047.json
index 0707fd18d47..67dca631224 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125047.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125047.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125047",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T12:15:08.657",
- "lastModified": "2023-01-12T14:43:17.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.470",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125048.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125048.json
index 016277df7b9..fa5fc5980e1 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125048.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125048.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125048",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T13:15:09.670",
- "lastModified": "2023-01-12T14:50:27.587",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559."
+ "value": "A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125049.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125049.json
index 925a87c5f88..96122dc205d 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125049.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125049.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125049",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T13:15:09.750",
- "lastModified": "2023-01-12T20:03:56.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125050.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125050.json
index 00f85e41572..c29cd67abc1 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125050.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125050.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125050",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T17:15:08.870",
- "lastModified": "2023-01-12T15:32:21.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125052.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125052.json
index d3f9dbdfe6f..86944a5de41 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125052.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125052.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125052",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T21:15:09.060",
- "lastModified": "2023-01-12T15:51:27.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.823",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571."
+ "value": "A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125053.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125053.json
index 9d79430f1a9..f9ca5612a70 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125053.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125053.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125053",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T23:15:09.483",
- "lastModified": "2023-01-12T15:27:02.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.910",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The patch is identified as 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125054.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125054.json
index 0dc45e5abd0..044c592aabe 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125054.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125054.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125054",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T09:15:21.197",
- "lastModified": "2023-01-12T16:52:05.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:11.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The patch is identified as 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125055.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125055.json
index 810415f4659..251794385f5 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125055.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125055.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125055",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T09:15:21.470",
- "lastModified": "2023-01-12T16:52:39.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.090",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596."
+ "value": "A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125056.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125056.json
index 95b588169dd..96e318730a5 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125056.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125056.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125056",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T10:15:08.753",
- "lastModified": "2023-01-12T16:38:16.960",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.180",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125057.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125057.json
index ffa3036cca2..6151dcca5b1 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125057.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125057.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125057",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T10:15:09.260",
- "lastModified": "2023-01-12T20:03:21.313",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599."
+ "value": "A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125058.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125058.json
index d8198835c63..f5221fb5693 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125058.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125058.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125058",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T11:15:08.787",
- "lastModified": "2023-01-12T16:44:31.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.353",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code."
+ "value": "A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125059.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125059.json
index df64a997530..bb6cae70a9b 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125059.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125059.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125059",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.040",
- "lastModified": "2023-01-12T20:10:02.080",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.437",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers."
+ "value": "A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 0.1.0 is able to address this issue. The identifier of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125060.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125060.json
index e19339d5122..2a88e64e04f 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125060.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125060.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125060",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.127",
- "lastModified": "2023-01-12T17:52:00.313",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.527",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The patch is identified as b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125061.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125061.json
index 3063a4f07c2..61cbcdc6fd6 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125061.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125061.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125061",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.210",
- "lastModified": "2023-01-12T18:13:13.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.613",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125062.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125062.json
index e9e4c3f1dfc..8c875e8d826 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125062.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125062.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T17:15:09.347",
- "lastModified": "2023-01-12T19:03:37.737",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.700",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The identifier of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125063.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125063.json
index 9a72b2a8272..6ef2047cb95 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125063.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125063.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125063",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T19:15:09.167",
- "lastModified": "2023-01-12T20:32:29.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability."
+ "value": "A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125067.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125067.json
index 984111c1e34..41023d4db72 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125067.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125067.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125067",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T10:15:11.433",
- "lastModified": "2023-01-12T17:27:08.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.880",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639."
+ "value": "A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The patch is named d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125068.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125068.json
index 922fe563717..2f2b18171c8 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125068.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125068.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125068",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T11:15:09.917",
- "lastModified": "2023-01-12T16:48:03.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:12.967",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643."
+ "value": "A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The patch is named 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125070.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125070.json
index 6dc64e00f96..bb29d77c35e 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125070.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125070.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T18:15:09.917",
- "lastModified": "2023-01-12T22:25:48.720",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.060",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651."
+ "value": "A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The patch is named ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125072.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125072.json
index 4251c154881..dbff0cbab5b 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125072.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125072.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125072",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T22:15:09.873",
- "lastModified": "2023-01-13T06:48:47.090",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.170",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719."
+ "value": "A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125073.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125073.json
index ab669f565ea..79e4fa65e83 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125073.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125073.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125073",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-10T16:15:10.657",
- "lastModified": "2023-01-14T21:28:10.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.257",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125074.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125074.json
index ce36bf477e1..76ba533980a 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125074.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125074.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125074",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T15:15:08.877",
- "lastModified": "2023-01-19T14:41:35.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.347",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json
index 94dad6c9da3..35fb9dd4288 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125075.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125075",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T19:15:09.013",
- "lastModified": "2023-01-18T19:16:11.000",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.447",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability."
+ "value": "A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The identifier of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125076.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125076.json
index af868dc1e24..d65ef799b15 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125076.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125076.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125076",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T19:15:09.160",
- "lastModified": "2023-01-18T18:33:54.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.527",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identified as 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125077.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125077.json
index d93d7bd7314..a03c7f88262 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125077.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125077.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125077",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T09:15:13.613",
- "lastModified": "2023-01-24T16:20:02.247",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.613",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The name of the patch is 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351."
+ "value": "A vulnerability, which was classified as critical, has been found in pointhi searx_stats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218351."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125078.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125078.json
index eaf026e72a8..eaae500c0ef 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125078.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125078.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125078",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T09:15:13.693",
- "lastModified": "2023-01-24T15:19:37.107",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.720",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125080.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125080.json
index acae138c453..3faf659751e 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125080.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125080.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125080",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T18:15:10.147",
- "lastModified": "2023-01-24T19:12:56.057",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.827",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The name of the patch is a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in frontaccounting faplanet and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. The patch is identified as a5dcd87f46080a624b1a9ad4b0dd035bbd24ac50. It is recommended to apply a patch to fix this issue. VDB-218398 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json
index 159da6f4c9c..8fbb9dbfc69 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125081.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125081",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T23:15:15.173",
- "lastModified": "2023-01-24T19:33:34.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:13.920",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459."
+ "value": "A vulnerability, which was classified as critical, has been found in risheesh debutsav. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 7a8430df79277c613449262201cc792db894fc76. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218459."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125083.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125083.json
index 7c2b2270e59..47981162897 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125083.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125083.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125083",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-19T10:15:11.490",
- "lastModified": "2023-01-25T21:41:10.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:14.033",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The name of the patch is 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911."
+ "value": "A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json
index 234103b914e..d9f6af1e387 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125084.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125084",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T00:15:08.823",
- "lastModified": "2023-02-12T04:56:27.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:14.130",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
index 20bbdb14c80..1528df1e9c9 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125085.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T00:15:08.913",
- "lastModified": "2023-02-12T04:55:52.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:14.233",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is identified as f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
index 2e30fb87161..aa973f1d29a 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125086.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T04:15:07.927",
- "lastModified": "2023-02-12T04:55:20.033",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T07:15:14.340",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207."
+ "value": "A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125089.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125089.json
index b74e1f8065a..a237329348d 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125089.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125089.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125089",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T03:15:10.637",
- "lastModified": "2023-03-02T23:16:24.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.377",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability."
+ "value": "A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The identifier of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125090.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125090.json
index aa1329f9242..1892f3d0fe7 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125090.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125090.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125090",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-04T20:15:09.977",
- "lastModified": "2023-03-09T20:51:45.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.480",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPress. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The patch is identified as 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125091.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125091.json
index 46870cf2ff3..cf7709f1c33 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125091.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125091.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125091",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-04T22:15:09.510",
- "lastModified": "2023-03-09T20:48:50.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.560",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268."
+ "value": "A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on WordPress and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125092.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125092.json
index ce1592d7444..c330278e996 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125092.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125092.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-05T21:15:09.840",
- "lastModified": "2023-03-09T20:52:46.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.627",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323."
+ "value": "A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPress and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The patch is named e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json
index 52cd4600546..aa3b8d2aa9a 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125093.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-10T02:15:58.147",
- "lastModified": "2023-03-15T16:28:43.793",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.693",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 on WordPress and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The patch is identified as 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json
index a69e32f8236..b4c22b6253e 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125095.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125095",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-09T06:15:10.593",
- "lastModified": "2023-04-18T01:09:39.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320."
+ "value": "A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json
index 4d4f5345600..2a038da8a39 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125096.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T03:15:07.040",
- "lastModified": "2023-04-13T19:51:24.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.853",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The identifier of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125097.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125097.json
index d6817479265..003d6d838a6 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125097.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125097.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125097",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T04:15:07.577",
- "lastModified": "2023-04-13T20:09:39.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.920",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1250xx/CVE-2014-125099.json b/CVE-2014/CVE-2014-1250xx/CVE-2014-125099.json
index f17087b560b..cbe0998c73e 100644
--- a/CVE-2014/CVE-2014-1250xx/CVE-2014-125099.json
+++ b/CVE-2014/CVE-2014-1250xx/CVE-2014-125099.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-20T06:15:06.867",
- "lastModified": "2023-04-29T02:54:19.860",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:08.993",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The name of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in I Recommend This Plugin up to 3.7.2 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the file dot-irecommendthis.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 058b3ef5c7577bf557557904a53ecc8599b13649. It is recommended to upgrade the affected component. The identifier VDB-226309 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json
index 7455ecf5789..7ed0959e490 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125101.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125101",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-28T13:15:09.347",
- "lastModified": "2023-06-02T18:23:01.813",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.083",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The identifier of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125102.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125102.json
index 0c8ad2e4550..94591961690 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125102.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125102.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125102",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-29T23:15:09.367",
- "lastModified": "2023-06-05T17:32:16.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.163",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
index 8b6fe350095..a2dd907226f 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125103.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.077",
- "lastModified": "2023-06-06T15:57:09.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.240",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155."
+ "value": "A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The patch is named e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
index 612cc4c3b57..46561830c1d 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125104.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T13:15:10.087",
- "lastModified": "2023-06-08T15:34:11.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.307",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263."
+ "value": "A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263."
}
],
"metrics": {
diff --git a/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json
index 112077ec535..55a99be192e 100644
--- a/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json
+++ b/CVE-2014/CVE-2014-1251xx/CVE-2014-125105.json
@@ -2,12 +2,12 @@
"id": "CVE-2014-125105",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-05T01:15:45.637",
- "lastModified": "2023-06-09T23:49:55.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.387",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659."
+ "value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The patch is named 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659."
},
{
"lang": "es",
diff --git a/CVE-2014/CVE-2014-35xx/CVE-2014-3577.json b/CVE-2014/CVE-2014-35xx/CVE-2014-3577.json
index dca41e4380e..02a28c335ef 100644
--- a/CVE-2014/CVE-2014-35xx/CVE-2014-3577.json
+++ b/CVE-2014/CVE-2014-35xx/CVE-2014-3577.json
@@ -2,7 +2,7 @@
"id": "CVE-2014-3577",
"sourceIdentifier": "secalert@redhat.com",
"published": "2014-08-21T14:55:05.100",
- "lastModified": "2021-10-07T00:15:07.220",
+ "lastModified": "2023-10-27T15:15:09.487",
"vulnStatus": "Modified",
"evaluatorComment": "CWE-297: Improper Validation of Certificate with Host Mismatch",
"descriptions": [
@@ -264,6 +264,20 @@
"Third Party Advisory"
]
},
+ {
+ "url": "http://secunia.com/advisories/60589",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://secunia.com/advisories/60713",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "http://www.openwall.com/lists/oss-security/2021/10/06/1",
"source": "secalert@redhat.com"
@@ -366,6 +380,10 @@
{
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E",
"source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0003/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10007.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10007.json
index 14551e4fdd1..1160122d8fd 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10007.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10007.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10007",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T11:15:10.413",
- "lastModified": "2023-01-09T18:06:43.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.490",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10008.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10008.json
index 26f00cd0ee5..6da82f7b7af 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10008.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10008.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10008",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T11:15:10.623",
- "lastModified": "2023-01-09T18:08:11.130",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The identifier of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier VDB-217185 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10009.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10009.json
index 437fd2b1df8..d801347d30b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10009.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10009.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10009",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T16:15:10.417",
- "lastModified": "2023-01-09T18:37:55.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.623",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The name of the patch is fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187."
+ "value": "A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/code_caller_controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/* leads to code injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.1 is able to address this issue. The patch is named fba7d89176fba8fe289edd58835fe45080797d99. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217187."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10010.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10010.json
index 71b71d91a14..be246baabe4 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10010.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10010.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10010",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T21:15:10.207",
- "lastModified": "2023-01-09T19:06:19.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.693",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196."
+ "value": "A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The name of the patch is c680170d5583cd9342fe1af43001fe8b2b8004dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217196."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10011.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10011.json
index a237e6d995b..cf80e3903e2 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10011.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10011.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10011",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T22:15:15.323",
- "lastModified": "2023-01-09T19:22:02.903",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.767",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10012.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10012.json
index 8e73b715f4c..6647f7e340b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10012.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10012.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10012",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-03T09:15:09.707",
- "lastModified": "2023-01-10T17:14:47.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.840",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoders FrameworkUserBundle up to 1.3.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Resources/views/Security/login.html.twig. The manipulation leads to information exposure through error message. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is abe4993390ba9bd7821ab12678270556645f94c8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217268. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10013.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10013.json
index a5d76610081..61a39a5a0e6 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10013.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10013.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10013",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T10:15:09.100",
- "lastModified": "2023-01-11T16:16:35.363",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.917",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10014.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10014.json
index ca2a4f34c06..a65ac50e651 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10014.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10014.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T14:15:08.610",
- "lastModified": "2023-01-11T19:37:21.617",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:09.983",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The name of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in arekk uke. This affects an unknown part of the file lib/uke/finder.rb. The manipulation leads to sql injection. The identifier of the patch is 52fd3b2d0bc16227ef57b7b98a3658bb67c1833f. It is recommended to apply a patch to fix this issue. The identifier VDB-217485 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10015.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10015.json
index 198b03a6fab..1f1c6d0166c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10015.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10015.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T15:15:10.260",
- "lastModified": "2023-01-11T20:18:00.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487."
+ "value": "A vulnerability, which was classified as critical, has been found in glidernet ogn-live. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named bc0f19965f760587645583b7624d66a260946e01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217487."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10016.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10016.json
index 43713f0b348..8b861d6fcf4 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10016.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10016.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10016",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T10:15:09.917",
- "lastModified": "2023-01-12T16:14:45.353",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.120",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The patch is identified as c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10018.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10018.json
index 26a408f0457..ee7450b1e5e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10018.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10018.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T13:15:09.823",
- "lastModified": "2023-01-12T20:04:09.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.200",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10019.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10019.json
index 5573f7f7a94..a89aa7ea39c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10019.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10019.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10019",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T09:15:21.570",
- "lastModified": "2023-01-12T16:56:05.007",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.267",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595."
+ "value": "A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The patch is named 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10022.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10022.json
index aedbbebbf12..84d251cc9ae 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10022.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10022.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T12:15:08.730",
- "lastModified": "2023-01-12T17:52:16.977",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.350",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The name of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability."
+ "value": "A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The identifier of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10023.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10023.json
index b775f919720..28ea5bc4f9d 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10023.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10023.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10023",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T12:15:08.803",
- "lastModified": "2023-01-12T17:52:20.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The name of the patch is a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611."
+ "value": "A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The patch is named a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10025.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10025.json
index 293d15f4e83..eb7a2e5b04c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10025.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10025.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10025",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.367",
- "lastModified": "2023-01-12T18:22:29.677",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The name of the patch is c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615."
+ "value": "A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The patch is named c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10026.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10026.json
index 96e975c7083..d6902ac4215 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10026.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10026.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.450",
- "lastModified": "2023-01-12T18:35:53.863",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.550",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The name of the patch is 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The patch is identified as 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10027.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10027.json
index a09c7409c1f..0a7f6ec8267 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10027.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10027.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T17:15:09.430",
- "lastModified": "2023-01-12T20:31:23.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.613",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10029.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10029.json
index 1aee9f48696..fb4ddc72b3e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10029.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10029.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T20:15:09.147",
- "lastModified": "2023-01-12T20:07:41.200",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.687",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10030.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10030.json
index a158413395c..98faaedd949 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10030.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10030.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T10:15:11.537",
- "lastModified": "2023-01-12T16:54:40.017",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.767",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10032.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10032.json
index dbc547e194e..6c33b799f2a 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10032.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10032.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10032",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T09:15:09.757",
- "lastModified": "2023-01-12T20:50:26.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.847",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The name of the patch is 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663."
+ "value": "A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The patch is named 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10033.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10033.json
index 8406f854dde..7b7ede7958e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10033.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10033.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10033",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T21:15:10.210",
- "lastModified": "2023-01-13T18:21:16.730",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T08:15:10.910",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10034.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10034.json
index 775e5516f29..fd41260e983 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10034.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10034.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10034",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T21:15:10.300",
- "lastModified": "2023-01-13T18:17:43.157",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.367",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10035.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10035.json
index 66256152838..45c7d4b6a8e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10035.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10035.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T21:15:10.383",
- "lastModified": "2023-01-13T18:17:23.670",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.450",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715."
+ "value": "A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The patch is named a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10036.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10036.json
index 209ebf467e2..551f1fe5376 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10036.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10036.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10036",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T07:15:10.743",
- "lastModified": "2023-01-18T18:00:00.897",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.527",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951."
+ "value": "A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10037.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10037.json
index d71827b49bd..cf60427ff30 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10037.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10037.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10037",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T07:15:10.963",
- "lastModified": "2023-01-18T18:00:14.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10038.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10038.json
index 4c0a3ebca62..518980453b2 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10038.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10038.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10038",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T19:15:09.270",
- "lastModified": "2023-01-18T18:45:51.653",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.780",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023."
+ "value": "A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10040.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10040.json
index 4e202bf23e3..eb030c9529d 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10040.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10040.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10040",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-13T20:15:08.907",
- "lastModified": "2023-01-23T18:00:15.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.870",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The name of the patch is 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The patch is identified as 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10041.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10041.json
index ae4238de28e..e8e550e9f9a 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10041.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10041.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10041",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-13T20:15:09.837",
- "lastModified": "2023-01-23T18:06:51.353",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:08.953",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Dovgalyuk AIBattle. Affected is the function sendComments of the file site/procedures.php. The manipulation of the argument text leads to sql injection. The name of the patch is e3aa4d0900167641d41cbccf53909229f00381c9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218304. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10042.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10042.json
index 059e6365eb2..ff51fd28ea3 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10042.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10042.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10042",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-13T21:15:08.853",
- "lastModified": "2023-01-23T19:42:59.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.033",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The name of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in Dovgalyuk AIBattle. Affected by this vulnerability is the function registerUser of the file site/procedures.php. The manipulation of the argument postLogin leads to sql injection. The identifier of the patch is 448e9880aac18ae7832f8d065e03e46ce0f1d3e3. It is recommended to apply a patch to fix this issue. The identifier VDB-218305 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10043.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10043.json
index 851dd77af8f..7e2e09b9a66 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10043.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10043.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10043",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-14T21:15:09.337",
- "lastModified": "2023-01-24T17:30:14.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.113",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The name of the patch is 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307."
+ "value": "A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The patch is named 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10044.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10044.json
index e38f3649557..f871242787d 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10044.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10044.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10044",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T10:15:08.913",
- "lastModified": "2023-01-24T14:47:07.033",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.277",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in gophergala sqldump. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as 76db54e9073b5248b8863e71a63d66a32d567d21. It is recommended to apply a patch to fix this issue. VDB-218350 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10046.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10046.json
index d2282e177d5..a25f1cc8ec9 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10046.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10046.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10046",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T10:15:09.587",
- "lastModified": "2023-01-24T17:55:46.920",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 6cf0b5f2228cd8765f734badd37910051000f2b2. It is recommended to apply a patch to fix this issue. The identifier VDB-218353 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in lolfeedback and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The identifier of the patch is 6cf0b5f2228cd8765f734badd37910051000f2b2. It is recommended to apply a patch to fix this issue. The identifier VDB-218353 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10047.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10047.json
index 54b6113517f..8a8f72814e6 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10047.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10047.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10047",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T10:15:09.663",
- "lastModified": "2023-01-24T17:58:05.647",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The name of the patch is 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355."
+ "value": "A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The patch is named 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218355."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10048.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10048.json
index 9a7b66ad10f..c134132ff3d 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10048.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10048.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10048",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T10:15:09.750",
- "lastModified": "2023-01-24T17:59:52.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.507",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is cb8220cbae06082c969b1776fcb2fdafb3a1006b. It is recommended to apply a patch to fix this issue. The identifier VDB-218357 was assigned to this vulnerability."
+ "value": "A vulnerability was found in bmattoso desafio_buzz_woody. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is cb8220cbae06082c969b1776fcb2fdafb3a1006b. It is recommended to apply a patch to fix this issue. The identifier VDB-218357 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10050.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10050.json
index f59943b587d..6af54d9facd 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10050.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10050.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10050",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T18:15:09.033",
- "lastModified": "2023-01-24T18:31:09.693",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.597",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The name of the patch is 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. It is recommended to apply a patch to fix this issue. VDB-218374 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10051.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10051.json
index edf2abe2931..0c0b3f92082 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10051.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10051.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10051",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T18:15:09.110",
- "lastModified": "2023-01-24T18:59:27.743",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.673",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The name of the patch is 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in bony2023 Discussion-Board. Affected by this issue is the function display_all_replies of the file functions/main.php. The manipulation of the argument str leads to sql injection. The patch is identified as 26439bc4c63632d63ba89ebc0f149b25a9010361. It is recommended to apply a patch to fix this issue. VDB-218378 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10052.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10052.json
index c1d905c1e0a..0af86ceaf3b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10052.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10052.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10052",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T19:15:09.070",
- "lastModified": "2023-01-24T18:57:50.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.747",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The name of the patch is 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10053.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10053.json
index f4db9052e41..ac062cff58c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10053.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10053.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10053",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T12:15:16.227",
- "lastModified": "2023-01-24T16:09:00.443",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:09.920",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The name of the patch is 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10054.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10054.json
index fbd69437a46..84e2eaf4f51 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10054.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10054.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10054",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T18:15:10.233",
- "lastModified": "2023-01-24T19:32:49.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.013",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The name of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in githuis P2Manage. This affects the function Execute of the file PTwoManage/Database.cs. The manipulation of the argument sql leads to sql injection. The identifier of the patch is 717380aba80002414f82d93c770035198b7858cc. It is recommended to apply a patch to fix this issue. The identifier VDB-218397 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10055.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10055.json
index 2ebedb5961b..4de12f00c45 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10055.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10055.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10055",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T18:15:10.310",
- "lastModified": "2023-01-24T19:35:21.713",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The name of the patch is 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399."
+ "value": "A vulnerability was found in PictureThisWebServer and classified as critical. This issue affects the function router.post of the file routes/user.js. The manipulation of the argument username/password leads to sql injection. The patch is named 68b9dc346e88b494df00d88c7d058e96820e1479. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218399."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10057.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10057.json
index ea918303d8d..5c9beebb99e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10057.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10057.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10057",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T19:15:10.143",
- "lastModified": "2023-01-24T19:57:43.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10058.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10058.json
index 93d0a0f68c5..5334b2be27b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10058.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10058.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10058",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T13:15:10.217",
- "lastModified": "2023-01-24T19:15:07.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.233",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415."
+ "value": "A vulnerability, which was classified as problematic, was found in Wikisource Category Browser. This affects an unknown part of the file index.php. The manipulation of the argument lang leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 764f4e8ce3f9242637df77530c70ae8a2ec4b6a1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218415."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10060.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10060.json
index 0e0d1fcfc59..7fccfc5ea2f 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10060.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10060.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10060",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T13:15:10.410",
- "lastModified": "2023-01-24T19:13:01.170",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.310",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The name of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability."
+ "value": "A vulnerability was found in MNBikeways database and classified as critical. This issue affects some unknown processing of the file Data/views.py. The manipulation of the argument id1/id2 leads to sql injection. The identifier of the patch is 829a027aca7c17f5a7ec1addca8dd5d5542f86ac. It is recommended to apply a patch to fix this issue. The identifier VDB-218417 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10061.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10061.json
index 37a9acedbff..27fa3d865eb 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10061.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10061.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10061",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T16:15:16.283",
- "lastModified": "2023-01-24T19:11:31.520",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.377",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The name of the patch is f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427."
+ "value": "A vulnerability was found in evandro-machado Trabalho-Web2. It has been classified as critical. This affects an unknown part of the file src/java/br/com/magazine/dao/ClienteDAO.java. The manipulation leads to sql injection. The patch is named f59ac954625d0a4f6d34f069a2e26686a7a20aeb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218427."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10062.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10062.json
index d3ae8e3fe74..fe2d7dd5d29 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10062.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10062.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T19:15:10.953",
- "lastModified": "2023-01-24T19:47:50.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.450",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The name of the patch is 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451."
+ "value": "A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10063.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10063.json
index 5d376d71b7f..eba65399147 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10063.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10063.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10063",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T19:15:11.067",
- "lastModified": "2023-01-23T19:31:55.300",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.623",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The name of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability."
+ "value": "A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file _login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is bfba26bd34af31648a11af35a0bb66f1948752a6. It is recommended to apply a patch to fix this issue. The identifier VDB-218453 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10064.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10064.json
index 4e86c3353f5..6c5c7fc1bb2 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10064.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10064.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10064",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T19:15:11.163",
- "lastModified": "2023-01-24T19:47:07.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.693",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455."
+ "value": "A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10065.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10065.json
index b8c6bcf7ddf..e5b8cb12bf6 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10065.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10065.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10065",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T23:15:15.313",
- "lastModified": "2023-01-24T19:34:23.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The name of the patch is ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10066.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10066.json
index 6bec041047d..0fe442129e1 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10066.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10066.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10066",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T00:15:11.697",
- "lastModified": "2023-01-25T02:33:05.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The name of the patch is 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads to sql injection. The patch is identified as 66d4718750a741d1053d327a79e285fd50372519. It is recommended to apply a patch to fix this issue. VDB-218462 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10067.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10067.json
index 829864f9979..6e5c970aa03 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10067.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10067.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10067",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T01:15:11.337",
- "lastModified": "2023-01-25T17:42:22.260",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.903",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The name of the patch is 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463."
+ "value": "A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulation leads to race condition within a thread. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 0e58073c831093aad75e077962e9fb55cad0dc5f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218463."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10070.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10070.json
index 8f98fae3b62..686dcc6510b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10070.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10070.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-19T10:15:11.597",
- "lastModified": "2023-01-27T17:35:16.873",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:10.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The name of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability."
+ "value": "A vulnerability was found in copperwall Twiddit. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation leads to sql injection. The identifier of the patch is 2203d4ce9810bdaccece5c48ff4888658a01acfc. It is recommended to apply a patch to fix this issue. The identifier VDB-218897 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10071.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10071.json
index f4ed6cb33b0..272eba4b4cb 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10071.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10071.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10071",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-19T10:15:11.697",
- "lastModified": "2023-01-27T17:33:18.313",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.063",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. Upgrading to version 1.0 is able to address this issue. The name of the patch is 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951."
+ "value": "A vulnerability was found in gitter-badger ezpublish-modern-legacy. It has been rated as problematic. This issue affects some unknown processing of the file kernel/user/forgotpassword.php. The manipulation leads to weak password recovery. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 5908d5ee65fec61ce0e321d586530461a210bf2a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218951."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10073.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10073.json
index 50c37c15347..c890067011c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10073.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10073.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10073",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T20:15:10.667",
- "lastModified": "2023-02-14T02:16:06.810",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.143",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215."
+ "value": "A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1 on MediaWiki. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The patch is named 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10074.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10074.json
index 919ad125bc7..223641c4ec9 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10074.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10074.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10074",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-07T10:15:52.147",
- "lastModified": "2023-02-14T23:21:06.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.323",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The patch is identified as 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10075.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10075.json
index 0d30503d30f..4c87d88e995 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10075.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10075.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10075",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-07T12:15:08.653",
- "lastModified": "2023-02-14T23:31:14.650",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.400",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely."
+ "value": "A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The patch is named e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10076.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10076.json
index 05621f2531c..88e89f36d5b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10076.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10076.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10076",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-09T23:15:11.017",
- "lastModified": "2023-02-16T18:12:12.960",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.480",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability."
+ "value": "A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The identifier of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10077.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10077.json
index 0ca6479536f..53409a160c4 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10077.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10077.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10077",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-10T15:15:11.490",
- "lastModified": "2023-02-16T21:24:42.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471."
+ "value": "A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The patch is named 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10078.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10078.json
index 40f39cb859f..cd411f5d1fe 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10078.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10078.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10078",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-12T14:15:10.427",
- "lastModified": "2023-02-22T14:25:27.360",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.643",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress. This issue affects the function send_welcome_email_url of the file resend-welcome-email.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is b14c1f66d307783f0ae74f88088a85999107695c. It is recommended to upgrade the affected component. The identifier VDB-220637 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10079.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10079.json
index dc13830e0ed..cb8e9d66f25 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10079.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10079.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10079",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-13T22:15:12.000",
- "lastModified": "2023-02-22T20:13:09.600",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.723",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The name of the patch is 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751."
+ "value": "A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rated as problematic. This issue affects the function parseLinks of the file public/parser.js. The manipulation of the argument text leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.0.3 is able to address this issue. The patch is named 45fd885895ae13e8d9b3a71e89d59768914f60af. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220751."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10080.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10080.json
index 793cd0668f4..873fecf8da8 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10080.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10080.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10080",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-20T10:15:12.217",
- "lastModified": "2023-02-28T19:53:22.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487."
+ "value": "A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is able to address this issue. The patch is named f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221487."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10081.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10081.json
index a94a0e81d2a..95025c5031e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10081.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10081.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10081",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-20T17:15:11.173",
- "lastModified": "2023-03-01T17:47:42.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:11.980",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The name of the patch is a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495."
+ "value": "A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10082.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10082.json
index 9025f537294..607613f29fc 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10082.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10082.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10082",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T07:15:10.173",
- "lastModified": "2023-03-02T23:03:01.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:12.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499."
+ "value": "A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The patch is named c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10083.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10083.json
index 51ad86f44fe..116afb922f0 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10083.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10083.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10083",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T15:15:10.527",
- "lastModified": "2023-03-02T16:16:47.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T09:15:12.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503."
+ "value": "A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10085.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10085.json
index ff4279031f1..6bba177024c 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10085.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10085.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T18:15:11.480",
- "lastModified": "2023-03-02T23:02:32.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.047",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10087.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10087.json
index 59eef2dac76..7f52b7c1711 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10087.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10087.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10087",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-07T15:15:10.423",
- "lastModified": "2023-03-14T15:53:41.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.357",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpThemes Theme DesignFolio Plus 1.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 53f6ae62878076f99718e5feb589928e83c879a9. It is recommended to apply a patch to fix this issue. The identifier VDB-221809 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10088.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10088.json
index e6961f305f6..8c412fd0726 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10088.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10088.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10088",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-05T05:15:09.210",
- "lastModified": "2023-03-13T16:55:56.763",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.453",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267."
+ "value": "A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10089.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10089.json
index 4f82d5cf879..642d0698cc7 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10089.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10089.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10089",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-05T14:15:08.953",
- "lastModified": "2023-03-13T16:54:53.687",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.530",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291."
+ "value": "A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10090.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10090.json
index fb893d22745..41f9009f67d 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10090.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10090.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10090",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T00:15:10.160",
- "lastModified": "2023-03-09T20:59:52.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.600",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320."
+ "value": "A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10091.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10091.json
index a453dfdc19f..d8b7279f978 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10091.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10091.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10091",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T04:15:08.190",
- "lastModified": "2023-03-13T17:14:21.793",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.670",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json
index 25b079b209a..86e372d1b5e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10092.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10092",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T06:15:09.733",
- "lastModified": "2023-03-10T22:43:45.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.743",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324."
+ "value": "A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on WordPress. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10093.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10093.json
index dc99d5c66c6..67aa9e984a3 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10093.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10093.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T07:15:10.103",
- "lastModified": "2023-03-10T22:43:58.713",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.810",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10094.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10094.json
index 6f3bc7eece6..ee0f32e36f4 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10094.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10094.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10094",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T15:15:09.863",
- "lastModified": "2023-03-13T18:49:39.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.880",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10095.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10095.json
index 90f288b1b5f..6ab4c7eec20 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10095.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10095.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10095",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T21:15:10.150",
- "lastModified": "2023-03-13T15:18:44.873",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:10.947",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327."
+ "value": "A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2 on WordPress. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The patch is named 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10096.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10096.json
index cba51de72a6..e6e3c95613e 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10096.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10096.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T05:15:11.163",
- "lastModified": "2023-03-24T19:08:05.763",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.017",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383."
+ "value": "A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.1.1 is able to address this issue. The patch is named 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10097.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10097.json
index f055caf56a6..2f5891dbc14 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10097.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10097.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10097",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-25T18:15:09.387",
- "lastModified": "2023-03-31T00:49:16.990",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.090",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability."
+ "value": "A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The identifier of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10098.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10098.json
index a5a607d3378..a1b89c7691b 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10098.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10098.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-08T09:15:07.470",
- "lastModified": "2023-04-17T13:43:35.650",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.170",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152."
+ "value": "A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-100xx/CVE-2015-10099.json b/CVE-2015/CVE-2015-100xx/CVE-2015-10099.json
index 4f0e0879d60..9558e402776 100644
--- a/CVE-2015/CVE-2015-100xx/CVE-2015-10099.json
+++ b/CVE-2015/CVE-2015-100xx/CVE-2015-10099.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T12:15:07.093",
- "lastModified": "2023-04-18T01:40:40.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.257",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351."
+ "value": "A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5 on WordPress. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The patch is named e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10100.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10100.json
index 6d7602f4296..1c45ed19faf 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10100.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10100.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T18:15:07.873",
- "lastModified": "2023-04-14T17:48:29.007",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.327",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The identifier of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10101.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10101.json
index 82c52211321..640956fdb7b 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10101.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10101.json
@@ -2,15 +2,37 @@
"id": "CVE-2015-10101",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T21:15:06.800",
- "lastModified": "2023-04-17T13:12:43.170",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T10:15:11.400",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The identifier of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability."
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,47 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:google_analytics_top_content_widget_project:google_analytics_top_content_widget:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.5.7",
+ "matchCriteriaId": "29369D72-6663-4EC6-89AF-C14F031F0B21"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/google-analytics-top-posts-widget/commit/25bb1dea113716200a6f0f3135801d84a7a65540",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.226117",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.226117",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10102.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10102.json
index 5b48fd619b8..636eb3828fa 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10102.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10102.json
@@ -2,15 +2,37 @@
"id": "CVE-2015-10102",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-17T18:15:07.197",
- "lastModified": "2023-04-18T03:15:28.387",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T10:15:11.477",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability."
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,18 +93,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:freshworks:freshdesk:1.7:*:*:*:*:wordpress:*:*",
+ "matchCriteriaId": "EC0BB0BA-A469-4E1E-91B0-2D331535141E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-plugins/freshdesk-support/commit/2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.226118",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.226118",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10103.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10103.json
index bfd8f599a54..bd9265618ed 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10103.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10103.json
@@ -2,15 +2,37 @@
"id": "CVE-2015-10103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-17T19:15:07.227",
- "lastModified": "2023-04-18T03:15:28.387",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T10:15:11.550",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
+ "value": "A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The patch is named adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119."
}
],
"metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@@ -71,22 +93,53 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:forget_it_project:forget_it:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.4",
+ "matchCriteriaId": "1FF5EBCC-1729-411D-88D3-CE5CEAFC1D2E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/InternalError503/forget-it/commit/adf0c7fd59b9c935b4fd675c556265620124999c",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/InternalError503/forget-it/releases/tag/1.4",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.226119",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.226119",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10105.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10105.json
index 36d6538331d..febbf3b710d 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10105.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10105.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10105",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-01T02:15:39.197",
- "lastModified": "2023-05-06T03:15:43.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.643",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The identifier of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json
index a10d0335bf8..d202f47bdee 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10106.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10106",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-28T13:15:09.850",
- "lastModified": "2023-06-02T19:50:13.470",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.733",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is identified as 429f50f4e4795b20dae06735b41fb94f010722bf. It is recommended to upgrade the affected component. VDB-230086 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
index eb5b4b5150d..10697e5f271 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10107.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10107",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T03:15:09.157",
- "lastModified": "2023-06-06T16:01:33.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.823",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
index 2bd0637f35c..a1a206a3b5a 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10108.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10108",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T19:15:11.720",
- "lastModified": "2023-06-06T20:08:47.730",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The patch is identified as 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2015/CVE-2015-101xx/CVE-2015-10111.json b/CVE-2015/CVE-2015-101xx/CVE-2015-10111.json
index eff7558051b..ca43d85bdf3 100644
--- a/CVE-2015/CVE-2015-101xx/CVE-2015-10111.json
+++ b/CVE-2015/CVE-2015-101xx/CVE-2015-10111.json
@@ -2,12 +2,12 @@
"id": "CVE-2015-10111",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-04T12:15:09.237",
- "lastModified": "2023-06-09T19:13:00.523",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:11.990",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The name of the patch is bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651."
+ "value": "A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress. It has been rated as critical. This issue affects the function watu_exams of the file controllers/exam.php of the component Exam Handler. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. Upgrading to version 2.6.8 is able to address this issue. The patch is named bf42e7cfd819a3e76cf3e1465697e89f4830590c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230651."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-101xx/CVE-2016-10164.json b/CVE-2016/CVE-2016-101xx/CVE-2016-10164.json
index 8c028c03f03..6ca52b57b6b 100644
--- a/CVE-2016/CVE-2016-101xx/CVE-2016-10164.json
+++ b/CVE-2016/CVE-2016-101xx/CVE-2016-10164.json
@@ -2,7 +2,7 @@
"id": "CVE-2016-10164",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-02-01T15:59:00.130",
- "lastModified": "2018-01-05T02:30:31.727",
+ "lastModified": "2023-10-17T15:55:36.773",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -92,9 +92,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:libxpm_project:libxpm:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.5.11",
- "matchCriteriaId": "2CC24F1D-5B70-4655-82CA-2C6C7918597B"
+ "matchCriteriaId": "86C84875-9507-4CEF-ABA2-362841307682"
}
]
}
diff --git a/CVE-2016/CVE-2016-13xx/CVE-2016-1351.json b/CVE-2016/CVE-2016-13xx/CVE-2016-1351.json
index 9dec05d27f0..db5420dc047 100644
--- a/CVE-2016/CVE-2016-13xx/CVE-2016-1351.json
+++ b/CVE-2016/CVE-2016-13xx/CVE-2016-1351.json
@@ -2,7 +2,7 @@
"id": "CVE-2016-1351",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2016-03-26T01:59:05.073",
- "lastModified": "2022-07-28T15:35:17.963",
+ "lastModified": "2023-10-19T16:03:34.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -172,23 +172,28 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:cisco:nx-os:4.1.\\(2\\):*:*:*:*:*:*:*",
- "matchCriteriaId": "DA1702F4-816E-4045-80B6-2BC71DC344F6"
+ "criteria": "cpe:2.3:o:cisco:nx-os:4.1\\(2\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "D6C0331A-4849-4992-8F76-D8D52F512659"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:cisco:nx-os:4.1.\\(3\\):*:*:*:*:*:*:*",
- "matchCriteriaId": "C1AC8BC8-638A-4F73-A64B-B490675AA1A4"
+ "criteria": "cpe:2.3:o:cisco:nx-os:4.1\\(3\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "33FDE6FE-F1E4-427D-A04E-9C57C73BD199"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:cisco:nx-os:4.1.\\(4\\):*:*:*:*:*:*:*",
- "matchCriteriaId": "7F128DC9-C4CA-4547-B6C8-8E83A8C5F6C8"
+ "criteria": "cpe:2.3:o:cisco:nx-os:4.1\\(4\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "F343CF6B-8205-4526-9C50-A47675676D77"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:cisco:nx-os:4.1.\\(5\\):*:*:*:*:*:*:*",
- "matchCriteriaId": "99FB6C32-CD16-41E9-AB42-A294424266DB"
+ "criteria": "cpe:2.3:o:cisco:nx-os:4.1\\(5\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "37189152-9A2F-45F7-850B-7558BAD94013"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:cisco:nx-os:4.2\\(2a\\):*:*:*:*:*:*:*",
+ "matchCriteriaId": "A0146AD1-CFA3-4429-8616-05A31907ED51"
},
{
"vulnerable": true,
@@ -210,11 +215,6 @@
"criteria": "cpe:2.3:o:cisco:nx-os:4.2\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "67829CF9-FDCB-4A17-9241-1B48A38B1A74"
},
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:cisco:nx-os:4.2.\\(2a\\):*:*:*:*:*:*:*",
- "matchCriteriaId": "C0476865-D306-47B7-A84A-C163A316D9DE"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:nx-os:5.0\\(2a\\):*:*:*:*:*:*:*",
@@ -397,14 +397,18 @@
"url": "http://www.securitytracker.com/id/1035383",
"source": "ykramarz@cisco.com",
"tags": [
- "Broken Link"
+ "Broken Link",
+ "Third Party Advisory",
+ "VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id/1035384",
"source": "ykramarz@cisco.com",
"tags": [
- "Broken Link"
+ "Broken Link",
+ "Third Party Advisory",
+ "VDB Entry"
]
}
]
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15006.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15006.json
index d0998d8aaad..6e0c874ae06 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15006.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15006.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15006",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T08:15:10.033",
- "lastModified": "2023-01-09T17:55:11.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.160",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. Upgrading to version 2.3 is able to address this issue. The name of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15007.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15007.json
index 093c9874310..f4d1523560e 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15007.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15007.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15007",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T19:15:10.387",
- "lastModified": "2023-01-09T19:04:24.293",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.247",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The name of the patch is db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195."
+ "value": "A vulnerability was found in Centralized-Salesforce-Dev-Framework. It has been declared as problematic. Affected by this vulnerability is the function SObjectService of the file src/classes/SObjectService.cls of the component SOQL Handler. The manipulation of the argument orderDirection leads to injection. The patch is named db03ac5b8a9d830095991b529c067a030a0ccf7b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217195."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15008.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15008.json
index c2470b7ce95..ef562166b3a 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15008.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15008.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15008",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T10:15:10.197",
- "lastModified": "2023-01-10T17:33:51.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.317",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355."
+ "value": "A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15010.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15010.json
index 88e3af06e89..08a63c58b8c 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15010.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15010.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15010",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T09:15:08.380",
- "lastModified": "2023-01-11T18:07:10.877",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.400",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The name of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15011.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15011.json
index e5cf6464616..0deaefcfefd 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15011.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15011.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15011",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T10:15:09.997",
- "lastModified": "2023-01-12T16:11:35.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.473",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15012.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15012.json
index 5bd0a031f0f..a95b10303ee 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15012.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15012.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15012",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.530",
- "lastModified": "2023-01-12T19:00:37.500",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.543",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15014.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15014.json
index 2752c556946..2b8a2edfb98 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15014.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15014.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15014",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T20:15:09.310",
- "lastModified": "2023-01-12T20:40:19.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T10:15:12.623",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in CESNET theme-cesnet up to 1.x on ownCloud and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The identifier of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15015.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15015.json
index 5c016398e48..fa4b9a99f8f 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15015.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15015.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15015",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T18:15:10.023",
- "lastModified": "2023-01-12T23:39:22.993",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15016.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15016.json
index 00386deede5..7e296ddc5ba 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15016.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15016.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15016",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T18:15:10.117",
- "lastModified": "2023-01-12T23:39:44.593",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.373",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The name of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability."
+ "value": "A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15017.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15017.json
index 6d75d01c541..06be3307fd0 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15017.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15017.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15017",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-10T15:15:11.100",
- "lastModified": "2023-01-14T21:45:53.393",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The patch is identified as b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15018.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15018.json
index 978972bed8f..14c169f56fb 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15018.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15018.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T19:15:09.167",
- "lastModified": "2023-01-24T18:56:39.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.523",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The name of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability."
+ "value": "A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The identifier of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15019.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15019.json
index 6bd2c112c4b..dd4d9abc7d0 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15019.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15019.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15019",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T19:15:09.247",
- "lastModified": "2023-01-24T18:44:26.860",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.610",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The name of the patch is 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375."
+ "value": "A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named 64eb2677671018fc08b96718b81e3dbc83693190. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218375."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15020.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15020.json
index 6437d8337d6..caf927b8bce 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15020.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15020.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15020",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T11:15:10.147",
- "lastModified": "2023-01-24T15:45:07.107",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.683",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The name of the patch is 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391."
+ "value": "A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15021.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15021.json
index 0a81298a8f6..f845d5c1671 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15021.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15021.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T16:15:16.383",
- "lastModified": "2023-01-24T19:11:01.587",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.753",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The name of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability."
+ "value": "A vulnerability was found in nickzren alsdb. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version v2 is able to address this issue. The identifier of the patch is cbc79a68145e845f951113d184b4de207c341599. It is recommended to upgrade the affected component. The identifier VDB-218429 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15022.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15022.json
index 1806f706c24..95b2490d631 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15022.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15022.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-29T19:15:08.940",
- "lastModified": "2023-02-07T18:46:07.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.827",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715."
+ "value": "A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue. The patch is named 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15023.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15023.json
index 8034a446f56..fc5c4cc8808 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15023.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15023.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15023",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-31T20:15:09.467",
- "lastModified": "2023-02-08T22:19:58.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The identifier of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15024.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15024.json
index 01a0956025d..ef9390cdbe7 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15024.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15024.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15024",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-19T18:15:10.067",
- "lastModified": "2023-03-07T15:13:27.360",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T11:15:08.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15026.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15026.json
index b8912a80a77..d50e8ed8ded 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15026.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15026.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15026",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-20T11:15:12.617",
- "lastModified": "2023-03-01T14:59:34.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:21.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15027.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15027.json
index 0f85f2a799b..331e446e373 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15027.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15027.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15027",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-20T17:15:11.273",
- "lastModified": "2023-03-01T17:52:03.293",
+ "lastModified": "2023-10-24T20:18:05.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in meta4creations Post Duplicator Plugin 2.18. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496."
+ "value": "A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15028.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15028.json
index 4b79a21d4d5..bb1f391e7d6 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15028.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15028.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15028",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-12T15:15:28.117",
- "lastModified": "2023-03-17T15:31:35.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847."
+ "value": "A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15029.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15029.json
index 054ba42ba9a..2e26db6447c 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15029.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15029.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15029",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-21T11:15:10.103",
- "lastModified": "2023-03-24T17:09:46.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.233",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The name of the patch is 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The patch is identified as 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15030.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15030.json
index e7d1d819e05..ca5ddd3a210 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15030.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15030.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15030",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-25T18:15:09.467",
- "lastModified": "2023-03-30T18:42:59.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.307",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803."
+ "value": "A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15031.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15031.json
index ebb9364ae56..1f8a2212200 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15031.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15031.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15031",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-06T01:15:08.827",
- "lastModified": "2023-05-12T16:22:35.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.377",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is identified as 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-150xx/CVE-2016-15032.json b/CVE-2016/CVE-2016-150xx/CVE-2016-15032.json
index 22860dd24b0..efefa845530 100644
--- a/CVE-2016/CVE-2016-150xx/CVE-2016-15032.json
+++ b/CVE-2016/CVE-2016-150xx/CVE-2016-15032.json
@@ -2,12 +2,12 @@
"id": "CVE-2016-15032",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T00:15:09.443",
- "lastModified": "2023-06-09T14:03:36.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.460",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The name of the patch is a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2016/CVE-2016-58xx/CVE-2016-5848.json b/CVE-2016/CVE-2016-58xx/CVE-2016-5848.json
index 1b4fc0df1cf..cfb1d77427d 100644
--- a/CVE-2016/CVE-2016-58xx/CVE-2016-5848.json
+++ b/CVE-2016/CVE-2016-58xx/CVE-2016-5848.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-5848",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-07-04T16:59:01.863",
- "lastModified": "2023-10-13T16:45:10.723",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:05:40.837",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
@@ -84,7 +84,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "8.07",
+ "matchCriteriaId": "528009F7-CD1B-44E6-8C83-994B047DBB1D"
+ }
+ ]
}
]
}
@@ -92,7 +100,11 @@
"references": [
{
"url": "http://www.securityfocus.com/bid/91525",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf",
@@ -103,7 +115,11 @@
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2016/CVE-2016-58xx/CVE-2016-5849.json b/CVE-2016/CVE-2016-58xx/CVE-2016-5849.json
index 3f3f3c65650..3261462a04d 100644
--- a/CVE-2016/CVE-2016-58xx/CVE-2016-5849.json
+++ b/CVE-2016/CVE-2016-58xx/CVE-2016-5849.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-5849",
"sourceIdentifier": "cve@mitre.org",
"published": "2016-07-04T16:59:02.973",
- "lastModified": "2023-10-13T16:45:10.723",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:01:57.053",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@@ -80,7 +80,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "8.07",
+ "matchCriteriaId": "528009F7-CD1B-44E6-8C83-994B047DBB1D"
+ }
+ ]
}
]
}
@@ -88,7 +96,11 @@
"references": [
{
"url": "http://www.securityfocus.com/bid/91525",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf",
@@ -99,7 +111,11 @@
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2016/CVE-2016-85xx/CVE-2016-8566.json b/CVE-2016/CVE-2016-85xx/CVE-2016-8566.json
index d304a15d096..b4419ac8d3f 100644
--- a/CVE-2016/CVE-2016-85xx/CVE-2016-8566.json
+++ b/CVE-2016/CVE-2016-85xx/CVE-2016-8566.json
@@ -2,7 +2,7 @@
"id": "CVE-2016-8566",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2017-02-13T21:59:01.457",
- "lastModified": "2023-10-13T16:45:10.723",
+ "lastModified": "2023-10-17T19:02:23.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@@ -80,7 +80,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.00",
+ "matchCriteriaId": "D8ADE343-DBC6-4682-83AC-0B0F4593D4A9"
+ }
+ ]
}
]
}
diff --git a/CVE-2016/CVE-2016-85xx/CVE-2016-8567.json b/CVE-2016/CVE-2016-85xx/CVE-2016-8567.json
index 6e62edeed7e..62f5c4e29e0 100644
--- a/CVE-2016/CVE-2016-85xx/CVE-2016-8567.json
+++ b/CVE-2016/CVE-2016-85xx/CVE-2016-8567.json
@@ -2,7 +2,7 @@
"id": "CVE-2016-8567",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2017-02-13T21:59:01.470",
- "lastModified": "2023-10-13T16:45:10.723",
+ "lastModified": "2023-10-17T19:02:27.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -80,7 +80,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.00",
+ "matchCriteriaId": "D8ADE343-DBC6-4682-83AC-0B0F4593D4A9"
+ }
+ ]
}
]
}
diff --git a/CVE-2016/CVE-2016-91xx/CVE-2016-9156.json b/CVE-2016/CVE-2016-91xx/CVE-2016-9156.json
index 79fc80aece7..6c30edd0fe1 100644
--- a/CVE-2016/CVE-2016-91xx/CVE-2016-9156.json
+++ b/CVE-2016/CVE-2016-91xx/CVE-2016-9156.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-9156",
"sourceIdentifier": "productcert@siemens.com",
"published": "2016-12-05T08:59:00.190",
- "lastModified": "2023-10-13T16:45:10.723",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:02:15.173",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -84,7 +84,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.09",
+ "matchCriteriaId": "7D677693-BF21-44C3-8B00-F5738C9E0267"
+ }
+ ]
}
]
}
diff --git a/CVE-2016/CVE-2016-91xx/CVE-2016-9157.json b/CVE-2016/CVE-2016-91xx/CVE-2016-9157.json
index eb9321f392e..b39cc17f392 100644
--- a/CVE-2016/CVE-2016-91xx/CVE-2016-9157.json
+++ b/CVE-2016/CVE-2016-91xx/CVE-2016-9157.json
@@ -2,8 +2,8 @@
"id": "CVE-2016-9157",
"sourceIdentifier": "productcert@siemens.com",
"published": "2016-12-05T08:59:01.487",
- "lastModified": "2023-10-13T16:45:10.723",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:06:05.070",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -15,13 +15,13 @@
}
],
"metrics": {
- "cvssMetricV30": [
+ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
- "version": "3.0",
- "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@@ -84,7 +84,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.09",
+ "matchCriteriaId": "7D677693-BF21-44C3-8B00-F5738C9E0267"
+ }
+ ]
}
]
}
diff --git a/CVE-2017/CVE-2017-10004xx/CVE-2017-1000421.json b/CVE-2017/CVE-2017-10004xx/CVE-2017-1000421.json
index 2f3bfab6b3a..f779851b52d 100644
--- a/CVE-2017/CVE-2017-10004xx/CVE-2017-1000421.json
+++ b/CVE-2017/CVE-2017-10004xx/CVE-2017-1000421.json
@@ -2,7 +2,7 @@
"id": "CVE-2017-1000421",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-01-02T19:29:00.300",
- "lastModified": "2019-04-30T19:22:00.353",
+ "lastModified": "2023-10-24T16:06:23.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gifsicle_project:gifsicle:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:lcdf:gifsicle:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.89",
- "matchCriteriaId": "328907E1-BA7A-4E52-860E-FE290D6A736A"
+ "matchCriteriaId": "747001C2-6A5E-4B95-B051-6210646500F3"
}
]
}
diff --git a/CVE-2017/CVE-2017-181xx/CVE-2017-18120.json b/CVE-2017/CVE-2017-181xx/CVE-2017-18120.json
index 92c0ae3669d..9de7f99f158 100644
--- a/CVE-2017/CVE-2017-181xx/CVE-2017-18120.json
+++ b/CVE-2017/CVE-2017-181xx/CVE-2017-18120.json
@@ -2,7 +2,7 @@
"id": "CVE-2017-18120",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-02-02T09:29:00.227",
- "lastModified": "2018-02-14T18:21:43.230",
+ "lastModified": "2023-10-24T16:06:23.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gifsicle_project:gifsicle:1.90:*:*:*:*:*:*:*",
- "matchCriteriaId": "AE6734C4-013D-481F-8E4D-C5F57520276D"
+ "criteria": "cpe:2.3:a:lcdf:gifsicle:1.90:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CDD745B-40DB-4F6E-8E7D-1457F8BD0179"
}
]
}
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
index 98b88336e6f..1584a621391 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20151.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20151",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:08.730",
- "lastModified": "2023-01-09T17:50:29.840",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.567",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The name of the patch is ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20152.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20152.json
index 5c3578adac3..91bb03129ce 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20152.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20152.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20152",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:08.817",
- "lastModified": "2023-01-09T17:48:12.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056."
+ "value": "A vulnerability, which was classified as problematic, was found in aerouk imageserve. Affected is an unknown function of the file public/viewer.php of the component File Handler. The manipulation of the argument filelocation leads to path traversal. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is bd23c784f0e5cb12f66d15c100248449f87d72e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217056."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20153.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20153.json
index 94c00466a95..2fbd75a0633 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20153.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20153.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20153",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:08.910",
- "lastModified": "2023-01-09T17:47:48.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.717",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in aerouk imageserve and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument REQUEST_URI leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2ac3cd4f90b4df66874fab171376ca26868604c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217057 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json
index c4243da759e..60952d8977a 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20155.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T23:15:08.883",
- "lastModified": "2023-01-06T19:05:20.837",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.787",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Sterc Google Analytics Dashboard for MODX up to 1.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file core/components/analyticsdashboardwidget/elements/tpl/widget.analytics.tpl of the component Internal Search. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.6 is able to address this issue. The identifier of the patch is 855d9560d3782c105568eedf9b22a769fbf29cc0. It is recommended to upgrade the affected component. The identifier VDB-217069 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json
index 8d977786d60..f11b73ff81c 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20156.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20156",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T10:15:09.183",
- "lastModified": "2023-01-06T21:34:48.440",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.853",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The name of the patch is 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139."
+ "value": "A vulnerability was found in Exciting Printer and classified as critical. This issue affects some unknown processing of the file lib/printer/jobs/prepare_page.rb of the component Argument Handler. The manipulation of the argument URL leads to command injection. The patch is named 5f8c715d6e2cc000f621a6833f0a86a673462136. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217139."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json
index 4bda703294a..85906645293 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20158.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20158",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T11:15:08.587",
- "lastModified": "2023-01-09T14:50:16.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.927",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The name of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yii2 FileAPI Widget up to 0.1.8. It has been declared as problematic. Affected by this vulnerability is the function run of the file actions/UploadAction.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.1.9 is able to address this issue. The identifier of the patch is c00d1e4fc912257fca1fce66d7a163bdbb4c8222. It is recommended to upgrade the affected component. The identifier VDB-217141 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20159.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20159.json
index 83fdfd6af45..006640e7d1c 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20159.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20159.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20159",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T11:15:10.750",
- "lastModified": "2023-01-09T14:51:28.013",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:22.997",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in rf Keynote up to 0.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20160.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20160.json
index 6d02bf6e8cb..ec55271a0ff 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20160.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20160.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20160",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T20:15:08.693",
- "lastModified": "2023-01-09T15:08:53.543",
+ "lastModified": "2023-10-24T20:21:14.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability."
+ "value": "A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,8 +83,18 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -116,24 +126,21 @@
"url": "https://github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/flitto/express-param/pull/19",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/flitto/express-param/releases/tag/1.0.0",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20161.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20161.json
index 934f4aa92ff..5c85085f97f 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20161.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20161.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20161",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T16:15:10.530",
- "lastModified": "2023-01-09T18:40:45.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:23.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188."
+ "value": "A vulnerability classified as problematic has been found in rofl0r MacGeiger. Affected is the function dump_wlan_at of the file macgeiger.c of the component ESSID Handler. The manipulation leads to injection. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The name of the patch is 57f1dd50a4821b8c8e676e8020006ae4bfd3c9cb. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217188."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20162.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20162.json
index 1e5c33e36e8..f2115729392 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20162.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20162.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20162",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T12:15:09.167",
- "lastModified": "2023-01-11T19:29:46.180",
+ "lastModified": "2023-10-24T20:21:25.683",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451."
+ "value": "A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.0 is able to address this issue. The patch is named caae2988ba2a37765d055c4eee63d383320ee662. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217451."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/vercel/ms/commit/caae2988ba2a37765d055c4eee63d383320ee662",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
@@ -126,8 +135,7 @@
"tags": [
"Exploit",
"Issue Tracking",
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
@@ -135,8 +143,7 @@
"source": "cna@vuldb.com",
"tags": [
"Patch",
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20164.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20164.json
index 60e10f50408..bbac87d727f 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20164.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20164.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20164",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T20:15:09.407",
- "lastModified": "2023-01-12T20:28:25.380",
+ "lastModified": "2023-10-24T20:22:35.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-601"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
}
],
"configurations": [
@@ -102,10 +112,10 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:symbiote:seed:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:symbiote:seed:*:*:*:*:*:silverstripe:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.3",
- "matchCriteriaId": "1B58B01E-BC9E-4F38-A9BF-D6DBDD6116DA"
+ "matchCriteriaId": "BF29C280-2F4C-4D85-B532-CBBD8EBDEE20"
}
]
}
@@ -117,15 +127,14 @@
"url": "https://github.com/symbiote/silverstripe-seed/commit/b065ebd82da53009d273aa7e989191f701485244",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/symbiote/silverstripe-seed/releases/tag/6.0.3",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20165.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20165.json
index 0c9610bea89..15c10ef94c4 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20165.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20165.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20165",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T10:15:10.447",
- "lastModified": "2023-01-17T17:16:38.380",
+ "lastModified": "2023-10-24T19:24:23.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
@@ -123,24 +133,21 @@
"url": "https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/debug-js/debug/pull/504",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/debug-js/debug/releases/tag/3.1.0",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20167.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20167.json
index 45099f9f8dd..a10e2f2b654 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20167.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20167.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20167",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-14T20:15:09.390",
- "lastModified": "2023-01-25T15:59:21.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:23.417",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The identifier of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20168.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20168.json
index 50c12d03c30..d59de575852 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20168.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20168.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20168",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T15:15:09.000",
- "lastModified": "2023-01-19T14:35:52.030",
+ "lastModified": "2023-10-24T19:24:56.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The patch is identified as b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,16 +126,14 @@
"url": "https://github.com/jfm-so/piWallet/commit/b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/jfm-so/piWallet/pull/23",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20169.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20169.json
index 2fe333a2f2c..2f9608766a2 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20169.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20169.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20169",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-13T21:15:15.207",
- "lastModified": "2023-01-23T18:38:16.927",
+ "lastModified": "2023-10-24T19:25:12.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The patch is identified as 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/GGGGGGGG/ToN-MasterServer/commit/3a4c7e6d51bf95760820e3245e06c6e321a7168a",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20170.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20170.json
index 18e909077cf..b97a75a7ed4 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20170.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20170.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20170",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T14:15:10.613",
- "lastModified": "2023-01-24T19:09:45.227",
+ "lastModified": "2023-10-24T19:25:19.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The name of the patch is 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in ollpu parontalli. It has been classified as critical. Affected is an unknown function of the file httpdocs/index.php. The manipulation of the argument s leads to sql injection. The patch is identified as 6891bb2dec57dca6daabc15a6d2808c8896620e5. It is recommended to apply a patch to fix this issue. VDB-218418 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/ollpu/parontalli/commit/6891bb2dec57dca6daabc15a6d2808c8896620e5",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20171.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20171.json
index f2c8bec3506..7e67dd992d7 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20171.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20171.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20171",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-17T23:15:15.417",
- "lastModified": "2023-01-24T19:35:13.600",
+ "lastModified": "2023-10-24T19:25:26.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The name of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in PrivateSky apersistence. This affects an unknown part of the file db/sql/mysqlUtils.js. The manipulation leads to sql injection. The identifier of the patch is 954425f61634b556fe644837a592a5b8fcfca068. It is recommended to apply a patch to fix this issue. The identifier VDB-218457 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json
index 6423025eed1..bafbff67dd2 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20172.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20172",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T15:15:11.083",
- "lastModified": "2023-01-25T19:07:55.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:23.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The name of the patch is 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in ridhoq soundslike. It has been classified as critical. Affected is the function get_song_relations of the file app/api/songs.py. The manipulation leads to sql injection. The patch is identified as 90bb4fb667d9253d497b619b9adaac83bf0ce0f8. It is recommended to apply a patch to fix this issue. VDB-218490 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20174.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20174.json
index f56bac1d581..f63dd5443d9 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20174.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20174.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20174",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-19T08:15:12.620",
- "lastModified": "2023-01-25T21:12:37.163",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:23.880",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The name of the patch is 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as 55bedea78ae9af916a9a41497bd9996417851502. It is recommended to apply a patch to fix this issue. VDB-218894 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20175.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20175.json
index e5072a0c3f1..be6482298f9 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20175.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20175.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20175",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-05T20:15:08.393",
- "lastModified": "2023-02-14T16:58:31.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:23.957",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203."
+ "value": "A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The patch is named 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20177.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20177.json
index 2136f0fd7a4..c2354ff0247 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20177.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20177.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20177",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T20:15:10.763",
- "lastModified": "2023-02-14T02:19:17.660",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T12:15:24.037",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The patch is identified as 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20178.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20178.json
index 8ef46c2c8f1..bb4ec7d06cd 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20178.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20178.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20178",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T18:15:11.600",
- "lastModified": "2023-03-02T22:51:38.910",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:07.687",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. Upgrading to version 2.8.1 is able to address this issue. The name of the patch is 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.8.1 is able to address this issue. The patch is identified as 517119de673e62547ee472a730be0604f44342b5. It is recommended to upgrade the affected component. VDB-221498 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20179.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20179.json
index e6f652a0d61..edee6e5c3d6 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20179.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20179.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20179",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-21T21:15:10.713",
- "lastModified": "2023-03-02T22:48:05.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:07.847",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The name of the patch is 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507."
+ "value": "A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated remotely. Upgrading to version 2.3.2 is able to address this issue. The patch is named 6ef04f8b5972d5f16f8b86f8b53f62fac68d5498. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221507."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20180.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20180.json
index c4254151043..ec89a873010 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20180.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20180.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20180",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T11:15:09.813",
- "lastModified": "2023-03-11T02:13:16.340",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:07.900",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20181.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20181.json
index a9e2b2773f0..4e941f2f8ca 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20181.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20181.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20181",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-07T00:15:09.040",
- "lastModified": "2023-03-14T17:53:51.463",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:07.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328."
+ "value": "A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20182.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20182.json
index a0ddcb0c5b2..836e25375ec 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20182.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20182.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20182",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-10T02:15:58.250",
- "lastModified": "2023-03-15T16:28:10.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.037",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611."
+ "value": "A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The patch is named 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20183.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20183.json
index 5bf7a0133a2..1f1d6e40769 100644
--- a/CVE-2017/CVE-2017-201xx/CVE-2017-20183.json
+++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20183.json
@@ -2,12 +2,12 @@
"id": "CVE-2017-20183",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-05T01:15:08.550",
- "lastModified": "2023-05-11T17:37:24.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.103",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The patch is identified as 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2017/CVE-2017-86xx/CVE-2017-8625.json b/CVE-2017/CVE-2017-86xx/CVE-2017-8625.json
index d0e6a82a425..8c95cda46f8 100644
--- a/CVE-2017/CVE-2017-86xx/CVE-2017-8625.json
+++ b/CVE-2017/CVE-2017-86xx/CVE-2017-8625.json
@@ -2,8 +2,8 @@
"id": "CVE-2017-8625",
"sourceIdentifier": "secure@microsoft.com",
"published": "2017-08-08T21:29:00.797",
- "lastModified": "2019-10-03T00:03:26.223",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T19:15:08.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -137,12 +137,8 @@
]
},
{
- "url": "https://msitpros.com/?p=3909",
- "source": "secure@microsoft.com",
- "tags": [
- "Exploit",
- "Third Party Advisory"
- ]
+ "url": "https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/",
+ "source": "secure@microsoft.com"
},
{
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8625",
diff --git a/CVE-2018/CVE-2018-167xx/CVE-2018-16739.json b/CVE-2018/CVE-2018-167xx/CVE-2018-16739.json
new file mode 100644
index 00000000000..250dbe95980
--- /dev/null
+++ b/CVE-2018/CVE-2018-167xx/CVE-2018-16739.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2018-16739",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.333",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en ciertos dispositivos ABUS TVIP. Debido a un path traversal en /opt/cgi/admin/filewrite, un atacante puede escribir en archivos y, por lo tanto, ejecutar c\u00f3digo arbitrariamente con privilegios de root."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sec.maride.cc/posts/abus/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-175xx/CVE-2018-17558.json b/CVE-2018/CVE-2018-175xx/CVE-2018-17558.json
new file mode 100644
index 00000000000..1c294d71d8e
--- /dev/null
+++ b/CVE-2018/CVE-2018-175xx/CVE-2018-17558.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2018-17558",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.383",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root."
+ },
+ {
+ "lang": "es",
+ "value": "Credenciales del fabricante codificadas y una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en el directorio /cgi-bin/mft/ en ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, y TVIP51550 MG.1.6.03 c\u00e1maras permiten a atacantes remotos ejecutar c\u00f3digo como root."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sec.maride.cc/posts/abus/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-175xx/CVE-2018-17559.json b/CVE-2018/CVE-2018-175xx/CVE-2018-17559.json
new file mode 100644
index 00000000000..2a8a08919e6
--- /dev/null
+++ b/CVE-2018/CVE-2018-175xx/CVE-2018-17559.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2018-17559",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.430",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras."
+ },
+ {
+ "lang": "es",
+ "value": "Debido a un control de acceso incorrecto, atacantes remotos no autenticados pueden ver la secuencia de v\u00eddeo /video.mjpg de determinadas c\u00e1maras ABUS TVIP."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sec.maride.cc/posts/abus/#cve-2018-17559",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-178xx/CVE-2018-17878.json b/CVE-2018/CVE-2018-178xx/CVE-2018-17878.json
new file mode 100644
index 00000000000..8ebb1c2b81c
--- /dev/null
+++ b/CVE-2018/CVE-2018-178xx/CVE-2018-17878.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2018-17878",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.473",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de desbordamiento de b\u00fafer en ciertas c\u00e1maras ABUS TVIP permite a los atacantes obtener el control del programa a trav\u00e9s de una cadena manipulada enviada a la funci\u00f3n sprintf()."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sec.maride.cc/posts/abus/#cve-2018-17878",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-178xx/CVE-2018-17879.json b/CVE-2018/CVE-2018-178xx/CVE-2018-17879.json
new file mode 100644
index 00000000000..080c9cc4c62
--- /dev/null
+++ b/CVE-2018/CVE-2018-178xx/CVE-2018-17879.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2018-17879",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.517",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en ciertas c\u00e1maras ABUS TVIP. Los scripts CGI permiten a atacantes remotos ejecutar c\u00f3digo a trav\u00e9s de system() como root. Hay varios puntos de inyecci\u00f3n en varios scripts."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://sec.maride.cc/posts/abus/#cve-2018-17879",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2018/CVE-2018-193xx/CVE-2018-19358.json b/CVE-2018/CVE-2018-193xx/CVE-2018-19358.json
index 683abe17eb8..bbbf3494942 100644
--- a/CVE-2018/CVE-2018-193xx/CVE-2018-19358.json
+++ b/CVE-2018/CVE-2018-193xx/CVE-2018-19358.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-19358",
"sourceIdentifier": "cve@mitre.org",
"published": "2018-11-18T19:29:00.297",
- "lastModified": "2020-08-24T17:37:01.140",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T16:15:08.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used."
+ "value": "** DISPUTED ** GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket."
},
{
"lang": "es",
@@ -103,6 +103,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652194#c8",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://github.com/sungjungk/keyring_crack",
"source": "cve@mitre.org",
@@ -111,6 +115,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://gitlab.gnome.org/GNOME/gnome-keyring/-/issues/5#note_1876550",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.youtube.com/watch?v=Do4E9ZQaPck",
"source": "cve@mitre.org",
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25057.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25057.json
index dc3c7d17a54..51da971a7e8 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25057.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25057.json
@@ -2,7 +2,7 @@
"id": "CVE-2018-25057",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-28T21:15:09.077",
- "lastModified": "2023-01-06T13:59:37.393",
+ "lastModified": "2023-10-18T16:01:59.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -77,8 +77,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:simple_php_link_shortener_project:simple_php_link_shortener:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "84FA1A57-7F26-4D5D-8E73-99A9CBF2E11F"
+ "criteria": "cpe:2.3:a:mikebharris:simple_php_link_shortener:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "541DF23E-D916-40FA-8C9C-25C6D796D608"
}
]
}
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25060.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25060.json
index 6678e75a785..5a6c54133ff 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25060.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25060.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25060",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:09.103",
- "lastModified": "2023-01-09T15:27:11.830",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.217",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the patch is dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25061.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25061.json
index 1f7f9ec4148..893fceab7c7 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25061.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25061.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25061",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-31T20:15:08.817",
- "lastModified": "2023-01-09T15:14:24.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.287",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The name of the patch is 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151."
+ "value": "A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 0.1.6 is able to address this issue. The patch is named 9e0c38594432edfa64136fdf7bb651835e17c34f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217151."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25062.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25062.json
index 6961e55464c..74b271c2bc4 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25062.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25062.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-01T09:15:09.690",
- "lastModified": "2023-01-09T17:13:25.427",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.347",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
+ "value": "A vulnerability classified as problematic has been found in flar2 ElementalX up to 6.x on Nexus 9. Affected is the function xfrm_dump_policy_done of the file net/xfrm/xfrm_user.c of the component ipsec. The manipulation leads to denial of service. Upgrading to version 7.00 is able to address this issue. The name of the patch is 1df72c9f0f61304437f4f1037df03b5fb36d5a79. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217152."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25063.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25063.json
index 399e2db36cd..88dcdbde427 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25063.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25063.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25063",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-01T09:15:09.780",
- "lastModified": "2023-01-09T17:17:15.917",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:08.410",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in Zenoss Dashboard up to 1.3.4. Affected by this vulnerability is an unknown functionality of the file ZenPacks/zenoss/Dashboard/browser/resources/js/defaultportlets.js. The manipulation of the argument HTMLString leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.5 is able to address this issue. The identifier of the patch is f462285a0a2d7e1a9255b0820240b94a43b00a44. It is recommended to upgrade the affected component. The identifier VDB-217153 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25064.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25064.json
index 6ffab57005d..6c1a6748de3 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25064.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25064.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25064",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T09:15:08.493",
- "lastModified": "2023-01-11T17:08:39.347",
+ "lastModified": "2023-10-27T20:04:16.203",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439."
+ "value": "A vulnerability was found in OSM Lab show-me-the-way. It has been rated as problematic. This issue affects some unknown processing of the file js/site.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named 4bed3b34dcc01fe6661f39c0e5d2285b340f7cac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217439."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,16 +126,14 @@
"url": "https://github.com/osmlab/show-me-the-way/commit/4bed3b34dcc01fe6661f39c0e5d2285b340f7cac",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/osmlab/show-me-the-way/pull/57",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25065.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25065.json
index 0108bd29522..1988da1a74c 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25065.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25065.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25065",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T10:15:09.657",
- "lastModified": "2023-01-11T18:25:31.757",
+ "lastModified": "2023-10-27T20:04:30.047",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags and classified as problematic. This issue affects some unknown processing of the file I18nTags_body.php of the component Unlike Parser. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is b4bc3cbbb099eab50cf2b544cf577116f1867b94. It is recommended to apply a patch to fix this issue. The identifier VDB-217445 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/wikimedia/mediawiki-extensions-I18nTags/commit/b4bc3cbbb099eab50cf2b544cf577116f1867b94",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25066.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25066.json
index 5baee05bdf6..b9f05d59aab 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25066.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25066.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25066",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T11:15:09.320",
- "lastModified": "2023-01-12T15:58:49.013",
+ "lastModified": "2023-10-27T20:29:57.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,16 +126,14 @@
"url": "https://github.com/PeterMu/nodebatis/commit/6629ff5b7e3d62ad8319007a54589ec1f62c7c35",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/PeterMu/nodebatis/releases/tag/v2.2.0",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25067.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25067.json
index 390ac14d240..96e57081f94 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25067.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25067.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25067",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T21:15:09.167",
- "lastModified": "2023-01-12T15:23:27.897",
+ "lastModified": "2023-10-27T20:30:13.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The identifier of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability."
}
],
"metrics": {
@@ -126,24 +126,22 @@
"url": "https://github.com/JoomGallery/JoomGallery/commit/dc414ee954e849082260f8613e15a1c1e1d354a1",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/JoomGallery/JoomGallery/pull/122",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Issue Tracking",
+ "Patch"
]
},
{
"url": "https://github.com/JoomGallery/JoomGallery/releases/tag/v3.3.4",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25068.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25068.json
index 3c4c317d4a3..a0761313f73 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25068.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25068.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25068",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T21:15:09.243",
- "lastModified": "2023-01-12T15:29:24.653",
+ "lastModified": "2023-10-27T20:30:28.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,8 +83,18 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -116,16 +126,14 @@
"url": "https://github.com/devent/globalpom-utils/commit/77a820bac2f68e662ce261ecb050c643bd7ee560",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/devent/globalpom-utils/releases/tag/globalpomutils-4.5.1",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25070.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25070.json
index abcd9b01aac..725a90fe5f6 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25070.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25070.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T11:15:08.910",
- "lastModified": "2023-01-12T19:58:41.997",
+ "lastModified": "2023-10-27T20:28:21.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,15 +126,14 @@
"url": "https://github.com/polterguy/phosphorusfive/commit/c179a3d0703db55cfe0cb939b89593f2e7a87246",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/polterguy/phosphorusfive/releases/tag/v8.3",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25071.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25071.json
index 2ad3a22a0a2..9b618b781b8 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25071.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25071.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25071",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T12:15:08.900",
- "lastModified": "2023-01-12T17:31:20.330",
+ "lastModified": "2023-10-27T20:29:36.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The patch is identified as c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -126,16 +126,14 @@
"url": "https://github.com/roxlukas/lmeve/commit/c25ff7fe83a2cda1fcb365b182365adc3ffae332",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/roxlukas/lmeve/releases/tag/0.1.59-beta",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25072.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25072.json
index 08f14afe625..ee940732956 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25072.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25072.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25072",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T13:15:09.877",
- "lastModified": "2023-01-12T16:47:08.307",
+ "lastModified": "2023-10-27T20:27:20.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647."
+ "value": "A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The patch is named 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -103,8 +113,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lojban:jbovlaste:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "06-02-2018",
- "matchCriteriaId": "6A5DF520-D7A6-4E50-82D0-3C47C6558005"
+ "versionEndExcluding": "2018-06-02",
+ "matchCriteriaId": "163D21E4-182E-42BF-8CCC-89EA871372AC"
}
]
}
@@ -116,8 +126,7 @@
"url": "https://github.com/lojban/jbovlaste/commit/6ff44c2e87b1113eb07d76ea62e1f64193b04d15",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25073.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25073.json
index 537b8f5fc9c..2134800b246 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25073.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25073.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25073",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T14:15:08.930",
- "lastModified": "2023-02-01T14:56:40.987",
+ "lastModified": "2023-10-27T20:27:37.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The patch is identified as b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,24 +126,21 @@
"url": "https://github.com/Newcomer1989/TSN-Ranksystem/commit/b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/Newcomer1989/TSN-Ranksystem/pull/467",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/Newcomer1989/TSN-Ranksystem/releases/tag/1.2.7",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25074.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25074.json
index 88e586e44b1..0f77d8a7cb5 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25074.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25074.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25074",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T15:15:09.097",
- "lastModified": "2023-01-19T14:31:01.753",
+ "lastModified": "2023-10-27T19:45:42.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003."
+ "value": "A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The patch is named 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/Prestaul/skeemas/commit/65e94eda62dc8dc148ab3e59aa2ccc086ac448fd",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25075.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25075.json
index 7a3c07f7a11..cb37f6aba1a 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25075.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25075.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25075",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T20:15:09.260",
- "lastModified": "2023-01-24T18:35:58.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:09.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376."
+ "value": "A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25076.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25076.json
index a61d1ff50db..8fdc003bbd8 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25076.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25076.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25076",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T12:15:16.347",
- "lastModified": "2023-01-24T16:12:24.487",
+ "lastModified": "2023-10-27T20:27:44.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in Events Extension. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The name of the patch is 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395."
+ "value": "A vulnerability classified as critical was found in Events Extension on BigTree. Affected by this vulnerability is the function getRandomFeaturedEventByDate/getUpcomingFeaturedEventsInCategoriesWithSubcategories/recacheEvent/searchResults of the file classes/events.php. The manipulation leads to sql injection. The patch is named 11169e48ab1249109485fdb1e0c9fca3d25ba01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218395."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/timbuckingham/bigtree-events/commit/11169e48ab1249109485fdb1e0c9fca3d25ba01d",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25079.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25079.json
index 0fbd1e3b1f0..1a37abbe457 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25079.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25079.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25079",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-04T04:15:08.867",
- "lastModified": "2023-02-14T01:47:21.173",
+ "lastModified": "2023-10-27T20:27:55.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The patch is identified as 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25080.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25080.json
index d6e62aa2030..8eedf7d6614 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25080.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25080.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25080",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-04T08:15:07.607",
- "lastModified": "2023-02-14T01:50:21.883",
+ "lastModified": "2023-10-27T20:12:10.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The identifier of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -102,8 +112,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:mobile_detect_project:mobile_detect:2.8.31:*:*:*:*:*:*:*",
- "matchCriteriaId": "757772A2-65FF-46FA-AB76-176AF0EC1636"
+ "criteria": "cpe:2.3:a:mobiledetect:mobiledetect:2.8.31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B868C5CA-D4E1-4DFB-A980-D0844C05286F"
}
]
}
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25082.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25082.json
index 0d279a78b24..afc97713e31 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25082.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25082.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25082",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-21T18:15:11.677",
- "lastModified": "2023-03-24T19:34:14.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T13:15:09.380",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403."
+ "value": "A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403."
}
],
"metrics": {
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25084.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25084.json
index de732bab969..e490f99f05f 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25084.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25084.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25084",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-10T18:15:07.993",
- "lastModified": "2023-04-14T00:45:46.000",
+ "lastModified": "2023-10-29T02:37:24.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The patch is identified as f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25085.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25085.json
index 2a6eca03173..8c2e87b5d83 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25085.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25085.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-01T05:15:08.633",
- "lastModified": "2023-05-09T21:08:40.580",
+ "lastModified": "2023-10-29T02:37:03.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755."
+ "value": "A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The patch is named 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -102,8 +112,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:drupal:responsive_menus:7.x-1.7:*:*:*:*:drupal:*:*",
- "matchCriteriaId": "630B9B32-8E34-448F-8ABA-AC3A2FEF015E"
+ "criteria": "cpe:2.3:a:drupal:responsive_menus:*:*:*:*:*:drupal:*:*",
+ "versionEndExcluding": "7.x-1.7",
+ "matchCriteriaId": "BAF798FF-F52F-499E-80A4-BD53FE3A9540"
}
]
}
@@ -122,7 +133,7 @@
"url": "https://vuldb.com/?ctiid.227755",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required"
+ "Third Party Advisory"
]
},
{
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
index ed147676ad4..390be9a3327 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
@@ -2,12 +2,12 @@
"id": "CVE-2018-25086",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-01T07:15:08.860",
- "lastModified": "2023-06-08T20:01:17.053",
+ "lastModified": "2023-10-29T02:38:22.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
+ "value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The patch is named c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25091.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25091.json
index b57fd5f49e3..8cce3bbe78e 100644
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25091.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25091.json
@@ -2,27 +2,95 @@
"id": "CVE-2018-25091",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-15T19:15:09.213",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:01:05.073",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive)."
+ },
+ {
+ "lang": "es",
+ "value": "urllib3 anterior a 1.24.2 no elimina el encabezado HTTP de autorizaci\u00f3n cuando se sigue una redirecci\u00f3n de origen cruzado (es decir, una redirecci\u00f3n que difiere en host, puerto o esquema). Esto puede permitir que las credenciales en el encabezado de autorizaci\u00f3n se expongan a hosts no deseados o se transmitan en texto plano. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2018-20060 (que distingu\u00eda entre may\u00fasculas y min\u00fasculas)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:python:urllib3:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.24.2",
+ "matchCriteriaId": "D0B5613A-F0A4-438A-A01E-4E2DAB4FAB8B"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/urllib3/urllib3/compare/1.24.1...1.24.2",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/urllib3/urllib3/issues/1510",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking",
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-06xx/CVE-2019-0608.json b/CVE-2019/CVE-2019-06xx/CVE-2019-0608.json
index f1121ea5a2e..c59c1906ead 100644
--- a/CVE-2019/CVE-2019-06xx/CVE-2019-0608.json
+++ b/CVE-2019/CVE-2019-06xx/CVE-2019-0608.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-0608",
"sourceIdentifier": "secure@microsoft.com",
"published": "2019-10-10T14:15:14.157",
- "lastModified": "2019-12-16T16:20:07.207",
+ "lastModified": "2023-10-17T19:00:37.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -181,11 +181,6 @@
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
- {
- "vulnerable": false,
- "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:sp1:*:*:*:*:x64:*",
- "matchCriteriaId": "C5CA0C91-B14B-4E02-B8B3-A942F3602883"
- },
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003000.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003000.json
index d40254890c6..b5bc2d2c74e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003000.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003000.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003000",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-01-22T14:29:00.267",
- "lastModified": "2020-09-29T01:41:00.863",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:00.750",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003001.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003001.json
index 2fa992db386..2c3428ad2f5 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003001.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003001.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003001",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-01-22T14:29:00.330",
- "lastModified": "2020-09-29T01:40:32.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:00.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003002.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003002.json
index c7725cad9b8..04f9c39daf8 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003002.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003002.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003002",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-01-22T14:29:00.390",
- "lastModified": "2020-09-29T01:40:23.643",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.043",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003003.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003003.json
index 28a8f28f66d..15dc751973e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003003.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003003.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003003",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-01-22T14:29:00.437",
- "lastModified": "2021-11-02T20:15:21.123",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.113",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-613"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003004.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003004.json
index a73b84e125b..1d9c1e90ce7 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003004.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003004.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003004",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-01-22T14:29:00.487",
- "lastModified": "2021-11-02T20:15:57.490",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-613"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003005.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003005.json
index 7ad7210e4cd..f1eb5042876 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003005.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003005.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003005",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.250",
- "lastModified": "2022-06-13T19:00:29.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.280",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003006.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003006.json
index f7630f7cfb1..ef56b6cecca 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003006.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003006.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003006",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.407",
- "lastModified": "2020-09-29T00:50:45.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.403",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003007.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003007.json
index b90111891b7..42f18838b70 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003007.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003007.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003007",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.437",
- "lastModified": "2019-10-09T23:44:00.803",
+ "lastModified": "2023-10-25T18:16:01.477",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003008.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003008.json
index b948b9b0ad9..e45d644c285 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003008.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003008.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003008",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.483",
- "lastModified": "2019-10-09T23:44:00.947",
+ "lastModified": "2023-10-25T18:16:01.567",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-1295%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003009.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003009.json
index 2ed405c8d28..ae0dc2548df 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003009.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003009.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003009",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.530",
- "lastModified": "2019-10-09T23:44:01.070",
+ "lastModified": "2023-10-25T18:16:01.657",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003011.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003011.json
index 17ad5371070..6adb25bec5d 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003011.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003011.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003011",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.623",
- "lastModified": "2020-09-29T00:50:31.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:01.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,20 +73,6 @@
"value": "CWE-674"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- },
- {
- "lang": "en",
- "value": "CWE-674"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003012.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003012.json
index 9dfb899f448..c51eea6c305 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003012.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003012.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003012",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.670",
- "lastModified": "2019-10-09T23:44:01.367",
+ "lastModified": "2023-10-25T18:16:01.817",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003013.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003013.json
index 8039cc79a66..1e4caa68a5a 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003013.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003013.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003013",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.703",
- "lastModified": "2019-10-09T23:44:01.493",
+ "lastModified": "2023-10-25T18:16:01.897",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003014.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003014.json
index f419f98e9df..acad6f463f1 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003014.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003014.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003014",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.733",
- "lastModified": "2019-10-09T23:44:01.617",
+ "lastModified": "2023-10-25T18:16:01.967",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003015.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003015.json
index 14473ec00be..9c66324bfed 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003015.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003015.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003015",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.780",
- "lastModified": "2019-10-09T23:44:01.743",
+ "lastModified": "2023-10-25T18:16:02.037",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003016.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003016.json
index e2123dabcd9..7bc6103ab31 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003016.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003016.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003016",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.813",
- "lastModified": "2019-10-09T23:44:01.867",
+ "lastModified": "2023-10-25T18:16:02.097",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-905%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003017.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003017.json
index a7a85ac0c2e..a24547fd519 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003017.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003017.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003017",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.843",
- "lastModified": "2019-10-09T23:44:01.977",
+ "lastModified": "2023-10-25T18:16:02.157",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003018.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003018.json
index d41cb866f42..802a98bc065 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003018.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003018.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003018",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.890",
- "lastModified": "2019-10-09T23:44:02.117",
+ "lastModified": "2023-10-25T18:16:02.220",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-200"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-549"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003019.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003019.json
index 96d5bcda93c..d57dc69457a 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003019.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003019.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003019",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.920",
- "lastModified": "2019-10-09T23:44:02.227",
+ "lastModified": "2023-10-25T18:16:02.280",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-384"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-384"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003020.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003020.json
index 28ff877f4c6..ab59700fea1 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003020.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003020.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003020",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.953",
- "lastModified": "2019-10-09T23:44:02.430",
+ "lastModified": "2023-10-25T18:16:02.353",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-918"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003021.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003021.json
index d5a1ad16d72..8de90f3ffd4 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003021.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003021.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003021",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:00.983",
- "lastModified": "2019-10-09T23:44:02.570",
+ "lastModified": "2023-10-25T18:16:02.460",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-200"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-549"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003022.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003022.json
index 9371113dfb0..d11c2676fc7 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003022.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003022.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003022",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:01.030",
- "lastModified": "2019-10-09T23:44:02.697",
+ "lastModified": "2023-10-25T18:16:02.520",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003023.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003023.json
index 9fe546c23f6..af355ee4a0d 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003023.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003023.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003023",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-06T16:29:01.077",
- "lastModified": "2019-10-09T23:44:02.803",
+ "lastModified": "2023-10-25T18:16:02.590",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003024.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003024.json
index 06cf24f1ad1..c4c8f28fcfc 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003024.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003024.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003024",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-20T21:29:00.270",
- "lastModified": "2020-09-29T00:43:49.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:02.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003025.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003025.json
index a6606c731b4..caa2070f7dc 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003025.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003025.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003025",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-20T21:29:00.333",
- "lastModified": "2020-09-29T00:43:34.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:02.727",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-201"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003026.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003026.json
index f797ac7887f..5b5c193ac49 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003026.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003026.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003026",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-20T21:29:00.397",
- "lastModified": "2019-10-09T23:44:03.180",
+ "lastModified": "2023-10-25T18:16:02.787",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,24 +73,6 @@
"value": "CWE-918"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- },
- {
- "lang": "en",
- "value": "CWE-441"
- },
- {
- "lang": "en",
- "value": "CWE-918"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003027.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003027.json
index d5c42337bad..396f05ba98b 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003027.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003027.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003027",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-20T21:29:00.443",
- "lastModified": "2019-10-09T23:44:03.337",
+ "lastModified": "2023-10-25T18:16:02.847",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,24 +73,6 @@
"value": "CWE-918"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- },
- {
- "lang": "en",
- "value": "CWE-441"
- },
- {
- "lang": "en",
- "value": "CWE-918"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003028.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003028.json
index d5a3efdc3a7..a166e9d12aa 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003028.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003028.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003028",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-02-20T21:29:00.490",
- "lastModified": "2019-10-09T23:44:03.493",
+ "lastModified": "2023-10-25T18:16:02.910",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,24 +73,6 @@
"value": "CWE-918"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- },
- {
- "lang": "en",
- "value": "CWE-441"
- },
- {
- "lang": "en",
- "value": "CWE-918"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003029.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003029.json
index 7b5f93599db..8eec762b26a 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003029.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003029.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003029",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.297",
- "lastModified": "2022-06-13T18:57:16.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:02.980",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2022-04-25",
"cisaActionDue": "2022-05-16",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -77,16 +77,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
@@ -146,11 +136,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003030.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003030.json
index 6f00707b5de..31d40c20e65 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003030.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003030.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003030",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.343",
- "lastModified": "2020-10-19T18:15:12.633",
+ "lastModified": "2023-10-25T18:16:03.057",
"vulnStatus": "Modified",
"cisaExploitAdd": "2022-03-25",
"cisaActionDue": "2022-04-15",
@@ -68,19 +68,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
@@ -143,11 +133,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003031.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003031.json
index b7ec71117cb..ca6d507bcc4 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003031.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003031.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003031",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.373",
- "lastModified": "2020-09-30T12:55:53.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.140",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003032.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003032.json
index 529f2b7f603..a70aa86216c 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003032.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003032.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003032",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.420",
- "lastModified": "2020-09-30T12:55:45.160",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003033.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003033.json
index 252851fe264..8da5a24a4a6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003033.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003033.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003033",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.467",
- "lastModified": "2020-09-30T12:55:36.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003034.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003034.json
index 2fdc55e8882..27b0acbb091 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003034.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003034.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003034",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.500",
- "lastModified": "2020-09-30T12:55:25.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.327",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003035.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003035.json
index b13b6bab717..235978274bd 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003035.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003035.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003035",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.530",
- "lastModified": "2020-09-30T12:48:40.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.393",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,20 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-201"
- },
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003036.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003036.json
index 67b904fe6b6..94ba79a1bc0 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003036.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003036.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003036",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.560",
- "lastModified": "2020-09-30T12:48:28.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.457",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,20 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- },
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003037.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003037.json
index 77272a9a090..de98af859f6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003037.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003037.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003037",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.607",
- "lastModified": "2020-09-30T12:42:52.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.523",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,20 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-201"
- },
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003038.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003038.json
index 4c413a0a332..a450790ddf4 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003038.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003038.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003038",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.640",
- "lastModified": "2020-09-30T12:42:40.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.583",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003039.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003039.json
index 8388ff443c7..dc5d9ed6b6c 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003039.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003039.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003039",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-08T21:29:00.670",
- "lastModified": "2020-09-30T12:42:24.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003040.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003040.json
index f710638c9ea..5eb31b43524 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003040.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003040.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003040",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.250",
- "lastModified": "2020-09-30T12:41:33.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.710",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-470"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003041.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003041.json
index 43eadf25311..8eb86ec851b 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003041.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003041.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003041",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.313",
- "lastModified": "2020-09-30T12:41:21.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-470"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003042.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003042.json
index 98c3ceaf2e5..48e3c5266eb 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003042.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003042.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003042",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.343",
- "lastModified": "2020-06-23T13:15:11.040",
+ "lastModified": "2023-10-25T18:16:03.867",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003043.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003043.json
index 7743e836a3a..b8db012d81e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003043.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003043.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003043",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.390",
- "lastModified": "2020-09-30T12:38:14.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:03.940",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003044.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003044.json
index 82666252016..ce10b1132e2 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003044.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003044.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003044",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.420",
- "lastModified": "2020-06-23T13:15:11.447",
+ "lastModified": "2023-10-25T18:16:04.000",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003045.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003045.json
index 489cbd37ee9..88cc586f4ea 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003045.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003045.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003045",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.453",
- "lastModified": "2020-09-30T12:38:03.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.063",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003046.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003046.json
index dca21b054e2..a0cfa9ce60e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003046.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003046.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003046",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.500",
- "lastModified": "2020-06-23T13:15:11.713",
+ "lastModified": "2023-10-25T18:16:04.127",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003047.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003047.json
index 60da302a7f0..35a17f4a7ba 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003047.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003047.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003047",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.530",
- "lastModified": "2020-09-30T12:37:46.980",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003048.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003048.json
index 7dd7723413b..fc35e2c8013 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003048.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003048.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003048",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-03-28T18:29:00.563",
- "lastModified": "2020-09-29T18:23:23.820",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.273",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003049.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003049.json
index 8eeb0b8cdd9..19cd2df4b3a 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003049.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003049.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003049",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-10T21:29:01.480",
- "lastModified": "2022-06-13T18:36:54.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.353",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-613"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-613"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003050.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003050.json
index c890ac4062b..1742fb42df6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003050.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003050.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003050",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-10T21:29:01.513",
- "lastModified": "2022-06-13T18:46:12.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003051.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003051.json
index 4976f28ac5a..2ec94b727e8 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003051.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003051.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003051",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.447",
- "lastModified": "2020-08-31T13:19:11.787",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.513",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003052.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003052.json
index 5f9828b0a6b..1fc0f735ed9 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003052.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003052.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003052",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.493",
- "lastModified": "2020-08-31T13:24:31.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.590",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003053.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003053.json
index 7f98500bc4e..d84f6e70623 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003053.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003053.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003053",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.540",
- "lastModified": "2020-09-01T13:08:59.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003054.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003054.json
index 568a68b4cf2..a478521ada9 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003054.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003054.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003054",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.570",
- "lastModified": "2020-09-01T13:10:14.903",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.730",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003055.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003055.json
index 8beb8696854..a3b05b02a52 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003055.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003055.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003055",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.600",
- "lastModified": "2020-09-01T13:11:34.280",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003056.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003056.json
index 5a70f360e00..0506f563f8d 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003056.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003056.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003056",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.633",
- "lastModified": "2020-09-01T13:11:50.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.860",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003057.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003057.json
index 6727dbfc593..399382c08ca 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003057.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003057.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003057",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.680",
- "lastModified": "2020-09-01T13:12:03.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:04.923",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003058.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003058.json
index beb1d0b1acb..3e73241ae9d 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003058.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003058.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003058",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.727",
- "lastModified": "2020-06-23T13:15:13.103",
+ "lastModified": "2023-10-25T18:16:04.987",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003059.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003059.json
index bf216718351..1ebee9858e6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003059.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003059.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003059",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.757",
- "lastModified": "2020-09-01T13:18:26.593",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.047",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003060.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003060.json
index baff71d0746..a3aff21a12b 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003060.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003060.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003060",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.790",
- "lastModified": "2020-09-01T13:20:38.583",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003061.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003061.json
index 8af9666d936..1f67efecf77 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003061.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003061.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003061",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.837",
- "lastModified": "2020-09-01T13:20:53.740",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.173",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003062.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003062.json
index 1f7cd75de42..5772fe81472 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003062.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003062.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003062",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.867",
- "lastModified": "2020-09-01T13:21:07.490",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.237",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003063.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003063.json
index e5dae9b996a..14833e78640 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003063.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003063.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003063",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.913",
- "lastModified": "2020-09-01T13:21:39.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003064.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003064.json
index 1cd255596e5..405e70c8e61 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003064.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003064.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003064",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.947",
- "lastModified": "2020-09-01T13:26:15.143",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003065.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003065.json
index 6d9dbdbbe6d..f3b55ad5cb6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003065.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003065.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003065",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:00.993",
- "lastModified": "2020-09-01T13:28:16.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003066.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003066.json
index 2585d2afc41..1d4bb377e73 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003066.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003066.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003066",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.023",
- "lastModified": "2020-09-01T13:35:27.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.493",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003067.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003067.json
index d0fab049a90..6a79d9bfe99 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003067.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003067.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003067",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.057",
- "lastModified": "2020-09-01T13:36:51.180",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003068.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003068.json
index 9bc792e7cc5..cf6a8175066 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003068.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003068.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003068",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.087",
- "lastModified": "2020-09-01T13:37:23.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.617",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003069.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003069.json
index ed45cd4105d..a58b9ec2922 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003069.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003069.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003069",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.117",
- "lastModified": "2020-09-01T13:38:47.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.677",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003070.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003070.json
index ed5b01939fd..cbac21798f0 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003070.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003070.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003070",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.147",
- "lastModified": "2020-09-01T13:39:29.547",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.740",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003071.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003071.json
index b67f0d73b47..5bb1cc00646 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003071.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003071.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003071",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.197",
- "lastModified": "2020-09-01T13:40:14.877",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003072.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003072.json
index 49432c73bbd..aeb0a3ad346 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003072.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003072.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003072",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.210",
- "lastModified": "2020-09-01T13:42:18.537",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.867",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003073.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003073.json
index a53614ab01d..8ad1fe21923 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003073.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003073.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003073",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.257",
- "lastModified": "2020-09-01T13:42:59.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.927",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003074.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003074.json
index 366e27504fc..e40bbed21c3 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003074.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003074.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003074",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.290",
- "lastModified": "2020-09-01T13:44:25.150",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:05.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003075.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003075.json
index e385c2a7fc4..4e02dcdbdb5 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003075.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003075.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003075",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.320",
- "lastModified": "2020-09-01T13:45:48.790",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:06.053",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003076.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003076.json
index 52440de0022..2c10ee345c9 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003076.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003076.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003076",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.350",
- "lastModified": "2020-06-23T13:15:15.027",
+ "lastModified": "2023-10-25T18:16:06.120",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003077.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003077.json
index 1e8f29e6535..0b2c1cace46 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003077.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003077.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003077",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.397",
- "lastModified": "2020-09-01T16:01:05.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:06.187",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003078.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003078.json
index 9a11606f753..9625a0f1ad9 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003078.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003078.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003078",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.430",
- "lastModified": "2020-06-23T13:15:15.243",
+ "lastModified": "2023-10-25T18:16:06.257",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003079.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003079.json
index 5bef14e2aa2..6c7388bfef6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003079.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003079.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003079",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.460",
- "lastModified": "2020-07-15T14:03:57.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:06.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003080.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003080.json
index 01b34022f11..df683ba37f6 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003080.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003080.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003080",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.493",
- "lastModified": "2020-06-23T13:15:15.510",
+ "lastModified": "2023-10-25T18:16:07.030",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003081.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003081.json
index 842c2378e8b..ff91be97543 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003081.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003081.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003081",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.523",
- "lastModified": "2020-07-15T13:50:09.003",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:07.440",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003082.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003082.json
index ce3a3e6ce58..8a9ba212d6e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003082.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003082.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003082",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.570",
- "lastModified": "2020-06-23T13:15:15.713",
+ "lastModified": "2023-10-25T18:16:07.887",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003083.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003083.json
index 07e96eeb888..2553926a712 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003083.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003083.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003083",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.600",
- "lastModified": "2020-07-15T14:09:44.163",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:08.357",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003084.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003084.json
index 4a9a1566923..99adefa9566 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003084.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003084.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003084",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.647",
- "lastModified": "2020-06-23T13:15:15.933",
+ "lastModified": "2023-10-25T18:16:08.750",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003085.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003085.json
index 65950e643eb..de430eab46d 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003085.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003085.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003085",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.680",
- "lastModified": "2020-07-15T14:23:23.133",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:09.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003086.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003086.json
index 0f24542c7cc..2bedf6caa05 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003086.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003086.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003086",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.710",
- "lastModified": "2020-06-23T13:15:16.150",
+ "lastModified": "2023-10-25T18:16:09.437",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003087.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003087.json
index a3e077a5734..8a8551345d2 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003087.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003087.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003087",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.757",
- "lastModified": "2020-07-15T13:52:17.583",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:09.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003088.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003088.json
index 824b3e5e677..1b629aab661 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003088.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003088.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003088",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.790",
- "lastModified": "2020-09-01T16:00:55.610",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:10.177",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003089.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003089.json
index f4b440f0aa1..9190955fa74 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003089.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003089.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003089",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.837",
- "lastModified": "2020-09-01T16:00:39.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:10.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003090.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003090.json
index f6e9f7effcf..48042b84214 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003090.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003090.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003090",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.867",
- "lastModified": "2020-06-23T13:15:16.587",
+ "lastModified": "2023-10-25T18:16:10.933",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003091.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003091.json
index 159c1a68fc3..2567de2b213 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003091.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003091.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003091",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.897",
- "lastModified": "2020-07-15T13:54:50.947",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:11.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003092.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003092.json
index 805bf256fd7..a2103583479 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003092.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003092.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003092",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.947",
- "lastModified": "2020-06-23T13:15:16.807",
+ "lastModified": "2023-10-25T18:16:11.670",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003093.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003093.json
index f886b743aac..e99ca998ac5 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003093.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003093.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003093",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:01.993",
- "lastModified": "2020-07-15T13:57:04.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.020",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003094.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003094.json
index fd7a1844c7f..786a0d8564e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003094.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003094.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003094",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.023",
- "lastModified": "2020-09-01T16:00:31.140",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.440",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003095.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003095.json
index 94f44e3f9cf..a09ed86256e 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003095.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003095.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003095",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.070",
- "lastModified": "2020-09-01T19:57:53.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.523",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003096.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003096.json
index fcf3b2bd78d..84a3d2275c9 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003096.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003096.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003096",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.147",
- "lastModified": "2020-07-15T15:01:08.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003097.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003097.json
index c2cc254b0b4..0e65a55763c 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003097.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003097.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003097",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.180",
- "lastModified": "2020-07-15T15:06:27.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.650",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003098.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003098.json
index a294c076114..bc1e2f5bd12 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003098.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003098.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1003098",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.227",
- "lastModified": "2020-06-23T13:15:17.463",
+ "lastModified": "2023-10-25T18:16:12.717",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003099.json b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003099.json
index ad888167c0c..5efc47482e7 100644
--- a/CVE-2019/CVE-2019-10030xx/CVE-2019-1003099.json
+++ b/CVE-2019/CVE-2019-10030xx/CVE-2019-1003099.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-1003099",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.273",
- "lastModified": "2020-07-15T14:57:13.787",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.777",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10222.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10222.json
index df69f9154c2..59db2d8264f 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10222.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10222.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10222",
"sourceIdentifier": "secalert@redhat.com",
"published": "2019-11-08T15:15:11.437",
- "lastModified": "2023-02-12T23:34:00.480",
+ "lastModified": "2023-10-23T19:15:09.617",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -87,7 +87,7 @@
},
"weaknesses": [
{
- "source": "secalert@redhat.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -97,7 +97,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@@ -175,6 +175,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://tracker.ceph.com/issues/40018",
"source": "secalert@redhat.com",
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10277.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10277.json
index fad71e3486e..ed58373f29a 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10277.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10277.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10277",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.383",
- "lastModified": "2020-10-02T14:49:05.753",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.840",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10278.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10278.json
index 71ec32efcb9..a5f4f2c9785 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10278.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10278.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10278",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.430",
- "lastModified": "2019-10-09T23:44:35.150",
+ "lastModified": "2023-10-25T18:16:12.907",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10279.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10279.json
index ccc85d7807c..aafd3ccbbd8 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10279.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10279.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10279",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.460",
- "lastModified": "2020-10-01T16:30:42.417",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:12.977",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10280.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10280.json
index 7f048d240a1..de948b945c4 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10280.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10280.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10280",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.523",
- "lastModified": "2020-10-02T14:48:55.487",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.040",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10281.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10281.json
index 64744c7677c..1dcc6a147ea 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10281.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10281.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10281",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.570",
- "lastModified": "2020-10-02T14:47:48.170",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.117",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10282.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10282.json
index ef700826788..ef920a5dd9f 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10282.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10282.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10282",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.600",
- "lastModified": "2020-10-02T14:47:34.857",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.183",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10283.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10283.json
index e654ab64982..a9e42c60df8 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10283.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10283.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10283",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.647",
- "lastModified": "2020-10-01T13:47:40.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.240",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10284.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10284.json
index 05b7b1f235a..62af3af0167 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10284.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10284.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10284",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.697",
- "lastModified": "2020-10-01T14:09:47.737",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.300",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10285.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10285.json
index 5885edf71bf..b54ef4d4645 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10285.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10285.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10285",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.727",
- "lastModified": "2020-10-01T13:58:56.050",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10286.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10286.json
index cf705da05f5..674d2b9c32f 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10286.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10286.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10286",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.757",
- "lastModified": "2020-10-01T13:51:16.307",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10287.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10287.json
index 3c7e4dc3b1c..6aa1c5b5b93 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10287.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10287.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10287",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.807",
- "lastModified": "2020-10-01T13:51:14.680",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10288.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10288.json
index 9e321fcc9b9..5c0b6ff46b6 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10288.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10288.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10288",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.867",
- "lastModified": "2020-10-01T13:51:13.400",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.537",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10289.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10289.json
index 1cf23f3ed55..38bd0151312 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10289.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10289.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10289",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.913",
- "lastModified": "2019-10-09T23:44:36.540",
+ "lastModified": "2023-10-25T18:16:13.593",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10290.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10290.json
index 56e38f80a85..9f550a9ba3d 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10290.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10290.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10290",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.947",
- "lastModified": "2020-10-02T14:47:24.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.653",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10291.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10291.json
index 65079b009a5..0c70554bceb 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10291.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10291.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10291",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:02.977",
- "lastModified": "2020-10-02T14:47:01.810",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.713",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10292.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10292.json
index c34efa6df89..786f8f9bf2c 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10292.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10292.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10292",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.007",
- "lastModified": "2019-10-09T23:44:36.917",
+ "lastModified": "2023-10-25T18:16:13.777",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10293.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10293.json
index b7269bf613c..1fe174426a1 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10293.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10293.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10293",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.057",
- "lastModified": "2020-10-01T16:29:51.837",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.833",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10294.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10294.json
index 6ba4db7755f..d55e222d33e 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10294.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10294.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10294",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.070",
- "lastModified": "2020-10-02T14:46:47.357",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.897",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10295.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10295.json
index fd7bab51df2..8589e8444cb 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10295.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10295.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10295",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.100",
- "lastModified": "2020-10-02T14:46:35.543",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:13.950",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10296.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10296.json
index 733b51e02ac..27f77dde9ed 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10296.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10296.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10296",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.133",
- "lastModified": "2020-10-02T14:46:24.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.010",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10297.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10297.json
index c22aebad5ae..21d146d6108 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10297.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10297.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10297",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.163",
- "lastModified": "2020-10-02T14:46:11.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10298.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10298.json
index 5a8fab5f973..eeee75f39f1 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10298.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10298.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10298",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.210",
- "lastModified": "2020-10-02T14:46:00.010",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.130",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-102xx/CVE-2019-10299.json b/CVE-2019/CVE-2019-102xx/CVE-2019-10299.json
index 5df00ec03c3..cf153b286e4 100644
--- a/CVE-2019/CVE-2019-102xx/CVE-2019-10299.json
+++ b/CVE-2019/CVE-2019-102xx/CVE-2019-10299.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10299",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-04T16:29:03.243",
- "lastModified": "2020-10-02T14:44:42.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.190",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10300.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10300.json
index e3931b38933..59b54ee68a7 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10300.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10300.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10300",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.430",
- "lastModified": "2019-05-06T16:29:00.397",
+ "lastModified": "2023-10-25T18:16:14.253",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10301.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10301.json
index 7f6e5165c18..b3332f6ecc1 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10301.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10301.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10301",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.507",
- "lastModified": "2020-10-01T16:30:56.857",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.347",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10302.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10302.json
index 00707dbf014..4b180e43592 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10302.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10302.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10302",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.570",
- "lastModified": "2020-10-02T14:43:18.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.407",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10303.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10303.json
index bf588aff427..c17346a026b 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10303.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10303.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10303",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.633",
- "lastModified": "2020-10-02T14:42:59.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.467",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10304.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10304.json
index 7c56aa6e32a..e953080c3fa 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10304.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10304.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10304",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.697",
- "lastModified": "2019-10-09T23:44:38.417",
+ "lastModified": "2023-10-25T18:16:14.523",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10305.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10305.json
index 7a4d547cf47..67dd4128b83 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10305.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10305.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10305",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.773",
- "lastModified": "2020-10-02T14:42:44.500",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10306.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10306.json
index ef427f82bb0..239a214e303 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10306.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10306.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10306",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-18T17:29:00.837",
- "lastModified": "2020-10-02T14:42:32.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.653",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10307.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10307.json
index 2f4f22a8878..7cf57305d09 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10307.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10307.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10307",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.157",
- "lastModified": "2019-05-06T12:29:00.297",
+ "lastModified": "2023-10-25T18:16:14.720",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10308.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10308.json
index 468f14fdba8..b584d5d1e78 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10308.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10308.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10308",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.347",
- "lastModified": "2020-10-02T14:42:19.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10309.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10309.json
index 74713ad8e81..6e244f7dbf9 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10309.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10309.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10309",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.407",
- "lastModified": "2019-05-06T16:29:00.553",
+ "lastModified": "2023-10-25T18:16:14.857",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10310.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10310.json
index dad058d65fe..bcefaff36f0 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10310.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10310.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10310",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.470",
- "lastModified": "2019-05-06T16:29:00.740",
+ "lastModified": "2023-10-25T18:16:14.927",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10311.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10311.json
index 82e22709e91..f92664187d1 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10311.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10311.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10311",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.533",
- "lastModified": "2020-10-01T16:42:47.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:14.983",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10312.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10312.json
index fd0567b7925..479d3662f69 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10312.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10312.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10312",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.597",
- "lastModified": "2020-10-01T16:42:59.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.043",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10313.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10313.json
index 80d6d782497..66963417b13 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10313.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10313.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10313",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.687",
- "lastModified": "2020-10-01T16:13:22.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.107",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10314.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10314.json
index 3a5b5a03d17..f42b58fe2a1 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10314.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10314.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10314",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.750",
- "lastModified": "2019-05-06T12:29:01.327",
+ "lastModified": "2023-10-25T18:16:15.163",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10315.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10315.json
index 504763591af..9ddd7f38cad 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10315.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10315.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10315",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.813",
- "lastModified": "2019-05-06T12:29:01.470",
+ "lastModified": "2023-10-25T18:16:15.230",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10316.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10316.json
index 88ed6b07d5f..f6e4a27461e 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10316.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10316.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10316",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.877",
- "lastModified": "2020-10-02T14:41:27.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.287",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10317.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10317.json
index 9c3392577a3..15cd07828be 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10317.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10317.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10317",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.937",
- "lastModified": "2019-05-06T12:29:01.767",
+ "lastModified": "2023-10-25T18:16:15.360",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10318.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10318.json
index e60df7d588f..484c3ccea0b 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10318.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10318.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10318",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-04-30T13:29:05.987",
- "lastModified": "2020-10-02T14:40:43.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10319.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10319.json
index 887acfc0377..30b7b90da7e 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10319.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10319.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10319",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-21T13:29:00.227",
- "lastModified": "2020-10-02T14:36:03.723",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.490",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10320.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10320.json
index af5fcb683bd..0680f28c9bf 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10320.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10320.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10320",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-21T13:29:00.397",
- "lastModified": "2019-06-11T21:29:00.960",
+ "lastModified": "2023-10-25T18:16:15.567",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-538"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10321.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10321.json
index 5294a2dbeaf..c7b5945b7ae 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10321.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10321.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10321",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.230",
- "lastModified": "2019-06-05T15:29:00.967",
+ "lastModified": "2023-10-25T18:16:15.643",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
"source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0787",
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10322.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10322.json
index 1d84117e5a0..b7cf895d16c 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10322.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10322.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10322",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.277",
- "lastModified": "2020-10-01T16:42:31.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.727",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -121,11 +111,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0787",
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10323.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10323.json
index ddc87b34a9d..afee1669c70 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10323.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10323.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10323",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.310",
- "lastModified": "2020-10-01T16:40:20.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:15.793",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -121,11 +111,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-05-31/#SECURITY-1015%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0846",
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10324.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10324.json
index 9a2215eb83f..164f2c784b8 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10324.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10324.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10324",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.357",
- "lastModified": "2019-06-03T13:29:00.473",
+ "lastModified": "2023-10-25T18:16:15.857",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10325.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10325.json
index 22e55356f39..f44ca183d94 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10325.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10325.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10325",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.403",
- "lastModified": "2019-06-03T13:29:00.553",
+ "lastModified": "2023-10-25T18:16:15.920",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10326.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10326.json
index 9d2818e8340..2ec149b59b8 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10326.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10326.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10326",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.433",
- "lastModified": "2019-06-03T13:29:00.630",
+ "lastModified": "2023-10-25T18:16:15.977",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10327.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10327.json
index 8fea1cf3eb0..d0cd86559be 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10327.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10327.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10327",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.467",
- "lastModified": "2019-06-03T13:29:00.707",
+ "lastModified": "2023-10-25T18:16:16.037",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10328.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10328.json
index cde2f128f8d..42dafd4039f 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10328.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10328.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10328",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.513",
- "lastModified": "2019-06-03T13:29:00.787",
+ "lastModified": "2023-10-25T18:16:16.100",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-693"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-183"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10329.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10329.json
index 10442e65efc..d643ccc1c36 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10329.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10329.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10329",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.543",
- "lastModified": "2020-10-02T14:35:53.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.160",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10330.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10330.json
index 2921fde037c..3bd002523f6 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10330.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10330.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10330",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-05-31T15:29:00.590",
- "lastModified": "2020-10-02T14:35:40.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.220",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10331.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10331.json
index de987915723..7782f2dc186 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10331.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10331.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10331",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:00.697",
- "lastModified": "2019-06-13T13:29:00.250",
+ "lastModified": "2023-10-25T18:16:16.283",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -117,11 +107,8 @@
"source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10332.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10332.json
index 2d072ce3053..dc1481e8026 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10332.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10332.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10332",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:00.853",
- "lastModified": "2020-10-01T16:31:08.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -121,11 +111,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10333.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10333.json
index 194b71fe3c0..b6be8e8bb85 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10333.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10333.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10333",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:00.900",
- "lastModified": "2020-10-02T14:35:12.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.423",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -121,11 +111,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-06-11/#SECURITY-1410%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10334.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10334.json
index 77b9cde4ca7..28877603fa4 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10334.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10334.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10334",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:00.947",
- "lastModified": "2019-06-13T13:29:00.500",
+ "lastModified": "2023-10-25T18:16:16.483",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10335.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10335.json
index 9f03a8dc674..315e0594120 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10335.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10335.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10335",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:00.980",
- "lastModified": "2019-06-13T13:29:00.580",
+ "lastModified": "2023-10-25T18:16:16.543",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10336.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10336.json
index 888d2a32414..f7c798f1040 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10336.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10336.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10336",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:01.027",
- "lastModified": "2019-06-13T13:29:00.657",
+ "lastModified": "2023-10-25T18:16:16.607",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10337.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10337.json
index 92434db831c..ffdcaf0e825 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10337.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10337.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10337",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:01.057",
- "lastModified": "2019-06-13T13:29:00.737",
+ "lastModified": "2023-10-25T18:16:16.670",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10338.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10338.json
index 4ce026a2075..d52848dc74b 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10338.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10338.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10338",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:01.103",
- "lastModified": "2019-06-13T13:29:00.813",
+ "lastModified": "2023-10-25T18:16:16.730",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10339.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10339.json
index 59af611ce62..76fcf357c1d 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10339.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10339.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10339",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-06-11T14:29:01.150",
- "lastModified": "2020-10-01T16:30:28.463",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.787",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10340.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10340.json
index 7572eff4221..e238abede14 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10340.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10340.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10340",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.537",
- "lastModified": "2023-01-30T18:40:48.420",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.853",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10341.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10341.json
index d70ab84064e..b78318e0e1b 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10341.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10341.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10341",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.600",
- "lastModified": "2020-10-01T16:33:26.030",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.930",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10342.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10342.json
index 01e3d03ab36..44f35fc1ae6 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10342.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10342.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10342",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.677",
- "lastModified": "2020-10-01T16:31:34.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:16.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10343.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10343.json
index f1429a39193..089baec55a0 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10343.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10343.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10343",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.230",
- "lastModified": "2023-03-03T16:54:15.157",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-532"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10344.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10344.json
index d547f58d6d3..45dee5c18cf 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10344.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10344.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10344",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.290",
- "lastModified": "2020-10-02T14:26:30.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.140",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10345.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10345.json
index e3cb443fec8..e1340720ad2 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10345.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10345.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10345",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.353",
- "lastModified": "2020-10-02T14:26:05.620",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.197",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -77,20 +77,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- },
- {
- "lang": "en",
- "value": "CWE-532"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10346.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10346.json
index aaa7d2d5046..08e12a39635 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10346.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10346.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10346",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.740",
- "lastModified": "2023-01-30T18:40:42.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.260",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10347.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10347.json
index c29234ab700..cd885b40daa 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10347.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10347.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10347",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.820",
- "lastModified": "2020-10-02T14:31:42.087",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10348.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10348.json
index 2ab79108b2a..5c468835e6c 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10348.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10348.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10348",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.897",
- "lastModified": "2020-10-01T15:51:52.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.380",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10349.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10349.json
index 4e79ab455b2..e811bcb64be 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10349.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10349.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10349",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:10.960",
- "lastModified": "2023-01-30T18:40:34.757",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10350.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10350.json
index 2797c9dbdbe..720802c8fd9 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10350.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10350.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10350",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:11.023",
- "lastModified": "2020-10-02T14:31:27.117",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.510",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10351.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10351.json
index d0bd0a4cca4..d3664773221 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10351.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10351.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10351",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-11T14:15:11.100",
- "lastModified": "2020-10-02T14:29:52.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.573",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10352.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10352.json
index 08912fbffd6..67d71c86269 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10352.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10352.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10352",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-17T16:15:12.413",
- "lastModified": "2019-08-15T16:15:11.460",
+ "lastModified": "2023-10-25T18:16:17.633",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10353.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10353.json
index f6e9a19a5cd..c5af6de6f83 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10353.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10353.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10353",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-17T16:15:12.490",
- "lastModified": "2019-07-26T07:15:11.770",
+ "lastModified": "2023-10-25T18:16:17.723",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10354.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10354.json
index d3553ae9fb2..c821adf4bda 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10354.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10354.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10354",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-17T16:15:12.553",
- "lastModified": "2020-10-02T14:29:21.487",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.803",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-425"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10355.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10355.json
index e0b2dcd34f9..d8fca2fa156 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10355.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10355.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10355",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.433",
- "lastModified": "2020-10-02T14:25:21.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.903",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-704"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
@@ -154,11 +144,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10356.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10356.json
index 6ab42bb0186..a136597f66c 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10356.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10356.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10356",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.480",
- "lastModified": "2020-10-02T14:22:56.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:17.980",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
@@ -154,11 +144,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-07-31/#SECURITY-1465%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10357.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10357.json
index 3340b5af534..0effdd4e1f9 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10357.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10357.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10357",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.557",
- "lastModified": "2020-10-02T14:22:44.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.047",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10358.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10358.json
index 50d045e5e2c..5945bf40c66 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10358.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10358.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10358",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.620",
- "lastModified": "2021-10-28T13:53:38.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.137",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-532"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10359.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10359.json
index 25ba6982e09..bb483c897e8 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10359.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10359.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10359",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.683",
- "lastModified": "2023-02-02T19:23:50.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10360.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10360.json
index 09d7b59f6c3..91bf3940c39 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10360.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10360.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10360",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.743",
- "lastModified": "2023-03-03T02:56:55.577",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10361.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10361.json
index 232582586e0..a5550e50b59 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10361.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10361.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10361",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.807",
- "lastModified": "2020-10-02T14:22:29.847",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.357",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10362.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10362.json
index 3ef3b93b947..35b48c4a269 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10362.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10362.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10362",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.853",
- "lastModified": "2021-10-28T13:39:32.473",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-116"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10363.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10363.json
index 43c98c7d6e0..b2ef2148189 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10363.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10363.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10363",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.933",
- "lastModified": "2020-10-02T14:18:43.493",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.480",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-311"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10364.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10364.json
index ba749cd4f80..a8672bbeb4b 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10364.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10364.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10364",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:12.980",
- "lastModified": "2020-10-02T14:18:23.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.543",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-532"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10365.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10365.json
index b64a3533f8e..7a6b945432d 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10365.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10365.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10365",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:13.040",
- "lastModified": "2023-03-03T15:47:22.537",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.600",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-668"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-377"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10366.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10366.json
index d297b8868d6..e1b48961452 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10366.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10366.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10366",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-07-31T13:15:13.120",
- "lastModified": "2020-10-01T15:44:42.203",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.667",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10367.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10367.json
index 48cb6694fcf..2ffe02b1de2 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10367.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10367.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10367",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.063",
- "lastModified": "2023-03-03T16:54:20.077",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.723",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-532"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10368.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10368.json
index 9868fef8e1b..9cbe42aae1a 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10368.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10368.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10368",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.140",
- "lastModified": "2019-10-09T23:44:44.977",
+ "lastModified": "2023-10-25T18:16:18.797",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -120,15 +110,15 @@
]
},
{
- "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac@%3Cnotifications.jclouds.apache.org%3E",
+ "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E",
"source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45@%3Cnotifications.jclouds.apache.org%3E",
+ "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E",
"source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881@%3Cnotifications.jclouds.apache.org%3E",
+ "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E",
"source": "jenkinsci-cert@googlegroups.com"
}
]
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10369.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10369.json
index a9ebe71face..181ab4ed1ef 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10369.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10369.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10369",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.237",
- "lastModified": "2020-10-01T15:44:24.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.880",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -120,28 +110,16 @@
]
},
{
- "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac@%3Cnotifications.jclouds.apache.org%3E",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r42b7ff290ed5ec8f27f12c54fff54462ffc4bcf6a5015c37fece94ac%40%3Cnotifications.jclouds.apache.org%3E",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45@%3Cnotifications.jclouds.apache.org%3E",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r6c4693d03d15391814c647742db49a4d9937fa34573fb66103d57b45%40%3Cnotifications.jclouds.apache.org%3E",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
- "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881@%3Cnotifications.jclouds.apache.org%3E",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Mailing List",
- "Third Party Advisory"
- ]
+ "url": "https://lists.apache.org/thread.html/r725e55670dbdd214f3cfdfea255b72a75fa9a4f0c6c9d109b29c7881%40%3Cnotifications.jclouds.apache.org%3E",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10370.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10370.json
index f4489d50da4..2a49b4ea05e 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10370.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10370.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10370",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.313",
- "lastModified": "2020-10-02T14:08:07.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:18.947",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-532"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10371.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10371.json
index aed54ff2bee..f60d863e881 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10371.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10371.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10371",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.377",
- "lastModified": "2023-03-03T18:59:24.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.013",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-384"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-384"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10372.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10372.json
index 98320c53750..ffd5b8784b2 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10372.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10372.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10372",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.453",
- "lastModified": "2023-03-03T18:59:47.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-601"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-601"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10373.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10373.json
index 747a1607b4a..b311e7c4079 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10373.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10373.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10373",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.517",
- "lastModified": "2023-03-03T15:58:31.803",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.140",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10374.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10374.json
index fdcd553ef73..debe165b0e7 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10374.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10374.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10374",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.580",
- "lastModified": "2023-03-03T19:00:06.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10375.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10375.json
index 2d813383ce3..fae7bb4af74 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10375.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10375.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10375",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.640",
- "lastModified": "2020-10-02T14:08:29.357",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10376.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10376.json
index 07c19f6a97d..cfde1d9a155 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10376.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10376.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10376",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.720",
- "lastModified": "2023-03-03T16:55:29.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.330",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10377.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10377.json
index 9c0330a6c1d..2ed3d06de19 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10377.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10377.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10377",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:12.783",
- "lastModified": "2020-10-01T16:33:39.390",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10378.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10378.json
index c889d1fe035..0497deefa96 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10378.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10378.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10378",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.140",
- "lastModified": "2020-10-01T15:42:55.980",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.453",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10379.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10379.json
index d4d02d6c4e8..f575cd74e4a 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10379.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10379.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10379",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.220",
- "lastModified": "2020-10-02T14:08:40.560",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.517",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10380.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10380.json
index 5138cfe2320..82cca4d5446 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10380.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10380.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10380",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.283",
- "lastModified": "2020-10-01T15:42:08.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.577",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-183"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10381.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10381.json
index 37e91a46d5d..14aa8e88826 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10381.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10381.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10381",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.343",
- "lastModified": "2023-03-03T17:40:51.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10382.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10382.json
index cd594827357..7d7ce8d9526 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10382.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10382.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10382",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.407",
- "lastModified": "2023-03-03T17:40:44.697",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10383.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10383.json
index 6d0c1e900c8..13f34b6264d 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10383.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10383.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10383",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-28T16:15:10.907",
- "lastModified": "2022-06-13T18:37:23.527",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.753",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10384.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10384.json
index 77dd626c847..92353f92f98 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10384.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10384.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10384",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-28T16:15:10.983",
- "lastModified": "2022-06-13T18:37:14.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.840",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10385.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10385.json
index 26f7d2c5c84..ecbdd662aa3 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10385.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10385.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10385",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.470",
- "lastModified": "2020-10-01T15:43:37.357",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10386.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10386.json
index 093dea0e4cb..068241c8c58 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10386.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10386.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10386",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.533",
- "lastModified": "2023-02-02T19:49:22.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:19.973",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10387.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10387.json
index 532111e3527..246044a456d 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10387.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10387.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10387",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.610",
- "lastModified": "2020-10-02T14:08:56.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.037",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10388.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10388.json
index 5f4d40f9987..5a6b1af93e2 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10388.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10388.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10388",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.720",
- "lastModified": "2023-02-02T19:48:19.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.097",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10389.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10389.json
index 8927b8705c8..f47b5f11ba1 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10389.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10389.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10389",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-07T15:15:13.783",
- "lastModified": "2020-10-01T15:41:17.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.163",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10390.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10390.json
index 96de654564f..0fe896bb716 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10390.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10390.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10390",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-28T16:15:11.030",
- "lastModified": "2021-11-02T19:35:49.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.223",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10391.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10391.json
index c24eea99fa8..7eb4cf8791c 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10391.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10391.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10391",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-08-28T16:15:11.077",
- "lastModified": "2020-10-02T14:12:12.273",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.290",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10392.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10392.json
index ae80ce774f1..c4fd7701b2e 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10392.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10392.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10392",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.257",
- "lastModified": "2023-02-28T19:30:54.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.350",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10393.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10393.json
index 74ec8b2d2db..5dcdbf33f56 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10393.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10393.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10393",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.333",
- "lastModified": "2021-11-02T19:36:26.043",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.433",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10394.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10394.json
index fd69769bc52..e474dd67a38 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10394.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10394.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10394",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.397",
- "lastModified": "2021-11-02T20:01:34.433",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.500",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10395.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10395.json
index 5567fde3991..f883c6d637a 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10395.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10395.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10395",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.473",
- "lastModified": "2023-02-28T19:31:23.820",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10396.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10396.json
index 84c80e98599..6eee521c816 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10396.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10396.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10396",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.537",
- "lastModified": "2023-02-28T19:31:34.947",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10397.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10397.json
index 1f227701849..748c49adaa8 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10397.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10397.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10397",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.647",
- "lastModified": "2021-10-28T13:38:36.963",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10398.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10398.json
index 1c6fecb6c75..0aef9198924 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10398.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10398.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10398",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.787",
- "lastModified": "2023-02-28T19:32:17.813",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.790",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-103xx/CVE-2019-10399.json b/CVE-2019/CVE-2019-103xx/CVE-2019-10399.json
index 5fc59a844e3..966716bca08 100644
--- a/CVE-2019/CVE-2019-103xx/CVE-2019-10399.json
+++ b/CVE-2019/CVE-2019-103xx/CVE-2019-10399.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10399",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.867",
- "lastModified": "2021-11-02T20:02:10.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.863",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10400.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10400.json
index d251761f72b..0cada5d629c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10400.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10400.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10400",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-12T14:15:11.960",
- "lastModified": "2021-11-02T20:02:37.700",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10401.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10401.json
index c58b59bbdad..1d50b1cb10d 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10401.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10401.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10401",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.383",
- "lastModified": "2023-01-27T18:02:59.690",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:20.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10402.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10402.json
index cb38a90fa58..61778f8d5ca 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10402.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10402.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10402",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.463",
- "lastModified": "2023-02-23T01:51:20.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.070",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10403.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10403.json
index d21808a05d3..8395e921c3c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10403.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10403.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10403",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.570",
- "lastModified": "2023-02-23T01:53:03.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.150",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
@@ -119,11 +109,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10404.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10404.json
index bccc619cd44..b16b83664e6 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10404.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10404.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10404",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.633",
- "lastModified": "2023-02-23T01:53:35.363",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.237",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
@@ -119,11 +109,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10405.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10405.json
index 7deec2b2388..99c202f6d8e 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10405.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10405.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10405",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.697",
- "lastModified": "2023-02-23T01:54:37.833",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.313",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10406.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10406.json
index 3b1a9f99ed2..c28de735ac0 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10406.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10406.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10406",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.773",
- "lastModified": "2023-02-23T01:55:17.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.383",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10407.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10407.json
index d8ee6b7fbe5..ba592ae30b2 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10407.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10407.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10407",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.837",
- "lastModified": "2023-02-23T01:57:34.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-200"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-213"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10408.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10408.json
index 9601189db46..1d55d9c8d97 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10408.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10408.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10408",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.917",
- "lastModified": "2023-02-23T02:00:00.473",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.540",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10409.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10409.json
index cf3b8ffe664..f0f3b9a39ce 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10409.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10409.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10409",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:10.977",
- "lastModified": "2020-10-01T15:41:01.147",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.617",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10410.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10410.json
index 39aea5e5329..43b8d97889a 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10410.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10410.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10410",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.040",
- "lastModified": "2023-02-23T02:00:31.033",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.677",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10411.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10411.json
index e8392778ca4..17936072b29 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10411.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10411.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10411",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.103",
- "lastModified": "2023-02-23T02:06:10.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.743",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10412.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10412.json
index 34d46abbb88..a29291a4de0 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10412.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10412.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10412",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.150",
- "lastModified": "2023-02-23T02:06:51.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.803",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10413.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10413.json
index 433c5d5bea8..1ebc7ed03f9 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10413.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10413.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10413",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.213",
- "lastModified": "2023-02-23T02:07:48.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.863",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10414.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10414.json
index 6960df0087c..9e3d8a2b52d 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10414.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10414.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10414",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.290",
- "lastModified": "2023-02-23T02:09:08.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.920",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10415.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10415.json
index 0ce495ae49c..bfa36b0e08a 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10415.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10415.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10415",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.353",
- "lastModified": "2023-02-23T02:12:28.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:21.980",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10416.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10416.json
index be42fe738c6..94dc07a1cef 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10416.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10416.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10416",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.417",
- "lastModified": "2023-02-23T02:18:22.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.040",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10417.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10417.json
index 56633cdb546..c7f07fb077f 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10417.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10417.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10417",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.477",
- "lastModified": "2020-10-02T14:12:25.897",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-183"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10418.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10418.json
index 4c786f815ba..8c7b62d94cb 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10418.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10418.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10418",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.523",
- "lastModified": "2020-10-01T16:40:44.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.173",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-183"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-09-25/#SECURITY-920%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10419.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10419.json
index 096706e51c2..f5a718673ab 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10419.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10419.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10419",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.587",
- "lastModified": "2023-02-23T02:19:02.943",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.230",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10420.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10420.json
index 34e204751c4..dc374ee5711 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10420.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10420.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10420",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.650",
- "lastModified": "2023-02-23T02:19:52.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10421.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10421.json
index fcb749f0aa7..5922cb4e010 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10421.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10421.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10421",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.697",
- "lastModified": "2023-02-23T02:20:50.897",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.357",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10422.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10422.json
index df573e76511..37a5455ae3b 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10422.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10422.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10422",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.760",
- "lastModified": "2023-02-23T02:21:40.513",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10423.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10423.json
index 4fc17ebae2c..9fea38a2ef3 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10423.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10423.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10423",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.807",
- "lastModified": "2023-02-23T02:22:32.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10424.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10424.json
index 026b8094cc5..bd9406f4c66 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10424.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10424.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10424",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.867",
- "lastModified": "2023-02-23T02:35:54.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.540",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10425.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10425.json
index dc95a7d3270..a8e7716b286 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10425.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10425.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10425",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.930",
- "lastModified": "2023-03-01T01:08:42.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.597",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10426.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10426.json
index 5fd5a3a1837..2e38381b62b 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10426.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10426.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10426",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:11.993",
- "lastModified": "2023-03-01T01:09:36.963",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.657",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10427.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10427.json
index d92e060e676..ca2bfeee187 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10427.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10427.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10427",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:12.040",
- "lastModified": "2023-03-01T01:12:14.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.713",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10428.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10428.json
index a399c971461..cc94778c8ea 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10428.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10428.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10428",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:12.103",
- "lastModified": "2023-03-01T01:04:48.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.777",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10429.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10429.json
index 219c9b3aff6..37c8aaf41aa 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10429.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10429.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10429",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:12.167",
- "lastModified": "2023-03-01T01:14:45.007",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.837",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10430.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10430.json
index dec571be337..fe9f96b32e8 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10430.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10430.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10430",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-09-25T16:15:12.227",
- "lastModified": "2023-02-11T18:32:36.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:22.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10431.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10431.json
index 74d988ca5c7..5b6dcbd6b02 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10431.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10431.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10431",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-01T14:15:18.507",
- "lastModified": "2019-10-09T23:44:52.353",
+ "lastModified": "2023-10-25T18:16:22.970",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-94"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10432.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10432.json
index f792adf987c..8b84a8b1b2c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10432.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10432.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-10432",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-01T14:15:23.817",
- "lastModified": "2019-10-09T23:44:52.510",
+ "lastModified": "2023-10-25T18:16:23.057",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10433.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10433.json
index b4517d6581b..5885364583e 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10433.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10433.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10433",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-01T14:15:28.507",
- "lastModified": "2023-03-01T18:54:04.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.120",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10434.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10434.json
index a004eeb9d09..beba2cae474 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10434.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10434.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10434",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-01T14:15:30.443",
- "lastModified": "2023-01-27T18:03:06.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10435.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10435.json
index ce7b89d10d0..1dccbc588ad 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10435.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10435.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10435",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-01T14:15:31.817",
- "lastModified": "2023-01-27T18:03:26.353",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10436.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10436.json
index b42f142e1fc..296d8913a61 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10436.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10436.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10436",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:11.277",
- "lastModified": "2020-10-01T16:45:26.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.333",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10437.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10437.json
index 9d7a26d1115..a84b6f9fd0c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10437.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10437.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10437",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:11.417",
- "lastModified": "2019-10-23T14:21:46.917",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.427",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10438.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10438.json
index 0bd728f45ea..55bffa763e8 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10438.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10438.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10438",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:11.840",
- "lastModified": "2020-10-01T14:41:10.440",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.510",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10439.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10439.json
index 14cdd83b6bc..6192dcaa203 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10439.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10439.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10439",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:11.933",
- "lastModified": "2020-10-01T14:42:36.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.573",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-16/#SECURITY-1006%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10440.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10440.json
index 9e4f4e11332..7c2bb731d0e 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10440.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10440.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10440",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.043",
- "lastModified": "2023-02-04T00:10:42.240",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.637",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10441.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10441.json
index d5250106a61..b75993808a2 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10441.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10441.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10441",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.150",
- "lastModified": "2019-10-21T18:47:11.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.700",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10442.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10442.json
index a6eee94bd73..4eda37ef347 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10442.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10442.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10442",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.247",
- "lastModified": "2020-10-01T14:48:17.160",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10443.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10443.json
index fc1b21d0786..841d7eda32c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10443.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10443.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10443",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.370",
- "lastModified": "2023-02-04T00:12:51.180",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.823",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10444.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10444.json
index 8f30e68e32f..ee50709f10c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10444.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10444.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10444",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.447",
- "lastModified": "2019-10-18T20:27:12.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10445.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10445.json
index c96ce67586b..8a6adfce273 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10445.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10445.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10445",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.510",
- "lastModified": "2020-10-01T14:50:04.180",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:23.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10446.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10446.json
index b8e11362123..f823815379e 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10446.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10446.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10446",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.590",
- "lastModified": "2019-10-18T20:36:46.047",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.003",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10447.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10447.json
index 4eb2468ca71..39129416b6b 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10447.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10447.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10447",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.683",
- "lastModified": "2019-10-20T22:46:16.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.063",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10448.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10448.json
index 27587d5b1a8..02c536df5ec 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10448.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10448.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10448",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.777",
- "lastModified": "2019-10-18T20:28:22.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.127",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10449.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10449.json
index 133e8a1d357..677e041dd0b 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10449.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10449.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10449",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.887",
- "lastModified": "2019-10-18T21:01:35.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.197",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10450.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10450.json
index bb98dca51e3..03602ca46eb 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10450.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10450.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10450",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:12.963",
- "lastModified": "2019-10-18T20:47:09.670",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.257",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10451.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10451.json
index c179408baed..6fedf2f6ccd 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10451.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10451.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10451",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.043",
- "lastModified": "2019-10-22T17:22:13.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.317",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10452.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10452.json
index 96fd850e281..03376954d61 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10452.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10452.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10452",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.120",
- "lastModified": "2019-10-18T20:42:59.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10453.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10453.json
index 2f56add9dd1..877dd0fb53e 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10453.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10453.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10453",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.213",
- "lastModified": "2019-10-18T20:41:08.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10454.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10454.json
index 206eefb7b03..2c286c396bb 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10454.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10454.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10454",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.277",
- "lastModified": "2019-10-18T12:31:32.387",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.510",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10455.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10455.json
index bbcf4421b5b..40bea6f4624 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10455.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10455.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10455",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.370",
- "lastModified": "2020-10-01T15:38:10.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.570",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10456.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10456.json
index 24b297e0f6b..68e8cad6652 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10456.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10456.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10456",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.447",
- "lastModified": "2019-10-18T12:24:59.367",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.627",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10457.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10457.json
index 385c1dd08b7..4c11ae5642c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10457.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10457.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10457",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.527",
- "lastModified": "2020-10-01T15:38:02.077",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.683",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10458.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10458.json
index 462f0dda509..4947a5deef4 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10458.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10458.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10458",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-16T14:15:13.607",
- "lastModified": "2021-10-29T19:41:59.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.740",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-183"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10459.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10459.json
index 2be04868e5e..9321da723b8 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10459.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10459.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10459",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.300",
- "lastModified": "2019-10-25T15:28:29.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.807",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10460.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10460.json
index 0e79f1c65cb..7a058323d16 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10460.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10460.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10460",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.393",
- "lastModified": "2019-10-24T16:32:51.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10461.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10461.json
index f799365db36..24aa0f86ed9 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10461.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10461.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10461",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.457",
- "lastModified": "2019-10-24T17:04:36.620",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:24.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10462.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10462.json
index 2023029306d..33a31521a10 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10462.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10462.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10462",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.550",
- "lastModified": "2019-10-25T15:17:47.910",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10463.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10463.json
index ee100652fa1..21bdc30a5f8 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10463.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10463.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10463",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.627",
- "lastModified": "2019-10-25T15:07:01.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.063",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1483%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10464.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10464.json
index 21729a1ed10..54d228a6d99 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10464.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10464.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10464",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.690",
- "lastModified": "2019-10-24T17:08:10.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10465.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10465.json
index ea84439d2b3..590ddff0638 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10465.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10465.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10465",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.770",
- "lastModified": "2019-10-24T17:25:33.300",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10466.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10466.json
index c4d7c7505e3..7152cd05ade 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10466.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10466.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10466",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.830",
- "lastModified": "2019-10-25T14:59:42.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.247",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10467.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10467.json
index 90830c4581d..8d6ab7162fd 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10467.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10467.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10467",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.927",
- "lastModified": "2019-10-24T14:07:34.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.307",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10468.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10468.json
index c5450512d02..40dd3d9b67f 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10468.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10468.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10468",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:10.987",
- "lastModified": "2019-10-24T19:42:03.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.377",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10469.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10469.json
index ee1b3b17bdd..fb25f2152a2 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10469.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10469.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10469",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.067",
- "lastModified": "2019-10-24T19:23:14.340",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.440",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10470.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10470.json
index 6b72b2daa96..d14b50c1d8d 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10470.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10470.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10470",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.143",
- "lastModified": "2019-10-24T19:05:32.260",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.503",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1005%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10471.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10471.json
index a9ff17b5f90..9eafb7ffb74 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10471.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10471.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10471",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.223",
- "lastModified": "2019-10-24T17:15:19.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10472.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10472.json
index 345dcf0dbd7..4d6c7c20011 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10472.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10472.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10472",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.300",
- "lastModified": "2019-10-24T18:15:58.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.630",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10473.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10473.json
index 71789c4258c..4ad86ded69c 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10473.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10473.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10473",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.363",
- "lastModified": "2019-10-24T17:46:20.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1014%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10474.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10474.json
index 6c8e0a48426..aa957e2ba77 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10474.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10474.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10474",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.427",
- "lastModified": "2019-10-24T17:35:52.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10475.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10475.json
index bef51a352bb..dad39caaeee 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10475.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10475.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10475",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.487",
- "lastModified": "2023-01-27T18:04:01.513",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.820",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-104xx/CVE-2019-10476.json b/CVE-2019/CVE-2019-104xx/CVE-2019-10476.json
index bff7c7640e8..c44e24603fc 100644
--- a/CVE-2019/CVE-2019-104xx/CVE-2019-10476.json
+++ b/CVE-2019/CVE-2019-104xx/CVE-2019-10476.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-10476",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-10-23T13:15:11.550",
- "lastModified": "2019-10-24T14:48:30.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.880",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-139xx/CVE-2019-13990.json b/CVE-2019/CVE-2019-139xx/CVE-2019-13990.json
index 6a92d7fd373..742a45c8509 100644
--- a/CVE-2019/CVE-2019-139xx/CVE-2019-13990.json
+++ b/CVE-2019/CVE-2019-139xx/CVE-2019-13990.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-13990",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-07-26T19:15:11.730",
- "lastModified": "2023-03-03T15:22:57.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-28T06:15:39.563",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -418,6 +418,10 @@
}
],
"references": [
+ {
+ "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://github.com/quartz-scheduler/quartz/issues/467",
"source": "cve@mitre.org",
diff --git a/CVE-2019/CVE-2019-13xx/CVE-2019-1357.json b/CVE-2019/CVE-2019-13xx/CVE-2019-1357.json
index 2b54fa8aa37..ec80059550f 100644
--- a/CVE-2019/CVE-2019-13xx/CVE-2019-1357.json
+++ b/CVE-2019/CVE-2019-13xx/CVE-2019-1357.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-1357",
"sourceIdentifier": "secure@microsoft.com",
"published": "2019-10-10T14:15:17.860",
- "lastModified": "2019-10-11T20:22:12.070",
+ "lastModified": "2023-10-17T19:00:53.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -181,11 +181,6 @@
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
- {
- "vulnerable": false,
- "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "504D0038-4CFC-4CF6-A013-008B8F3F852E"
- },
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16538.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16538.json
index 177bd52af10..02f2c2512e0 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16538.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16538.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16538",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:13.947",
- "lastModified": "2020-07-13T15:47:49.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:25.950",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16539.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16539.json
index ee4af612f26..755bd532785 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16539.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16539.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16539",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.073",
- "lastModified": "2019-11-25T04:21:58.583",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.033",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-281"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16540.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16540.json
index f5e4d80b973..6c89438e9af 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16540.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16540.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16540",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.167",
- "lastModified": "2019-11-25T04:15:29.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.107",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16541.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16541.json
index 39ecde2ea51..aeaac16d9e6 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16541.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16541.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16541",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.260",
- "lastModified": "2019-12-03T17:36:49.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.167",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-668"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-668"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16542.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16542.json
index a50160702ed..f415a0260f1 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16542.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16542.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16542",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.323",
- "lastModified": "2019-12-03T17:31:03.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.230",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16543.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16543.json
index 26af15b3186..aefa9fa1939 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16543.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16543.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16543",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.417",
- "lastModified": "2019-12-03T17:22:50.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.293",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16544.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16544.json
index 60765e21248..d260b50854f 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16544.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16544.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16544",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.477",
- "lastModified": "2019-11-22T20:11:30.223",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.353",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-727%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-727%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16545.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16545.json
index 6f3cf738bf6..7e87c8a224c 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16545.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16545.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16545",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.540",
- "lastModified": "2021-10-28T13:53:59.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.423",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-727%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-11-21/#SECURITY-727%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16546.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16546.json
index f6a9f0f7370..31d96bec8bc 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16546.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16546.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16546",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.603",
- "lastModified": "2019-11-22T00:49:34.833",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-639"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-300"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16547.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16547.json
index f3738edcf14..5b7861651b6 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16547.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16547.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16547",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.667",
- "lastModified": "2020-10-09T13:14:24.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.563",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16548.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16548.json
index 861b44a3789..496ae93e673 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16548.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16548.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16548",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-11-21T15:15:14.727",
- "lastModified": "2019-11-22T00:38:05.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16549.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16549.json
index daa0a315551..05d0456acf0 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16549.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16549.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16549",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:14.787",
- "lastModified": "2020-01-03T16:03:35.593",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16550.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16550.json
index f9596db4c20..7c8246364be 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16550.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16550.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16550",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:15.147",
- "lastModified": "2020-01-03T16:20:02.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.777",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16551.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16551.json
index 0436b27c9a0..6d9865a7909 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16551.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16551.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16551",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:15.550",
- "lastModified": "2020-01-03T17:50:34.133",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.843",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16552.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16552.json
index 24cc79e64f8..739e0a5a32c 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16552.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16552.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16552",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:15.863",
- "lastModified": "2020-01-03T18:48:44.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.897",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16553.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16553.json
index 79d232bdc3e..feeef1750d5 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16553.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16553.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16553",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:16.160",
- "lastModified": "2020-01-03T18:59:47.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:26.957",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16554.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16554.json
index 92b994fb2d2..52bf7171efc 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16554.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16554.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16554",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:16.443",
- "lastModified": "2020-01-03T19:08:00.300",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16555.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16555.json
index 441c98bd8e4..69e84548645 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16555.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16555.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16555",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:16.707",
- "lastModified": "2020-01-03T19:20:09.490",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-400"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-400"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16556.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16556.json
index 728b5f6cb0a..3bf2b912c73 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16556.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16556.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16556",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:16.987",
- "lastModified": "2020-01-03T19:51:39.043",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.133",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16557.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16557.json
index 42893b410f5..8b6b9099dc1 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16557.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16557.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16557",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:17.397",
- "lastModified": "2020-01-03T20:03:30.527",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.197",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16558.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16558.json
index 7e669ba6439..b12a39381aa 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16558.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16558.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16558",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:17.800",
- "lastModified": "2020-01-03T19:54:52.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16559.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16559.json
index a75cb2d36b4..31642ee6bc1 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16559.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16559.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16559",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:18.223",
- "lastModified": "2020-01-03T17:25:08.267",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16560.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16560.json
index 9bd3a22db94..6308010d2b8 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16560.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16560.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16560",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:18.550",
- "lastModified": "2020-01-03T17:22:42.247",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16561.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16561.json
index 38e37314cf0..fb9e0096896 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16561.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16561.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16561",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:18.880",
- "lastModified": "2019-12-18T19:00:02.657",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16562.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16562.json
index 4e168ae4f28..e3a9fabb7c6 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16562.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16562.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16562",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:19.503",
- "lastModified": "2021-09-16T15:51:50.677",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.513",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16563.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16563.json
index 5ea1506e5b1..6b5ee486e23 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16563.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16563.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16563",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:19.753",
- "lastModified": "2019-12-18T19:12:19.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16564.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16564.json
index d73e646451b..9f1f400c41b 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16564.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16564.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16564",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:20.193",
- "lastModified": "2019-12-18T20:07:49.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16565.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16565.json
index 661b97590f6..4248ceed466 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16565.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16565.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16565",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:20.537",
- "lastModified": "2019-12-18T19:40:51.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.710",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16566.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16566.json
index 68034c91412..e93ce5527ae 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16566.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16566.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16566",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:20.880",
- "lastModified": "2020-10-05T15:28:40.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16567.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16567.json
index 59f91cf4330..a5b32f2c2c2 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16567.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16567.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16567",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:21.347",
- "lastModified": "2020-10-05T15:13:35.917",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.833",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1605%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16568.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16568.json
index 24e004789e7..fc518dfb8a6 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16568.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16568.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16568",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:21.597",
- "lastModified": "2019-12-18T20:03:08.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.897",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16569.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16569.json
index f6a78b51da4..ce18b00ef8b 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16569.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16569.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16569",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:22.083",
- "lastModified": "2019-12-31T15:19:09.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:27.957",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16570.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16570.json
index 5db476ff4eb..c597817bebc 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16570.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16570.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16570",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:22.410",
- "lastModified": "2019-12-18T19:21:21.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.027",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16571.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16571.json
index adfc0406a17..46ddd126d5d 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16571.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16571.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16571",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:22.800",
- "lastModified": "2020-10-05T15:09:32.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.087",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16572.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16572.json
index 76a92a39a2c..637b6eafe0e 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16572.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16572.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16572",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:23.240",
- "lastModified": "2019-12-18T19:20:27.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.150",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16573.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16573.json
index ded5739e325..c41213302e9 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16573.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16573.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16573",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:23.520",
- "lastModified": "2019-12-18T19:56:24.630",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16574.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16574.json
index 93f79d9e52f..3a12fa903f7 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16574.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16574.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16574",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:24.083",
- "lastModified": "2020-10-05T14:51:21.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.280",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16575.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16575.json
index 21efa0188e0..ee8e730a419 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16575.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16575.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16575",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:24.457",
- "lastModified": "2019-12-18T20:31:26.960",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.340",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-165xx/CVE-2019-16576.json b/CVE-2019/CVE-2019-165xx/CVE-2019-16576.json
index 84a295fc50a..d1ba1add0bc 100644
--- a/CVE-2019/CVE-2019-165xx/CVE-2019-16576.json
+++ b/CVE-2019/CVE-2019-165xx/CVE-2019-16576.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-16576",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2019-12-17T15:15:24.863",
- "lastModified": "2020-10-05T14:47:48.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.400",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-188xx/CVE-2019-18854.json b/CVE-2019/CVE-2019-188xx/CVE-2019-18854.json
index 1d998c3de97..5b63471e0e2 100644
--- a/CVE-2019/CVE-2019-188xx/CVE-2019-18854.json
+++ b/CVE-2019/CVE-2019-188xx/CVE-2019-18854.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-18854",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-11T15:15:12.313",
- "lastModified": "2019-11-12T17:27:06.767",
+ "lastModified": "2023-10-24T18:41:32.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:safe_svg_project:safe_svg:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:10up:safe_svg:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.4",
- "matchCriteriaId": "7B7D4D42-BFE5-4763-83CC-963CDB23EDD4"
+ "matchCriteriaId": "F4964893-4BF7-465E-AA2F-6DAE8A347984"
}
]
}
diff --git a/CVE-2019/CVE-2019-188xx/CVE-2019-18855.json b/CVE-2019/CVE-2019-188xx/CVE-2019-18855.json
index d85e6441a0e..2365996c492 100644
--- a/CVE-2019/CVE-2019-188xx/CVE-2019-18855.json
+++ b/CVE-2019/CVE-2019-188xx/CVE-2019-18855.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-18855",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-11T15:15:12.390",
- "lastModified": "2020-08-24T17:37:01.140",
+ "lastModified": "2023-10-24T18:41:32.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:safe_svg_project:safe_svg:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:10up:safe_svg:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.9.4",
- "matchCriteriaId": "7B7D4D42-BFE5-4763-83CC-963CDB23EDD4"
+ "matchCriteriaId": "F4964893-4BF7-465E-AA2F-6DAE8A347984"
}
]
}
diff --git a/CVE-2019/CVE-2019-199xx/CVE-2019-19912.json b/CVE-2019/CVE-2019-199xx/CVE-2019-19912.json
index 3e3b7ae94d9..98450230dd7 100644
--- a/CVE-2019/CVE-2019-199xx/CVE-2019-19912.json
+++ b/CVE-2019/CVE-2019-199xx/CVE-2019-19912.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-19912",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-30T22:15:13.853",
- "lastModified": "2020-03-31T14:42:28.083",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5",
- "matchCriteriaId": "CBA3FFC2-EB4A-49F0-B8CD-0838509BF983"
+ "matchCriteriaId": "EF349D26-233D-41A4-880C-9956F96735E0"
}
]
}
diff --git a/CVE-2019/CVE-2019-199xx/CVE-2019-19913.json b/CVE-2019/CVE-2019-199xx/CVE-2019-19913.json
index 37fd17fbd6f..1d2f88caa12 100644
--- a/CVE-2019/CVE-2019-199xx/CVE-2019-19913.json
+++ b/CVE-2019/CVE-2019-199xx/CVE-2019-19913.json
@@ -2,7 +2,7 @@
"id": "CVE-2019-19913",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-30T22:15:13.977",
- "lastModified": "2020-04-14T19:15:16.873",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5",
- "matchCriteriaId": "CBA3FFC2-EB4A-49F0-B8CD-0838509BF983"
+ "matchCriteriaId": "EF349D26-233D-41A4-880C-9956F96735E0"
}
]
}
diff --git a/CVE-2019/CVE-2019-206xx/CVE-2019-20636.json b/CVE-2019/CVE-2019-206xx/CVE-2019-20636.json
index 563dde2c3bc..59dc767fc84 100644
--- a/CVE-2019/CVE-2019-206xx/CVE-2019-20636.json
+++ b/CVE-2019/CVE-2019-206xx/CVE-2019-20636.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-20636",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-08T14:15:12.600",
- "lastModified": "2020-06-10T13:15:10.823",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:00:37.447",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -85,8 +85,138 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.16.83",
+ "matchCriteriaId": "C14B7F23-A015-486D-8F2C-72102CC22AA8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.17",
+ "versionEndExcluding": "4.4.210",
+ "matchCriteriaId": "CCF305A9-2B36-47C1-9483-5D0D79AAAA11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5",
+ "versionEndExcluding": "4.9.210",
+ "matchCriteriaId": "8F7DE47D-5081-4C9C-B39E-48F6B1D0AF43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.10",
+ "versionEndExcluding": "4.14.165",
+ "matchCriteriaId": "5C24DF72-54A9-4E0F-947F-406D5976C65A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.15",
+ "versionEndExcluding": "4.19.96",
+ "matchCriteriaId": "F9CE32D3-58DD-43FC-B9A9-3D218D2084E8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.12",
- "matchCriteriaId": "DE51CB48-9127-43B3-B48C-877FE4A131D5"
+ "matchCriteriaId": "81529934-E2E4-4EDA-8787-54E9CB8B046D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04FD1F9A-8F43-4509-9A49-714C54C4783C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C2934495-6D4D-4C21-89E3-A2414ABDD5CE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "504201E4-04CD-4224-9264-C1AEAD480E36"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h610c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4CE6E747-ED1F-4EE1-A4A5-69FB6FD21D81"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h610s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B023DB49-71F5-43CF-9558-CF721AEA4B91"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h615c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0A89CCC-1189-4190-A88B-A4EF42305A10"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDDA0D1D-3A1E-4CF5-BD6A-F05AE4E8CDDA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E64576DE-90F0-4F5E-9C82-AB745CFEDBB7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6415E28A-4EAC-4F7F-BD81-1A55CE8B6F40"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_a400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "18C138F0-706F-44A8-880E-133F66DE164A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_baseboard_management_controller_a220:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "49D2C8CB-0929-4E5E-AD54-0248B29754D7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_baseboard_management_controller_a320:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F7F428DC-28B9-463A-9479-D04FD265A300"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_baseboard_management_controller_a800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE354DF1-66D5-47C8-9D53-BB65995E3505"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:h:netapp:fas_baseboard_management_controller_c190:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A4E1ADC-AE6E-433F-89BE-A65978109C8B"
}
]
}
@@ -120,15 +250,26 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25070.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25070.json
index bc21e7187da..9f7ee88bb67 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25070.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25070.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25070",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-06-09T17:15:08.483",
- "lastModified": "2023-02-23T17:57:27.757",
+ "lastModified": "2023-10-29T02:38:07.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been rated as problematic. This issue affects some unknown processing of the file /wolfcms/?/admin/user/add of the component User Add. The manipulation of the argument name leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-135125 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
@@ -110,22 +110,22 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-80"
+ "value": "CWE-79"
}
]
},
{
- "source": "nvd@nist.gov",
+ "source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-79"
+ "value": "CWE-80"
}
]
}
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25093.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25093.json
index 09205492e1a..b70bc504bcc 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25093.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25093.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25093",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T11:15:10.760",
- "lastModified": "2023-01-09T18:25:03.190",
+ "lastModified": "2023-10-29T02:37:51.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in dragonexpert Recent Threads on Index. Affected is the function recentthread_list_threads of the file inc/plugins/recentthreads/hooks.php of the component Setting Handler. The manipulation of the argument recentthread_forumskip leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as 051465d807a8fcc6a8b0f4bcbb19299672399f48. It is recommended to apply a patch to fix this issue. VDB-217182 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -126,8 +126,7 @@
"url": "https://github.com/dragonexpert/recentthreads/commit/051465d807a8fcc6a8b0f4bcbb19299672399f48",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25094.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25094.json
index f98c893e8d2..6143f586609 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25094.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25094.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25094",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T10:15:10.300",
- "lastModified": "2023-01-10T17:31:20.633",
+ "lastModified": "2023-10-29T02:37:44.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The name of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.6 is able to address this issue. The identifier of the patch is 986d3cb34e5e086c6f04e061f600ffc5837abe7f. It is recommended to upgrade the affected component. The identifier VDB-217353 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/innologi/typo3-appointments/commit/986d3cb34e5e086c6f04e061f600ffc5837abe7f",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25095.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25095.json
index 6d16f5bebfe..3e07c348144 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25095.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25095.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25095",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T08:15:08.273",
- "lastModified": "2023-01-11T17:44:57.200",
+ "lastModified": "2023-10-29T02:37:34.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in kakwa LdapCherry up to 0.x. Affected is an unknown function of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 6f98076281e9452fdb1adcd1bcbb70a6f968ade9. It is recommended to upgrade the affected component. VDB-217434 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -126,8 +126,7 @@
"url": "https://github.com/kakwa/ldapcherry/commit/6f98076281e9452fdb1adcd1bcbb70a6f968ade9",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
@@ -135,8 +134,7 @@
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25096.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25096.json
index dcc2dac6e4c..ced7d8ba4be 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25096.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25096.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25096",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T08:15:08.510",
- "lastModified": "2023-01-11T17:51:25.817",
+ "lastModified": "2023-10-27T20:01:22.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435."
+ "value": "A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.1.13 is able to address this issue. The patch is named b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217435."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,16 +126,14 @@
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25098.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25098.json
index ebce613537e..8821a58daa9 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25098.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25098.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T08:15:08.673",
- "lastModified": "2023-01-11T18:17:29.510",
+ "lastModified": "2023-10-27T20:03:35.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The name of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability."
+ "value": "A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The identifier of the patch is b8fcb888f4ff5e171c16797a4b075c6c6f50bf46. It is recommended to upgrade the affected component. The identifier VDB-217437 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-22"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
}
],
"configurations": [
@@ -116,16 +126,14 @@
"url": "https://github.com/soerennb/extplorer/commit/b8fcb888f4ff5e171c16797a4b075c6c6f50bf46",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/soerennb/extplorer/releases/tag/v2.1.13",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2019/CVE-2019-250xx/CVE-2019-25099.json b/CVE-2019/CVE-2019-250xx/CVE-2019-25099.json
index 152fd5c2bfa..f01fb8d315c 100644
--- a/CVE-2019/CVE-2019-250xx/CVE-2019-25099.json
+++ b/CVE-2019/CVE-2019-250xx/CVE-2019-25099.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25099",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T13:15:09.927",
- "lastModified": "2023-01-12T15:32:54.390",
+ "lastModified": "2023-10-27T20:30:06.360",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-22"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
}
],
"configurations": [
@@ -116,8 +126,7 @@
"url": "https://github.com/Arthmoor/QSF-Portal/commit/ea4f61e23ecb83247d174bc2e2cbab521c751a7d",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25100.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25100.json
index 691c38a71fe..005081f5567 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25100.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25100.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T11:15:10.130",
- "lastModified": "2023-01-12T16:26:03.960",
+ "lastModified": "2023-10-27T20:28:32.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability."
+ "value": "A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The identifier of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,14 +126,14 @@
"url": "https://github.com/happyman/twmap/commit/babbec79b3fa4efb3bd581ea68af0528d11bba0c",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/happyman/twmap/issues/42",
"source": "cna@vuldb.com",
"tags": [
+ "Issue Tracking",
"Third Party Advisory"
]
},
@@ -131,8 +141,7 @@
"url": "https://github.com/happyman/twmap/releases/tag/v2.9_v4.31",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25101.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25101.json
index 69d1a78924d..f2fb9022e93 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25101.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25101.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25101",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-04T08:15:07.870",
- "lastModified": "2023-02-14T01:53:48.710",
+ "lastModified": "2023-10-27T20:14:06.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059."
+ "value": "A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The patch is named f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059."
}
],
"metrics": {
@@ -83,8 +83,18 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-436"
+ }
+ ]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25102.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25102.json
index 135a0a1b1e4..f469e8c4a19 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25102.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25102.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25102",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-12T14:15:11.003",
- "lastModified": "2023-02-22T13:45:42.820",
+ "lastModified": "2023-10-27T20:20:00.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The name of the patch is 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/:/:/:/:/:/:/:/:/ leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.6.1 is able to address this issue. The patch is identified as 015a719bf5cdc561feea05500ecb3274ef609cd2. It is recommended to upgrade the affected component. VDB-220638 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25103.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25103.json
index 8d1aaad0d9b..5eace37f32f 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25103.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25103.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-12T15:15:10.610",
- "lastModified": "2023-02-24T06:23:30.793",
+ "lastModified": "2023-10-27T20:20:26.023",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639."
+ "value": "A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The patch is named 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-1333"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1333"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25104.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25104.json
index 1af3666abcc..237f7a17b7c 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25104.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25104.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25104",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-20T18:15:10.387",
- "lastModified": "2023-03-03T15:27:56.210",
+ "lastModified": "2023-10-27T20:20:41.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The name of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in rtcwcoop 1.0.2 and classified as problematic. Affected by this vulnerability is the function AICast_ScriptLoad of the file code/game/ai_cast_script.c of the component Team Command Handler. The manipulation leads to denial of service. The identifier of the patch is f2cd18bc2e1cbca8c4b78bee9c392272bd5f42ac. It is recommended to apply a patch to fix this issue. The identifier VDB-221485 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2019/CVE-2019-251xx/CVE-2019-25105.json b/CVE-2019/CVE-2019-251xx/CVE-2019-25105.json
index 8abe56dca22..ce4b07b8502 100644
--- a/CVE-2019/CVE-2019-251xx/CVE-2019-25105.json
+++ b/CVE-2019/CVE-2019-251xx/CVE-2019-25105.json
@@ -2,12 +2,12 @@
"id": "CVE-2019-25105",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-26T08:15:09.547",
- "lastModified": "2023-03-07T19:08:35.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:08.580",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763."
+ "value": "A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763."
}
],
"metrics": {
diff --git a/CVE-2019/CVE-2019-91xx/CVE-2019-9199.json b/CVE-2019/CVE-2019-91xx/CVE-2019-9199.json
index c3e3165c0d7..6f587cb3917 100644
--- a/CVE-2019/CVE-2019-91xx/CVE-2019-9199.json
+++ b/CVE-2019/CVE-2019-91xx/CVE-2019-9199.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-9199",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-02-26T23:29:00.247",
- "lastModified": "2019-04-03T13:42:39.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T21:15:08.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -113,6 +113,14 @@
}
],
"references": [
+ {
+ "url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/",
"source": "cve@mitre.org",
diff --git a/CVE-2019/CVE-2019-95xx/CVE-2019-9514.json b/CVE-2019/CVE-2019-95xx/CVE-2019-9514.json
index aec2c0bfdef..949aba51a93 100644
--- a/CVE-2019/CVE-2019-95xx/CVE-2019-9514.json
+++ b/CVE-2019/CVE-2019-95xx/CVE-2019-9514.json
@@ -2,8 +2,8 @@
"id": "CVE-2019-9514",
"sourceIdentifier": "cret@cert.org",
"published": "2019-08-13T21:15:12.443",
- "lastModified": "2022-08-12T18:41:03.370",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-19T03:15:07.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -145,7 +145,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -177,7 +176,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -193,7 +191,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -219,7 +216,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -240,7 +236,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -288,7 +283,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -309,7 +303,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -330,7 +323,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -431,7 +423,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -447,7 +438,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -479,7 +469,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -500,7 +489,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -553,7 +541,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -672,6 +659,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8",
+ "source": "cret@cert.org"
+ },
{
"url": "https://access.redhat.com/errata/RHSA-2019:2594",
"source": "cret@cert.org",
diff --git a/CVE-2020/CVE-2020-107xx/CVE-2020-10753.json b/CVE-2020/CVE-2020-107xx/CVE-2020-10753.json
index aeb8797e168..42339b2b0fd 100644
--- a/CVE-2020/CVE-2020-107xx/CVE-2020-10753.json
+++ b/CVE-2020/CVE-2020-107xx/CVE-2020-10753.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-10753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-06-26T15:15:11.573",
- "lastModified": "2021-10-26T20:13:28.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:09.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -87,22 +87,22 @@
},
"weaknesses": [
{
- "source": "secalert@redhat.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-113"
+ "value": "CWE-74"
}
]
},
{
- "source": "nvd@nist.gov",
+ "source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-74"
+ "value": "CWE-113"
}
]
}
@@ -226,6 +226,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFU7LXEL2UZE565FJBTY7UGH2O7ZUBVS/",
"source": "secalert@redhat.com",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11017.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11017.json
index 911380c9a86..514e2f0630b 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11017.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11017.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11017",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T16:15:09.993",
- "lastModified": "2023-10-07T21:15:11.420",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:19.213",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -156,7 +171,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11018.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11018.json
index da1ec1df5b3..f0d16d8050e 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11018.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11018.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11018",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T17:15:11.523",
- "lastModified": "2023-10-07T21:15:11.587",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:22.383",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -156,7 +171,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11019.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11019.json
index 7ae69ca67dc..8c5be3218a5 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11019.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11019.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11019",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T19:15:10.233",
- "lastModified": "2023-10-07T21:15:11.690",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:25.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -156,7 +171,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11038.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11038.json
index 7ceb2f22134..a791195b4d2 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11038.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11038.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11038",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T19:15:10.310",
- "lastModified": "2023-10-07T21:15:11.797",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:29.087",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -156,7 +171,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11039.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11039.json
index 096aa65837d..bd8333781a4 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11039.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11039.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11039",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T19:15:10.390",
- "lastModified": "2023-10-07T21:15:11.927",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:30:22.390",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -155,7 +170,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11040.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11040.json
index effb1849595..fc70dc665e1 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11040.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11040.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11040",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.500",
- "lastModified": "2023-10-07T21:15:12.057",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:30:28.230",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -155,7 +170,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11041.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11041.json
index 5b90ddf6ffd..4361f8cf993 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11041.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11041.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11041",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T19:15:10.497",
- "lastModified": "2023-10-07T21:15:12.160",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:30:25.283",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -155,7 +170,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11042.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11042.json
index 43d181f2674..2f984bf0158 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11042.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11042.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11042",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T19:15:11.673",
- "lastModified": "2023-10-07T21:15:12.263",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:04:40.737",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -133,6 +133,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -202,7 +207,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11043.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11043.json
index 41c1971a827..53026a8bd53 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11043.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11043.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11043",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.577",
- "lastModified": "2023-10-07T21:15:12.403",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:30:31.093",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -156,7 +171,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11044.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11044.json
index 7e6e4b6de7b..e6dac4f26c3 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11044.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11044.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11044",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T19:15:11.720",
- "lastModified": "2023-10-07T21:15:12.507",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:06:05.697",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -151,6 +151,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -179,7 +194,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11045.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11045.json
index c13991dcb38..e9d42723db3 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11045.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11045.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11045",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T19:15:11.783",
- "lastModified": "2023-10-07T21:15:12.620",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:06:09.040",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -133,6 +133,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -202,7 +207,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11046.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11046.json
index 1eaec718a81..3d87f277c71 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11046.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11046.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11046",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T19:15:11.843",
- "lastModified": "2023-10-07T21:15:12.727",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:06:52.900",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,8 +136,8 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -163,6 +163,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -202,7 +207,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11047.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11047.json
index 3e3f328000a..2cfcb5bf008 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11047.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11047.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11047",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T20:15:12.127",
- "lastModified": "2023-10-07T21:15:12.833",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:03:09.627",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -131,8 +131,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -147,6 +147,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -175,7 +190,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11048.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11048.json
index f7a40c4b739..84467a1895d 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11048.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11048.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11048",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T20:15:12.190",
- "lastModified": "2023-10-07T21:15:12.943",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:03:44.663",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,8 +136,8 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -163,6 +163,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -202,7 +207,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11049.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11049.json
index adb6912b8d4..053bb9991f2 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11049.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11049.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11049",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T20:15:12.237",
- "lastModified": "2023-10-07T21:15:13.057",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:03:47.923",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,8 +136,8 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -152,6 +152,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -188,7 +203,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11058.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11058.json
index 53aa3c01552..caa987a271e 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11058.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11058.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11058",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-12T21:15:11.383",
- "lastModified": "2023-10-07T21:15:13.173",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:03:51.260",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,8 +136,8 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -152,6 +152,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -187,7 +207,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11085.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11085.json
index 09e383fc194..17ab3cb9e00 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11085.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11085.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11085",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.670",
- "lastModified": "2023-10-07T21:15:13.290",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:30:34.303",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -164,7 +179,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11086.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11086.json
index de3e476e86c..2cb90ce458e 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11086.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11086.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11086",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.767",
- "lastModified": "2023-10-07T21:15:13.407",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:24:27.183",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -164,7 +179,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11087.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11087.json
index f4cc6b98350..95701b39b4d 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11087.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11087.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11087",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.843",
- "lastModified": "2023-10-07T21:15:13.517",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:58.073",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -164,7 +179,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11088.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11088.json
index 3e6a60c671a..6f98af42d9e 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11088.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11088.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11088",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:10.937",
- "lastModified": "2023-10-07T21:15:13.617",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:54.480",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -162,7 +177,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11089.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11089.json
index 4925e87ed03..b9554eb11b8 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11089.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11089.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11089",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-29T20:15:11.017",
- "lastModified": "2023-10-07T21:15:13.713",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:50.217",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -136,6 +136,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -171,7 +186,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11095.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11095.json
index 10966525f2f..f1be91bb0ef 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11095.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11095.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11095",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:11.913",
- "lastModified": "2023-10-07T21:15:13.810",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:28.160",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -155,8 +155,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -166,6 +166,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -201,7 +216,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11096.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11096.json
index 2a1f9b921bd..fb4d9bbfce3 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11096.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11096.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11096",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:12.007",
- "lastModified": "2023-10-07T21:15:13.937",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:24.617",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -155,8 +155,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -166,6 +166,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -202,7 +217,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11097.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11097.json
index d178c9f6674..79d4014bec5 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11097.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11097.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11097",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:12.103",
- "lastModified": "2023-10-07T21:15:14.067",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:38:20.520",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -155,8 +155,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -166,6 +166,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -201,7 +216,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11098.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11098.json
index fa86874388b..14944dff00c 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11098.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11098.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11098",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:12.180",
- "lastModified": "2023-10-07T21:15:14.173",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:27:19.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -165,8 +165,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -176,6 +176,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -212,7 +227,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-110xx/CVE-2020-11099.json b/CVE-2020/CVE-2020-110xx/CVE-2020-11099.json
index 52e11899b49..77da4523f41 100644
--- a/CVE-2020/CVE-2020-110xx/CVE-2020-11099.json
+++ b/CVE-2020/CVE-2020-110xx/CVE-2020-11099.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-11099",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:12.273",
- "lastModified": "2023-10-07T21:15:14.277",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:27:16.317",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -155,8 +155,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -166,6 +166,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -201,7 +216,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-120xx/CVE-2020-12059.json b/CVE-2020/CVE-2020-120xx/CVE-2020-12059.json
index 2686b69aeb6..c5068490e25 100644
--- a/CVE-2020/CVE-2020-120xx/CVE-2020-12059.json
+++ b/CVE-2020/CVE-2020-120xx/CVE-2020-12059.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-12059",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-04-22T13:15:11.337",
- "lastModified": "2023-01-20T18:33:16.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:09.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -131,6 +131,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://tracker.ceph.com/issues/44967",
"source": "cve@mitre.org",
diff --git a/CVE-2020/CVE-2020-133xx/CVE-2020-13396.json b/CVE-2020/CVE-2020-133xx/CVE-2020-13396.json
index b5fb1bac7df..0f3b1c981b1 100644
--- a/CVE-2020/CVE-2020-133xx/CVE-2020-13396.json
+++ b/CVE-2020/CVE-2020-133xx/CVE-2020-13396.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-13396",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-05-22T18:15:11.677",
- "lastModified": "2023-10-07T21:15:14.397",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:23:04.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -100,13 +100,13 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -123,6 +123,11 @@
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
@@ -173,7 +178,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-133xx/CVE-2020-13397.json b/CVE-2020/CVE-2020-133xx/CVE-2020-13397.json
index 5df15ad92ef..03f2b66f969 100644
--- a/CVE-2020/CVE-2020-133xx/CVE-2020-13397.json
+++ b/CVE-2020/CVE-2020-133xx/CVE-2020-13397.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-13397",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-05-22T18:15:11.737",
- "lastModified": "2023-10-07T21:15:14.513",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:10.777",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -100,13 +100,13 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -123,6 +123,11 @@
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
@@ -173,7 +178,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-133xx/CVE-2020-13398.json b/CVE-2020/CVE-2020-133xx/CVE-2020-13398.json
index 6d37ad35675..8d1ed4324c0 100644
--- a/CVE-2020/CVE-2020-133xx/CVE-2020-13398.json
+++ b/CVE-2020/CVE-2020-133xx/CVE-2020-13398.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-13398",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-05-22T18:15:11.833",
- "lastModified": "2023-10-07T21:15:14.607",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T15:31:16.180",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -100,13 +100,13 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -123,6 +123,11 @@
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
},
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
@@ -173,7 +178,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://usn.ubuntu.com/4379-1/",
diff --git a/CVE-2020/CVE-2020-151xx/CVE-2020-15103.json b/CVE-2020/CVE-2020-151xx/CVE-2020-15103.json
index 1fdf67c1c62..5c6241127e5 100644
--- a/CVE-2020/CVE-2020-151xx/CVE-2020-15103.json
+++ b/CVE-2020/CVE-2020-151xx/CVE-2020-15103.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-15103",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-07-27T18:15:13.903",
- "lastModified": "2023-10-07T21:15:14.697",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:26:33.053",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -165,8 +165,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -176,6 +176,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -212,7 +227,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-174xx/CVE-2020-17477.json b/CVE-2020/CVE-2020-174xx/CVE-2020-17477.json
new file mode 100644
index 00000000000..5d73c918516
--- /dev/null
+++ b/CVE-2020/CVE-2020-174xx/CVE-2020-17477.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2020-17477",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T13:15:09.293",
+ "lastModified": "2023-10-26T15:32:27.440",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash."
+ },
+ {
+ "lang": "es",
+ "value": "Las ACL de LDAP incorrectas en ucs-school-ldap-acls-master en UCS@school antes de 4.4v5-errata permiten a los profesores, el personal y los administradores escolares remotos leer hashes de contrase\u00f1as LDAP (sambaNTPassword, krb5Key, sambaPasswordHistory y pwhistory) a trav\u00e9s de solicitudes de b\u00fasqueda LDAP. Por ejemplo, un profesor puede obtener acceso de administrador mediante un hash NTLM."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://forge.univention.org/bugzilla/show_bug.cgi?id=50669",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-17xx/CVE-2020-1700.json b/CVE-2020/CVE-2020-17xx/CVE-2020-1700.json
index c5cf34f6fa0..caa813b6e70 100644
--- a/CVE-2020/CVE-2020-17xx/CVE-2020-1700.json
+++ b/CVE-2020/CVE-2020-17xx/CVE-2020-1700.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-1700",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-02-07T21:15:10.433",
- "lastModified": "2022-01-01T19:57:19.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:09.963",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -191,6 +191,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://usn.ubuntu.com/4304-1/",
"source": "secalert@redhat.com",
diff --git a/CVE-2020/CVE-2020-17xx/CVE-2020-1760.json b/CVE-2020/CVE-2020-17xx/CVE-2020-1760.json
index afea7bb12ad..15d0b407345 100644
--- a/CVE-2020/CVE-2020-17xx/CVE-2020-1760.json
+++ b/CVE-2020/CVE-2020-17xx/CVE-2020-1760.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-1760",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-04-23T15:15:14.607",
- "lastModified": "2021-09-16T15:46:07.160",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.070",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,7 @@
},
"weaknesses": [
{
- "source": "secalert@redhat.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -97,7 +97,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@@ -217,6 +217,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3A2UFR5IUIEXJUCF64GQ5OVLCZGODXE/",
"source": "secalert@redhat.com",
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19185.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19185.json
index e103fdc4e3c..94adfb37dd5 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19185.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19185.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19185",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:57.233",
- "lastModified": "2023-10-06T15:15:12.147",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:07:46.990",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,7 +89,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19186.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19186.json
index 5b055dff39b..3ac0e1ce755 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19186.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19186.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19186",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:58.247",
- "lastModified": "2023-10-06T15:15:12.233",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:09:02.453",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,7 +89,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19187.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19187.json
index e3e7b6ce3d7..11f6bc20d79 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19187.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19187.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19187",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:59.317",
- "lastModified": "2023-10-06T15:15:12.297",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:09:22.640",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,7 +89,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19188.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19188.json
index 928d98aa21b..cb133d144ac 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19188.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19188.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:00.380",
- "lastModified": "2023-10-06T15:15:12.367",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:11:19.547",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,7 +89,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19189.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19189.json
index 2c6076c0570..bbdca09a7fd 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19189.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19189.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19189",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:01.020",
- "lastModified": "2023-10-06T15:15:12.440",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:21:18.277",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,36 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,11 +104,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-191xx/CVE-2020-19190.json b/CVE-2020/CVE-2020-191xx/CVE-2020-19190.json
index cd747288698..6c186cd0db4 100644
--- a/CVE-2020/CVE-2020-191xx/CVE-2020-19190.json
+++ b/CVE-2020/CVE-2020-191xx/CVE-2020-19190.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-19190",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:01.803",
- "lastModified": "2023-10-06T15:15:12.517",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:11:51.893",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,6 +61,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -74,7 +89,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0005/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-197xx/CVE-2020-19752.json b/CVE-2020/CVE-2020-197xx/CVE-2020-19752.json
index 5d0fb11493a..9087fbfcd2e 100644
--- a/CVE-2020/CVE-2020-197xx/CVE-2020-19752.json
+++ b/CVE-2020/CVE-2020-197xx/CVE-2020-19752.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-19752",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-09-07T20:15:07.510",
- "lastModified": "2021-12-02T20:42:33.297",
+ "lastModified": "2023-10-24T16:06:23.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gifsicle_project:gifsicle:1.92:*:*:*:*:*:*:*",
- "matchCriteriaId": "0B2471C6-EA45-4BAA-91FF-E7A4C366390B"
+ "criteria": "cpe:2.3:a:lcdf:gifsicle:1.92:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D5C85CFB-9F07-4835-8D51-65C78293DF19"
}
]
}
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2090.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2090.json
index 3f632becbe7..8070bd079b1 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2090.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2090.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2090",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.260",
- "lastModified": "2020-01-17T21:37:47.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2091.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2091.json
index 94ab203eda0..a36488eef22 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2091.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2091.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2091",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.370",
- "lastModified": "2022-11-08T02:51:32.737",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2092.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2092.json
index fa2002e1502..2f4cb8a338e 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2092.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2092.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2092",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.447",
- "lastModified": "2020-01-22T18:23:10.837",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.657",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2093.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2093.json
index d1fe739e39d..74b15ed81f6 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2093.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2093.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2093",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.557",
- "lastModified": "2020-01-22T19:01:57.003",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.727",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2094.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2094.json
index a0eb9e0bcad..938ccd8f500 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2094.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2094.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2094",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.683",
- "lastModified": "2022-10-17T19:26:25.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.790",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2095.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2095.json
index 0040280cf1a..d2ccb9669a5 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2095.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2095.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2095",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.760",
- "lastModified": "2022-04-25T17:36:54.787",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.863",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2096.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2096.json
index c56483d2d0c..4b7195baa40 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2096.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2096.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2096",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.853",
- "lastModified": "2020-01-21T21:53:57.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.930",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2097.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2097.json
index 07c20c50f97..c056d8aa780 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2097.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2097.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2097",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:14.947",
- "lastModified": "2020-01-23T18:15:19.257",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:28.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2098.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2098.json
index 5641b01055a..3e8264b942e 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2098.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2098.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2098",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-15T16:15:15.073",
- "lastModified": "2020-01-22T20:50:04.203",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.053",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-20xx/CVE-2020-2099.json b/CVE-2020/CVE-2020-20xx/CVE-2020-2099.json
index c9234a6b6fd..6f32aa87f6d 100644
--- a/CVE-2020/CVE-2020-20xx/CVE-2020-2099.json
+++ b/CVE-2020/CVE-2020-20xx/CVE-2020-2099.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2099",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.037",
- "lastModified": "2020-03-17T04:15:13.960",
+ "lastModified": "2023-10-25T18:16:29.113",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-330"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-323"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2100.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2100.json
index 6f779c82462..bc1ea6dca53 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2100.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2100.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2100",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.130",
- "lastModified": "2020-03-17T04:15:18.507",
+ "lastModified": "2023-10-25T18:16:29.210",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-406"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2101.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2101.json
index 8c33daacef8..5a9f43e4d54 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2101.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2101.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2101",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.240",
- "lastModified": "2020-03-17T04:15:19.087",
+ "lastModified": "2023-10-25T18:16:29.290",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2102.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2102.json
index 9035ea3ebe4..eed2b0d6519 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2102.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2102.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2102",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.303",
- "lastModified": "2020-03-17T04:15:19.680",
+ "lastModified": "2023-10-25T18:16:29.380",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2103.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2103.json
index bff38820969..57bf69c78df 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2103.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2103.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2103",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.380",
- "lastModified": "2020-03-17T04:15:19.867",
+ "lastModified": "2023-10-25T18:16:29.450",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-200"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2104.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2104.json
index 46038883a5c..47af74c3b8e 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2104.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2104.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2104",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.427",
- "lastModified": "2020-03-17T04:15:20.320",
+ "lastModified": "2023-10-25T18:16:29.520",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2105.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2105.json
index 54226f9b267..2e16e366c2f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2105.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2105.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2105",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.507",
- "lastModified": "2020-03-17T04:15:20.540",
+ "lastModified": "2023-10-25T18:16:29.593",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-1021"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-1021"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2106.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2106.json
index 95dda05a253..6895bb16966 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2106.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2106.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2106",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.630",
- "lastModified": "2020-01-30T15:59:05.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2107.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2107.json
index bee9c714642..0c8d704cfa4 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2107.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2107.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2107",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.693",
- "lastModified": "2020-01-30T18:12:41.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2108.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2108.json
index ecb3e127505..e27b0144465 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2108.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2108.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2108",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-01-29T16:15:12.787",
- "lastModified": "2020-01-30T17:56:16.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.803",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2109.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2109.json
index f6c05e3715f..d79d5792fce 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2109.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2109.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2109",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.430",
- "lastModified": "2020-07-13T15:51:37.160",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.873",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2110.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2110.json
index b171d6d664b..21f079f5ecb 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2110.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2110.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2110",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.507",
- "lastModified": "2020-07-13T15:56:37.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:29.957",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-265"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2111.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2111.json
index ee53d562ce9..158f21a8d36 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2111.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2111.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2111",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.617",
- "lastModified": "2020-02-14T16:25:50.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.023",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2112.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2112.json
index 852836337e1..d1c0a737fcb 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2112.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2112.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2112",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.710",
- "lastModified": "2020-02-14T17:31:12.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.097",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2113.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2113.json
index 181a68aa20b..6695724c546 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2113.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2113.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2113",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.820",
- "lastModified": "2020-02-14T17:32:53.537",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.167",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2114.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2114.json
index ed2716da68e..2e252f35a43 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2114.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2114.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2114",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:12.883",
- "lastModified": "2020-02-14T17:34:51.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.233",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2115.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2115.json
index decbd3cd104..96fd5c424ee 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2115.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2115.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2115",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.023",
- "lastModified": "2020-02-14T17:38:18.470",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2116.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2116.json
index 2e013bc5017..adee3904250 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2116.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2116.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2116",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.147",
- "lastModified": "2020-02-14T17:30:00.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.360",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2117.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2117.json
index 6a36001645c..89b3d9f45b8 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2117.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2117.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2117",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.243",
- "lastModified": "2022-07-23T16:38:21.433",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.427",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2118.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2118.json
index a54f0f67ab5..8e0cb9367c6 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2118.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2118.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2118",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.367",
- "lastModified": "2022-07-23T16:37:11.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.497",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-02-12/#SECURITY-812%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2119.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2119.json
index 61a32bd5f31..70c8e4e3280 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2119.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2119.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2119",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.430",
- "lastModified": "2020-02-14T18:34:44.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2120.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2120.json
index 6d9cbbae88d..ee4c49d3b18 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2120.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2120.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2120",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.540",
- "lastModified": "2020-02-14T18:36:07.090",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.610",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2121.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2121.json
index da4dc6a0788..0be4c1b00f4 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2121.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2121.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2121",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.633",
- "lastModified": "2020-02-14T18:44:23.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.670",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2122.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2122.json
index 0ff437e64d8..091376794d1 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2122.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2122.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2122",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.743",
- "lastModified": "2020-02-14T18:48:33.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2123.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2123.json
index 994f51699cb..62cde977ec3 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2123.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2123.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2123",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.820",
- "lastModified": "2020-02-14T15:15:25.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2124.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2124.json
index 34aaa9aafa0..e514586ab43 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2124.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2124.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2124",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.883",
- "lastModified": "2020-02-13T21:57:07.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.853",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2125.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2125.json
index af3a68fa4fe..e9e21da9d2e 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2125.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2125.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2125",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:13.977",
- "lastModified": "2020-02-13T22:12:32.057",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:30.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2126.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2126.json
index 0069aa17dfe..e8c89653a68 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2126.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2126.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2126",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.040",
- "lastModified": "2020-02-13T22:09:34.190",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.013",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2127.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2127.json
index 42b05df623d..577a3c367df 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2127.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2127.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2127",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.117",
- "lastModified": "2020-02-14T14:38:47.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.080",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2128.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2128.json
index 9067c05c9ed..dbbd793ae86 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2128.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2128.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2128",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.197",
- "lastModified": "2020-02-14T14:34:08.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.147",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2129.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2129.json
index c83cacbbc1c..44fe517ce80 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2129.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2129.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2129",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.290",
- "lastModified": "2020-02-14T16:28:19.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2130.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2130.json
index 59bb5a70aeb..b83a1ad987f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2130.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2130.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2130",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.397",
- "lastModified": "2020-02-14T16:23:21.313",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2131.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2131.json
index d5f318463ae..7e617b317c3 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2131.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2131.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2131",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.460",
- "lastModified": "2020-02-14T16:21:53.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2132.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2132.json
index e92eaef42f6..94a23a61b2d 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2132.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2132.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2132",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.570",
- "lastModified": "2020-02-14T15:37:34.150",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.380",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2133.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2133.json
index 6939570b2f2..1f59be1d3f3 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2133.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2133.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2133",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-02-12T15:15:14.633",
- "lastModified": "2020-02-14T15:34:07.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.440",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2134.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2134.json
index 2d7143bfdbf..9ab4a3ae369 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2134.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2134.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2134",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:12.623",
- "lastModified": "2020-03-10T14:29:48.270",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.497",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2135.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2135.json
index 472d4ee33b3..eb8eb6e95f9 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2135.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2135.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2135",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:12.703",
- "lastModified": "2020-03-10T14:29:14.847",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.580",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2136.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2136.json
index a69cb9c5699..5f96f7e7baf 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2136.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2136.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2136",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:12.797",
- "lastModified": "2020-03-09T20:04:46.857",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.637",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2137.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2137.json
index ddf4cff37ce..9ac269c1136 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2137.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2137.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2137",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:12.890",
- "lastModified": "2020-03-09T19:19:46.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2138.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2138.json
index 5c33f51ae7c..e7823894659 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2138.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2138.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2138",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:12.967",
- "lastModified": "2020-03-10T13:22:31.270",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.760",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2139.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2139.json
index 96f40638367..f54135b5c10 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2139.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2139.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2139",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.077",
- "lastModified": "2020-03-09T19:33:02.100",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.820",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2140.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2140.json
index 396b70d60c4..3cd14fc7a8c 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2140.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2140.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2140",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.157",
- "lastModified": "2020-03-09T19:11:50.730",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.880",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2141.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2141.json
index e3c74cd7fb8..f1afb7b8044 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2141.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2141.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2141",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.250",
- "lastModified": "2020-03-09T19:34:11.010",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:31.937",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2142.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2142.json
index 377ce746782..b6f45003a95 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2142.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2142.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2142",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.343",
- "lastModified": "2020-03-09T19:45:45.357",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.003",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2143.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2143.json
index a420cfe1387..52f4b7d1c2d 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2143.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2143.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2143",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.420",
- "lastModified": "2020-03-09T18:37:37.010",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.063",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2144.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2144.json
index 56b59c022a7..1a7d5adc58f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2144.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2144.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2144",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.547",
- "lastModified": "2020-03-10T17:51:36.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2145.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2145.json
index 4413380cf71..aeff454d9af 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2145.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2145.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2145",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.640",
- "lastModified": "2020-03-10T14:56:19.737",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.183",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2146.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2146.json
index 1408395b60b..adf01660141 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2146.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2146.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2146",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.717",
- "lastModified": "2020-03-09T19:55:53.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.253",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-347"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-300"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2147.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2147.json
index 4c777c9948e..7d488427d64 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2147.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2147.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2147",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.827",
- "lastModified": "2020-03-09T19:56:27.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.317",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2148.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2148.json
index 9e539281ab3..bd4fea6f036 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2148.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2148.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2148",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:13.937",
- "lastModified": "2020-03-09T19:58:49.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.373",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2149.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2149.json
index 3a9554f085e..8991460fadf 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2149.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2149.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2149",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.017",
- "lastModified": "2020-03-09T18:42:10.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.433",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2150.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2150.json
index a15d0f14caf..a318803dc52 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2150.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2150.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2150",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.233",
- "lastModified": "2020-03-09T18:43:13.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.500",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2151.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2151.json
index d37722ca029..58e0fc7e710 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2151.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2151.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2151",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.467",
- "lastModified": "2020-03-09T18:45:08.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2152.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2152.json
index fdfd1ca1006..544f9e20b28 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2152.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2152.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2152",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.547",
- "lastModified": "2022-10-07T13:47:53.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2153.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2153.json
index ffe17222018..3b6ee04d2ef 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2153.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2153.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2153",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.670",
- "lastModified": "2020-03-11T18:41:39.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.693",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2154.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2154.json
index 77181af4706..52d6a1a6f8f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2154.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2154.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2154",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.767",
- "lastModified": "2020-03-09T19:13:20.157",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.767",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2155.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2155.json
index 1a27b3ecf71..32e121bbf56 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2155.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2155.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2155",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.863",
- "lastModified": "2020-03-09T18:51:05.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.820",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2156.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2156.json
index b16e1384081..c157dd402c6 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2156.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2156.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2156",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:14.967",
- "lastModified": "2020-03-09T18:46:02.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2157.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2157.json
index d1d5e8dbeb2..5544089817d 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2157.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2157.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2157",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:15.063",
- "lastModified": "2020-03-09T18:38:48.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.940",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2158.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2158.json
index 0229be05bc8..999c984c813 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2158.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2158.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2158",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:15.140",
- "lastModified": "2020-03-09T20:02:42.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:32.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2159.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2159.json
index 73ef4246e20..1c19360b072 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2159.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2159.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2159",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-09T16:15:15.343",
- "lastModified": "2022-10-07T13:58:26.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2160.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2160.json
index 88d18cfea7f..46fdd51b413 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2160.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2160.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2160",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:14.907",
- "lastModified": "2020-03-30T19:37:40.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.120",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-435"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2161.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2161.json
index e871b936dc5..d9f5959d0f2 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2161.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2161.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2161",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.000",
- "lastModified": "2020-03-30T19:35:32.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.197",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2162.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2162.json
index d2c5bf102e3..9b85b7cf1bc 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2162.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2162.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2162",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.093",
- "lastModified": "2020-03-27T16:37:36.740",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.277",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2163.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2163.json
index 326c7cb6f01..98364a49034 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2163.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2163.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2163",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.203",
- "lastModified": "2020-03-27T16:38:30.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.337",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2164.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2164.json
index 9b921512456..9c32e70a35b 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2164.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2164.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2164",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.280",
- "lastModified": "2020-03-27T20:23:52.563",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.427",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-312"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2165.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2165.json
index 64dcf8c4c1a..29bb3ea357f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2165.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2165.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2165",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.390",
- "lastModified": "2020-03-27T20:01:31.537",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.500",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-03-25/#SECURITY-1542%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2166.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2166.json
index 654267e0190..32b0fa26a2f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2166.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2166.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2166",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.467",
- "lastModified": "2020-03-30T13:49:44.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2167.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2167.json
index f0fbd244ff7..1e2c18db989 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2167.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2167.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2167",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.560",
- "lastModified": "2020-03-30T13:46:57.363",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.627",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2168.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2168.json
index bbc49f740f2..a71550670fe 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2168.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2168.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2168",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.657",
- "lastModified": "2020-03-30T13:39:31.047",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.723",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2169.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2169.json
index 319d96a7b5e..459fc065932 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2169.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2169.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2169",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.763",
- "lastModified": "2020-03-27T20:30:01.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2170.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2170.json
index d60f1fcc7c4..77b4894a8f5 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2170.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2170.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2170",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.843",
- "lastModified": "2020-03-27T20:17:59.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.903",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2171.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2171.json
index 471e861d71b..45f55916166 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2171.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2171.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2171",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-03-25T17:15:15.953",
- "lastModified": "2020-03-30T13:33:44.903",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:33.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2172.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2172.json
index 2c5ab3695db..cd93224c542 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2172.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2172.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2172",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-07T13:15:13.493",
- "lastModified": "2020-04-07T16:15:18.167",
+ "lastModified": "2023-10-25T18:16:34.043",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-776"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2173.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2173.json
index 62579d431cc..b308bf0099e 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2173.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2173.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2173",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-07T13:15:13.633",
- "lastModified": "2020-04-07T16:15:18.243",
+ "lastModified": "2023-10-25T18:16:34.127",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2174.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2174.json
index c7c81016a29..3dff2012705 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2174.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2174.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2174",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-07T13:15:13.727",
- "lastModified": "2020-04-07T16:15:18.323",
+ "lastModified": "2023-10-25T18:16:34.217",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2175.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2175.json
index e6f4db17027..7eca796f718 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2175.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2175.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2175",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-07T13:15:13.777",
- "lastModified": "2020-04-07T16:15:18.387",
+ "lastModified": "2023-10-25T18:16:34.283",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2176.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2176.json
index 3ccdb06d946..e887ea0540a 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2176.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2176.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-2176",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-07T13:15:13.853",
- "lastModified": "2020-04-07T16:15:18.480",
+ "lastModified": "2023-10-25T18:16:34.340",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2177.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2177.json
index 17cf0b73792..d5f55f94875 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2177.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2177.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2177",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-16T19:15:28.353",
- "lastModified": "2020-04-29T13:38:40.140",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.403",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2178.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2178.json
index 18dd503d230..22641d8a31f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2178.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2178.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2178",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-16T19:15:28.417",
- "lastModified": "2020-04-27T18:45:33.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2179.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2179.json
index 5996de8cb80..d4157725722 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2179.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2179.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2179",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-16T19:15:28.493",
- "lastModified": "2020-04-27T19:36:46.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.547",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2180.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2180.json
index bdb39eca3f2..1e8f84914be 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2180.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2180.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2180",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-04-16T19:15:28.573",
- "lastModified": "2020-04-28T15:58:58.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.603",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2181.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2181.json
index 8dfdc56c486..f1605c4a69d 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2181.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2181.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2181",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.103",
- "lastModified": "2020-05-11T20:44:09.543",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.663",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2182.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2182.json
index a235c74f13a..c26db7ffa58 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2182.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2182.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2182",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.180",
- "lastModified": "2020-05-11T20:36:59.983",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.737",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2183.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2183.json
index 9d489fd5766..29a9584b264 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2183.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2183.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2183",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.243",
- "lastModified": "2020-05-11T20:17:48.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2184.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2184.json
index a3850f52cdb..dd51e10e8b2 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2184.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2184.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2184",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.307",
- "lastModified": "2020-05-11T15:03:51.753",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.870",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2185.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2185.json
index bd207223650..8f3dc2c5a44 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2185.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2185.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2185",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.367",
- "lastModified": "2020-05-11T15:03:50.503",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-300"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2186.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2186.json
index de8869ec5e3..1fdc117fbf6 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2186.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2186.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2186",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.430",
- "lastModified": "2020-05-08T21:03:54.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:34.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2187.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2187.json
index 330591d5b21..334da769337 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2187.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2187.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2187",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.493",
- "lastModified": "2020-05-11T16:40:59.190",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.067",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-300"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2188.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2188.json
index d440217f57e..b0b54a96e3e 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2188.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2188.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2188",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.557",
- "lastModified": "2020-05-11T20:19:34.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.133",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2189.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2189.json
index 7b08a030c0c..12134d646d4 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2189.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2189.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2189",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-05-06T13:15:14.633",
- "lastModified": "2020-05-07T20:46:14.790",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2190.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2190.json
index bd73fa20cd1..7484b4ae25f 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2190.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2190.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2190",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.540",
- "lastModified": "2020-06-03T17:51:39.810",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2191.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2191.json
index 6efcb47031a..dd1b2ccfa4a 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2191.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2191.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2191",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.617",
- "lastModified": "2020-06-03T19:37:20.457",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.370",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2192.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2192.json
index 7c0130162cb..8ff36f0ae67 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2192.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2192.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2192",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.697",
- "lastModified": "2020-06-03T19:26:09.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.443",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2193.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2193.json
index 7a873671e83..74c6f16288a 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2193.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2193.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2193",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.773",
- "lastModified": "2020-06-03T19:09:46.190",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.503",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2194.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2194.json
index 80f628bc241..5defab7846b 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2194.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2194.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2194",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.853",
- "lastModified": "2020-06-03T19:18:58.153",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.563",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2195.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2195.json
index 40800edd138..28ecae8c109 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2195.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2195.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:10.913",
- "lastModified": "2020-06-03T19:13:02.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.627",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2196.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2196.json
index 5b86c9b8f70..780d760428d 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2196.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2196.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:11.007",
- "lastModified": "2022-06-01T20:42:42.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.687",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2197.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2197.json
index 9f005cb2afa..462d1b1e6e6 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2197.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2197.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:11.087",
- "lastModified": "2020-06-03T19:37:25.610",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-276"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2198.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2198.json
index 986acef4cd7..404b36e1e25 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2198.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2198.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:11.163",
- "lastModified": "2020-06-03T19:47:15.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.817",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-21xx/CVE-2020-2199.json b/CVE-2020/CVE-2020-21xx/CVE-2020-2199.json
index 2a0b30f5ca3..4e982d24e7a 100644
--- a/CVE-2020/CVE-2020-21xx/CVE-2020-2199.json
+++ b/CVE-2020/CVE-2020-21xx/CVE-2020-2199.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2199",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:11.227",
- "lastModified": "2020-06-03T19:50:55.773",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2200.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2200.json
index d28f6cf7c85..6c80ad4877d 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2200.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2200.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2200",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-06-03T13:15:11.307",
- "lastModified": "2020-06-04T17:14:42.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:35.940",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2201.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2201.json
index 7198c8f54fa..0a8a794573f 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2201.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2201.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2201",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.163",
- "lastModified": "2020-07-09T13:53:58.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.003",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2202.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2202.json
index e0cb9faa8cf..8847b196ea5 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2202.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2202.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2202",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.240",
- "lastModified": "2020-07-15T15:10:09.130",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2203.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2203.json
index a0aa02b3e75..d7ea37d08cc 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2203.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2203.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2203",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.317",
- "lastModified": "2020-07-16T18:00:52.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.137",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2204.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2204.json
index 4aa87f7aad2..687ad7ac66a 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2204.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2204.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2204",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.413",
- "lastModified": "2020-07-15T15:13:19.793",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.200",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2205.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2205.json
index 2b0c18a62cd..ff43c7f1bcf 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2205.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2205.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.507",
- "lastModified": "2020-07-06T21:17:08.293",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
@@ -112,11 +102,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2206.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2206.json
index e5dd653cc0c..1c754ad8f69 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2206.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2206.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2206",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.600",
- "lastModified": "2020-07-09T13:17:01.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.323",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
@@ -112,11 +102,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-07-02/#SECURITY-1728%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2207.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2207.json
index 88d5190209e..89a5375ecd4 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2207.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2207.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2207",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.677",
- "lastModified": "2020-07-06T20:53:07.853",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.383",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2208.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2208.json
index 342b5df2c21..50372151d44 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2208.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2208.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2208",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.770",
- "lastModified": "2020-07-15T15:27:29.203",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.437",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2209.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2209.json
index 309517bac0c..71fe6c0c593 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2209.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2209.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2209",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.867",
- "lastModified": "2020-07-09T13:15:58.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.500",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2210.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2210.json
index 519f641f83e..406b84fa796 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2210.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2210.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2210",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:17.960",
- "lastModified": "2020-07-08T20:21:00.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2211.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2211.json
index 3d1957734a7..05e2aff6dba 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2211.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2211.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.037",
- "lastModified": "2020-07-06T19:58:56.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.613",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2212.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2212.json
index f2e527062d0..60e7f558ba7 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2212.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2212.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.117",
- "lastModified": "2020-07-08T20:09:46.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.673",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2213.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2213.json
index d6653c79153..febd427ba78 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2213.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2213.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2213",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.210",
- "lastModified": "2020-07-08T20:08:36.927",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.737",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2214.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2214.json
index 646a770d34c..227d74d92df 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2214.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2214.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2214",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.303",
- "lastModified": "2020-07-08T19:57:24.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2215.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2215.json
index caf81bcc6ab..82448c51824 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2215.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2215.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2215",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.380",
- "lastModified": "2020-07-07T20:24:22.687",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.853",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2216.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2216.json
index 9e9dd328109..5a45737517c 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2216.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2216.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2216",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.507",
- "lastModified": "2020-07-15T15:24:37.993",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2217.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2217.json
index 9da48f3a4f7..0630a9ae50b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2217.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2217.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2217",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.600",
- "lastModified": "2020-07-07T18:58:09.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:36.967",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2218.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2218.json
index ebdc171ea81..9789733ac38 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2218.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2218.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2218",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.677",
- "lastModified": "2020-07-08T20:20:39.363",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.023",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2219.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2219.json
index 4b329f5d099..aa0626a47d5 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2219.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2219.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2219",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-02T15:15:18.757",
- "lastModified": "2020-07-06T19:09:03.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.080",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2220.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2220.json
index 5924d396788..075abc6d7b8 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2220.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2220.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2220",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:36.927",
- "lastModified": "2020-07-21T16:41:32.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.140",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2221.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2221.json
index 776f171b812..2b34b4010da 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2221.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2221.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2221",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.003",
- "lastModified": "2020-07-21T16:45:08.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2222.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2222.json
index 624fea7cdb9..1a6052282f6 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2222.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2222.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2222",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.083",
- "lastModified": "2020-07-21T16:36:07.247",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.280",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2223.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2223.json
index df67cb43923..d495f130dfb 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2223.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2223.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2223",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.160",
- "lastModified": "2020-07-21T16:29:36.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.340",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2224.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2224.json
index c178cf5002f..6cbef230081 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2224.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2224.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2224",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.253",
- "lastModified": "2020-07-21T16:29:30.273",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2225.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2225.json
index 3b649853fd4..3d0abc41d7f 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2225.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2225.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2225",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.333",
- "lastModified": "2020-07-21T16:27:45.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.470",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2226.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2226.json
index 3d5fd10c1e8..6f3466b0e5d 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2226.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2226.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2226",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.427",
- "lastModified": "2020-07-22T16:37:31.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.533",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2227.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2227.json
index d1480f11312..03b2c943fbe 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2227.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2227.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2227",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.520",
- "lastModified": "2020-07-22T16:44:56.270",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.607",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2228.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2228.json
index 0bc6562989c..537f3db3bd2 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2228.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2228.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2228",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-07-15T18:15:37.597",
- "lastModified": "2021-10-19T12:52:59.403",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.667",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-269"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2229.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2229.json
index 9772990bce3..460cddee653 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2229.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2229.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2229",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.110",
- "lastModified": "2022-10-05T19:14:15.647",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.737",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2230.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2230.json
index 797afddde06..a0d849ef74d 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2230.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2230.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2230",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.190",
- "lastModified": "2022-10-05T19:14:08.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.813",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2231.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2231.json
index e8a1268cb59..2b2b738acc8 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2231.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2231.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2231",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.267",
- "lastModified": "2022-10-28T23:29:50.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2232.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2232.json
index b601393d996..f9d25029a83 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2232.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2232.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2232",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.330",
- "lastModified": "2020-08-13T19:48:49.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:37.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2233.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2233.json
index e78df6c1eff..3cf43789bcc 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2233.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2233.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2233",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.423",
- "lastModified": "2020-08-13T15:34:12.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.023",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2234.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2234.json
index cf21731bb7a..6faa59de76e 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2234.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2234.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2234",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.533",
- "lastModified": "2020-08-13T19:49:34.693",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.097",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-285"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2235.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2235.json
index e052875fc0c..9aa70cef06c 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2235.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2235.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2235",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.597",
- "lastModified": "2020-08-13T20:03:37.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.163",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-08-12/#SECURITY-1794%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2236.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2236.json
index 126be388ff5..36e58c280ed 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2236.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2236.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2236",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.657",
- "lastModified": "2020-08-13T20:04:27.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.227",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2237.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2237.json
index 0833f1348a7..677207d2991 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2237.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2237.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2237",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-08-12T14:15:13.737",
- "lastModified": "2020-08-13T20:16:30.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.293",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2238.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2238.json
index c6c3b790731..4db2d781a3c 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2238.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2238.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2238",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.550",
- "lastModified": "2020-09-04T17:43:50.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.357",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2239.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2239.json
index aa3d1b95d06..08788e3c060 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2239.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2239.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2239",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.627",
- "lastModified": "2020-09-03T13:34:13.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.433",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2240.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2240.json
index cbe6f594082..aeed5837420 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2240.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2240.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2240",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.707",
- "lastModified": "2020-09-04T16:21:43.630",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.490",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2241.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2241.json
index 03285455d85..436b7e5acc6 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2241.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2241.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2241",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.783",
- "lastModified": "2020-09-04T16:21:38.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.553",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2242.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2242.json
index 3e03344a676..4b812ef0fdb 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2242.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2242.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2242",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.863",
- "lastModified": "2020-09-03T13:28:53.503",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.610",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2243.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2243.json
index fd5024e7c01..b74b05dd077 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2243.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2243.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2243",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.927",
- "lastModified": "2020-09-04T15:53:04.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.670",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2244.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2244.json
index f8e081173df..74dc77efaad 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2244.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2244.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2244",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:12.987",
- "lastModified": "2020-09-04T15:00:33.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.730",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2245.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2245.json
index e2702cc630d..5e905dd1298 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2245.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2245.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2245",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.050",
- "lastModified": "2020-09-04T15:27:21.983",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.790",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2246.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2246.json
index f2c121d4ed3..a26b81cbb45 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2246.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2246.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2246",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.113",
- "lastModified": "2020-09-04T14:25:01.513",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.850",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2247.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2247.json
index 8ef710b775a..bb28b5a2797 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2247.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2247.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2247",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.160",
- "lastModified": "2020-09-04T14:17:51.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2248.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2248.json
index e236706d485..94482bd2125 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2248.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2248.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2248",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.223",
- "lastModified": "2020-09-04T14:03:46.943",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:38.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2249.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2249.json
index 90862f40a1a..767471fae74 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2249.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2249.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2249",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.283",
- "lastModified": "2020-09-04T14:13:05.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.040",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2250.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2250.json
index f867d094908..fe3d3749c4b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2250.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2250.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2250",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.363",
- "lastModified": "2020-09-04T14:09:04.757",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.120",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2251.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2251.json
index 41aa5aeea98..906c67f2032 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2251.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2251.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2251",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-01T14:15:13.487",
- "lastModified": "2020-09-04T14:04:25.087",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.180",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
@@ -119,11 +109,8 @@
]
},
{
- "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://jenkins.io/security/advisory/2020-09-01/#SECURITY-1631%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2252.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2252.json
index d328b420d6a..31ce0e169ed 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2252.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2252.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2252",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.000",
- "lastModified": "2020-09-18T13:57:12.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.237",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-297"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2253.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2253.json
index 6488a84c697..ded8aa426ca 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2253.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2253.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2253",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.097",
- "lastModified": "2020-09-18T13:46:39.563",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-297"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2254.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2254.json
index 57ffa543094..0a65e74cf4b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2254.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2254.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2254",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.173",
- "lastModified": "2020-09-18T13:39:57.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.377",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2255.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2255.json
index a393bf31dc1..1bb62a299b3 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2255.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2255.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2255",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.237",
- "lastModified": "2020-09-18T13:29:52.050",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2256.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2256.json
index 71773837fb5..d1b0c3c3f4a 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2256.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2256.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2256",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.313",
- "lastModified": "2020-09-16T20:19:49.587",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2257.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2257.json
index c25d5a414d5..54f3eea6685 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2257.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2257.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2257",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.377",
- "lastModified": "2020-09-16T20:20:22.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.550",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2258.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2258.json
index b0e999987ae..ab9bc73ec55 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2258.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2258.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2258",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.437",
- "lastModified": "2020-09-18T13:20:41.417",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.607",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2259.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2259.json
index 3eccaca72ae..66864571262 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2259.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2259.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2259",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.517",
- "lastModified": "2020-09-16T20:18:21.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.667",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2260.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2260.json
index 840e1b57ebf..9884b43ef05 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2260.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2260.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2260",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.580",
- "lastModified": "2020-09-18T13:19:20.853",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.723",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2261.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2261.json
index 98b5b7c1301..3776d33f84b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2261.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2261.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2261",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.640",
- "lastModified": "2020-09-18T13:15:36.740",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.783",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2262.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2262.json
index 491a76a5445..cabe2f69914 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2262.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2262.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2262",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.703",
- "lastModified": "2020-09-16T20:20:57.947",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.843",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2263.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2263.json
index 8dc81f76467..3c60af6bbad 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2263.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2263.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2263",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.783",
- "lastModified": "2020-09-16T20:20:44.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2264.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2264.json
index 7020aaf0532..969a8b02153 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2264.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2264.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2264",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.847",
- "lastModified": "2020-09-16T20:20:35.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:39.960",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2265.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2265.json
index 9d50141f9e3..660f56bb142 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2265.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2265.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2265",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.923",
- "lastModified": "2020-09-18T13:13:54.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2266.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2266.json
index 1166572931b..00fdb4c52b2 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2266.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2266.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2266",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:13.987",
- "lastModified": "2020-09-16T20:19:39.787",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2267.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2267.json
index 7ccdef0a0e9..cffb3fac887 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2267.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2267.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2267",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.063",
- "lastModified": "2020-09-18T12:59:53.193",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.133",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2268.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2268.json
index a76d6669052..3bee0035718 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2268.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2268.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2268",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.157",
- "lastModified": "2020-09-21T15:09:28.157",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2269.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2269.json
index 72cdf233d7c..9cccaf39651 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2269.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2269.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2269",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.250",
- "lastModified": "2020-09-16T20:18:32.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.257",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2270.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2270.json
index 3954b2dcdd1..99524e0602b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2270.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2270.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2270",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.330",
- "lastModified": "2020-09-16T20:10:20.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.313",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2271.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2271.json
index 3bc9933366a..122d3748e6b 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2271.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2271.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2271",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.437",
- "lastModified": "2020-09-18T15:15:27.017",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.367",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2272.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2272.json
index 4af3b50c3df..bcdc3b63f9d 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2272.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2272.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2272",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.517",
- "lastModified": "2020-09-18T12:58:54.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2273.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2273.json
index ccd49de870a..33040051b8f 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2273.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2273.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2273",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.597",
- "lastModified": "2020-09-18T12:57:44.350",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2274.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2274.json
index 95550b8ae0b..4ab8d294423 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2274.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2274.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2274",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.657",
- "lastModified": "2020-09-18T12:56:53.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.543",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-312"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-312"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2275.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2275.json
index c4c51ca1ed8..6da6e8f9825 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2275.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2275.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2275",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.750",
- "lastModified": "2020-09-18T15:04:16.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.603",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2276.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2276.json
index f1668f3ec6d..ade11f22544 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2276.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2276.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2276",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.813",
- "lastModified": "2020-09-18T14:51:50.200",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.657",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2277.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2277.json
index 491f357f649..e100566e12c 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2277.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2277.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2277",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.893",
- "lastModified": "2020-09-18T12:51:35.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.713",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
@@ -112,11 +102,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2278.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2278.json
index c6091706aff..1daa9179956 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2278.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2278.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2278",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-16T14:15:14.953",
- "lastModified": "2020-09-18T12:50:14.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.773",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
@@ -112,11 +102,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1968%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2279.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2279.json
index 586fb6b53bf..7f2f3be52d6 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2279.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2279.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2279",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.007",
- "lastModified": "2020-09-28T20:32:12.843",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.827",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2280.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2280.json
index 7278764425a..5da322daade 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2280.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2280.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2280",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.103",
- "lastModified": "2020-09-28T20:30:40.933",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2281.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2281.json
index 429bc52ff77..a6e64bed643 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2281.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2281.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2281",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.210",
- "lastModified": "2020-09-28T20:13:25.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:40.967",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2282.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2282.json
index 2b09f208e8d..8b2e8dde1eb 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2282.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2282.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2282",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.273",
- "lastModified": "2020-09-28T20:11:43.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.030",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2283.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2283.json
index 7612f811c88..1d6bc63c51a 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2283.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2283.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2283",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.353",
- "lastModified": "2020-09-28T20:03:30.617",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2284.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2284.json
index df0081204b1..1c78ba10b96 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2284.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2284.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2284",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.413",
- "lastModified": "2020-09-28T19:59:43.520",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.190",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2285.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2285.json
index 1dab92059e2..a456a3e46ea 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2285.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2285.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2285",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-09-23T14:15:13.493",
- "lastModified": "2020-09-30T17:57:39.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.280",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2286.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2286.json
index 73680c9a642..4f31826d3cc 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2286.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2286.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2286",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.313",
- "lastModified": "2020-10-23T18:27:12.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.343",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2287.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2287.json
index cfca084c83c..db26d49d338 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2287.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2287.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2287",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.407",
- "lastModified": "2020-10-16T16:25:34.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.430",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-435"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2288.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2288.json
index affdeb126cf..5bca1fe0b9e 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2288.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2288.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2288",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.487",
- "lastModified": "2020-10-09T19:41:10.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.490",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-185"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2289.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2289.json
index abde367fd20..b9ed7aab9d2 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2289.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2289.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2289",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.547",
- "lastModified": "2020-10-09T19:46:41.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2290.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2290.json
index e4a1c48a8ea..0b1fecebdc0 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2290.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2290.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2290",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.610",
- "lastModified": "2020-10-09T19:48:26.143",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2291.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2291.json
index 6e39447c1d0..ffd72485567 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2291.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2291.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2291",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.673",
- "lastModified": "2022-04-25T17:42:18.653",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.680",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2292.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2292.json
index 898673feef1..bdb37b4cb9e 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2292.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2292.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2292",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.750",
- "lastModified": "2020-10-15T19:38:40.090",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.747",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2293.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2293.json
index fac3291e743..05b1acd7fe4 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2293.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2293.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2293",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.827",
- "lastModified": "2020-10-09T19:52:50.140",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.803",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2294.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2294.json
index f25dbd6a019..89398017bf2 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2294.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2294.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2294",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.907",
- "lastModified": "2020-10-09T19:53:35.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.867",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2295.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2295.json
index dce27c17a52..8ccd9fe8602 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2295.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2295.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2295",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:11.987",
- "lastModified": "2020-10-09T19:55:41.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.937",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2296.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2296.json
index 6d285c5c76e..fbbab6592d0 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2296.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2296.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2296",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:12.077",
- "lastModified": "2020-10-09T19:26:39.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:41.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2297.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2297.json
index 1003b6c035a..f1c6497cdc6 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2297.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2297.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2297",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:12.140",
- "lastModified": "2022-04-25T17:42:29.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2298.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2298.json
index bf2a68f0ded..29727ae6a81 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2298.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2298.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2298",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-10-08T13:15:12.220",
- "lastModified": "2020-10-16T19:56:55.457",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.117",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-22xx/CVE-2020-2299.json b/CVE-2020/CVE-2020-22xx/CVE-2020-2299.json
index 0127abd3dd7..731d450fb42 100644
--- a/CVE-2020/CVE-2020-22xx/CVE-2020-2299.json
+++ b/CVE-2020/CVE-2020-22xx/CVE-2020-2299.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2299",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:10.897",
- "lastModified": "2020-11-10T13:54:24.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.180",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-287"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2300.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2300.json
index 7fad9786e4a..532af19ed45 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2300.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2300.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2300",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.067",
- "lastModified": "2020-11-09T20:39:00.240",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.260",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-287"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2301.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2301.json
index a59bcabf7a4..d05140c4aad 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2301.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2301.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2301",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.193",
- "lastModified": "2020-11-09T20:49:30.570",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-287"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2302.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2302.json
index 5cb58975db1..2e9426ef4ba 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2302.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2302.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2302",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.257",
- "lastModified": "2020-11-06T18:13:05.323",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.380",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2303.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2303.json
index 1935ffee0e6..5a78d5c09f5 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2303.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2303.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2303",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.333",
- "lastModified": "2020-11-06T18:35:39.063",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.443",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2304.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2304.json
index 4130360d314..2b9ef4d4cdd 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2304.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2304.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2304",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.397",
- "lastModified": "2020-11-10T14:39:32.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.507",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2305.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2305.json
index 90c782c9511..47f04981b6a 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2305.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2305.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2305",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.490",
- "lastModified": "2020-11-10T14:24:25.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2306.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2306.json
index 143098ac630..8037bf49870 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2306.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2306.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2306",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.583",
- "lastModified": "2020-11-06T19:10:26.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.627",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2307.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2307.json
index b3fb526cf90..4e352f4c281 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2307.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2307.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2307",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.663",
- "lastModified": "2020-11-09T19:21:33.670",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2308.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2308.json
index e7c4ec1a2af..18c651ed0ad 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2308.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2308.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2308",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.727",
- "lastModified": "2020-11-06T18:43:08.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2309.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2309.json
index 72ca42df350..e0f599b5e53 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2309.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2309.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2309",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.803",
- "lastModified": "2020-11-06T19:03:26.093",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.857",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2310.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2310.json
index 8adeae12222..cd9c52dcf86 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2310.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2310.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2310",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.880",
- "lastModified": "2020-11-10T15:51:40.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:42.963",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2311.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2311.json
index d9c306e0171..502ba4f3eb9 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2311.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2311.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2311",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:11.990",
- "lastModified": "2020-11-06T18:17:36.160",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.087",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2312.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2312.json
index c500b49b081..4c160d41c1d 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2312.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2312.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2312",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.070",
- "lastModified": "2020-11-10T16:01:40.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.150",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2313.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2313.json
index 2a3c0c70fe2..aedcb1b6e81 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2313.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2313.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2313",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.147",
- "lastModified": "2020-11-06T18:19:33.727",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2314.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2314.json
index 67b987dc147..e8c4449e371 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2314.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2314.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2314",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.273",
- "lastModified": "2022-04-25T17:42:46.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.273",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2315.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2315.json
index 9efd491555f..629c5beebc9 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2315.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2315.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2315",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.350",
- "lastModified": "2020-11-10T15:52:37.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.347",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2316.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2316.json
index 091a81ad7a3..c05fd971b20 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2316.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2316.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2316",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.413",
- "lastModified": "2020-11-10T14:28:42.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2317.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2317.json
index 1e2e1f1ada0..f7e022c7b6f 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2317.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2317.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2317",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.490",
- "lastModified": "2020-11-10T14:11:47.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.483",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2318.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2318.json
index 1535eb68dc5..0d9a23a38de 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2318.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2318.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2318",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.553",
- "lastModified": "2022-04-25T17:43:06.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.570",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2319.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2319.json
index 79a9fd6c0a1..f3a8aab71d7 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2319.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2319.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2319",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-11-04T15:15:12.647",
- "lastModified": "2022-04-25T17:43:00.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.737",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2320.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2320.json
index 1b1ba5c4cd1..aa5dd5c92a3 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2320.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2320.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2320",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-12-03T16:15:12.573",
- "lastModified": "2020-12-08T15:58:21.307",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:43.890",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-494"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-494"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2321.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2321.json
index 12cc455850d..1592f8cb88d 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2321.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2321.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2321",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-12-03T16:15:12.763",
- "lastModified": "2020-12-04T14:33:26.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2322.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2322.json
index 1d13d599705..e40d59c96a5 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2322.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2322.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2322",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-12-03T16:15:12.857",
- "lastModified": "2022-10-20T16:17:38.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.273",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2109%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2109%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2323.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2323.json
index 8dd9da69b79..fc51f2c548a 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2323.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2323.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2323",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-12-03T16:15:12.917",
- "lastModified": "2020-12-07T18:30:08.260",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.370",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -112,11 +102,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2109%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2020-12-03/#SECURITY-2109%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-23xx/CVE-2020-2324.json b/CVE-2020/CVE-2020-23xx/CVE-2020-2324.json
index 1322beef9f2..fc3f6068fdc 100644
--- a/CVE-2020/CVE-2020-23xx/CVE-2020-2324.json
+++ b/CVE-2020/CVE-2020-23xx/CVE-2020-2324.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-2324",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2020-12-03T16:15:12.980",
- "lastModified": "2020-12-07T19:54:01.620",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.467",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-252xx/CVE-2020-25223.json b/CVE-2020/CVE-2020-252xx/CVE-2020-25223.json
index 1f507e1ce59..08666ce00b0 100644
--- a/CVE-2020/CVE-2020-252xx/CVE-2020-25223.json
+++ b/CVE-2020/CVE-2020-252xx/CVE-2020-25223.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-25223",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-25T04:23:04.857",
- "lastModified": "2022-10-05T18:28:25.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-17T17:15:09.623",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2022-03-25",
"cisaActionDue": "2022-04-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -156,6 +156,10 @@
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-256xx/CVE-2020-25648.json b/CVE-2020/CVE-2020-256xx/CVE-2020-25648.json
index f23c9b3e4a1..2a0b115e720 100644
--- a/CVE-2020/CVE-2020-256xx/CVE-2020-25648.json
+++ b/CVE-2020/CVE-2020-256xx/CVE-2020-25648.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-25648",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-10-20T22:15:43.217",
- "lastModified": "2022-05-10T15:45:28.503",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-28T17:15:39.133",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -65,7 +65,7 @@
},
"weaknesses": [
{
- "source": "secalert@redhat.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -75,7 +75,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
@@ -199,6 +199,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/",
"source": "secalert@redhat.com",
diff --git a/CVE-2020/CVE-2020-256xx/CVE-2020-25678.json b/CVE-2020/CVE-2020-256xx/CVE-2020-25678.json
index 8b24de41f93..79baee18edf 100644
--- a/CVE-2020/CVE-2020-256xx/CVE-2020-25678.json
+++ b/CVE-2020/CVE-2020-256xx/CVE-2020-25678.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-25678",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-01-08T18:15:13.293",
- "lastModified": "2023-02-12T23:40:39.997",
+ "lastModified": "2023-10-23T19:15:10.177",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -122,6 +122,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OQTBKVXVYP7GPQNZ5VASOIJHMLK7727M/",
"source": "secalert@redhat.com"
diff --git a/CVE-2020/CVE-2020-265xx/CVE-2020-26513.json b/CVE-2020/CVE-2020-265xx/CVE-2020-26513.json
index eaa63e06d79..2e70677ad6e 100644
--- a/CVE-2020/CVE-2020-265xx/CVE-2020-26513.json
+++ b/CVE-2020/CVE-2020-265xx/CVE-2020-26513.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-26513",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-07T16:15:12.153",
- "lastModified": "2020-12-08T18:03:21.793",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,35 +84,35 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.1.0",
- "matchCriteriaId": "FC456609-B95D-48B6-86A8-AAA9F6989A44"
+ "matchCriteriaId": "3F3BE8BD-0868-4A50-BF06-BAE474BF5328"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "29EA9491-EC5A-4E04-A797-719FC87EB86C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C779D2FF-F4E0-4DC4-A2CC-A3456AB16681"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "11D9F5E1-CC89-4E32-9FE5-F5E0CA6839C2"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:*",
- "matchCriteriaId": "B6E5E3CB-B9E4-445A-8654-A506A52C4815"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:*",
- "matchCriteriaId": "4B11CD25-3A00-4B2E-8B00-D6D11AB06737"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
+ "matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792"
}
]
}
diff --git a/CVE-2020/CVE-2020-265xx/CVE-2020-26515.json b/CVE-2020/CVE-2020-265xx/CVE-2020-26515.json
index 9f0627a5bcd..13ee3b40464 100644
--- a/CVE-2020/CVE-2020-265xx/CVE-2020-26515.json
+++ b/CVE-2020/CVE-2020-265xx/CVE-2020-26515.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-26515",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-08T13:15:07.457",
- "lastModified": "2022-07-12T17:42:04.277",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,35 +88,35 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:intland:codebeamer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.1.0",
- "matchCriteriaId": "FC456609-B95D-48B6-86A8-AAA9F6989A44"
+ "matchCriteriaId": "3F3BE8BD-0868-4A50-BF06-BAE474BF5328"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "29EA9491-EC5A-4E04-A797-719FC87EB86C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C779D2FF-F4E0-4DC4-A2CC-A3456AB16681"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "11D9F5E1-CC89-4E32-9FE5-F5E0CA6839C2"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:*",
- "matchCriteriaId": "B6E5E3CB-B9E4-445A-8654-A506A52C4815"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:*",
- "matchCriteriaId": "4B11CD25-3A00-4B2E-8B00-D6D11AB06737"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
+ "matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792"
}
]
}
diff --git a/CVE-2020/CVE-2020-265xx/CVE-2020-26516.json b/CVE-2020/CVE-2020-265xx/CVE-2020-26516.json
index 094bbda946b..17691e87046 100644
--- a/CVE-2020/CVE-2020-265xx/CVE-2020-26516.json
+++ b/CVE-2020/CVE-2020-265xx/CVE-2020-26516.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-26516",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-08T13:15:07.493",
- "lastModified": "2021-06-15T14:01:47.773",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,63 +84,63 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "D7256650-C44F-4A3F-918D-A186F6A62948"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5B0480-89AF-44AE-A9C1-0656627FA777"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:prerelease4:*:*:*:*:*:*",
- "matchCriteriaId": "F11152A1-FCD7-4B89-B4D6-BA16111D04C1"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*",
+ "matchCriteriaId": "E3C0AE05-0E16-498D-B38D-4104C764CDAC"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "593CA18F-2BE1-4AC1-9518-4E6A647A1848"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "83F33C62-2D1B-462D-B3D6-FA0BB3EF4BE4"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C8EDDB84-727E-440A-8B28-B9F7A3453866"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "F9DC14C6-92A8-4388-9D8F-AD2C3201AD5C"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "374FD2B9-1DBE-4F8A-8963-FD0B6A402DFA"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D61084-CBE7-464D-BA6A-485627BCB2B8"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.1:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "D12BBF90-DE0D-4965-B319-5E9BB3CE4A8C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "568A8794-36C0-40BE-9867-7D29D77DBC6A"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "29EA9491-EC5A-4E04-A797-719FC87EB86C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C779D2FF-F4E0-4DC4-A2CC-A3456AB16681"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "11D9F5E1-CC89-4E32-9FE5-F5E0CA6839C2"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:*",
- "matchCriteriaId": "B6E5E3CB-B9E4-445A-8654-A506A52C4815"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:*",
- "matchCriteriaId": "4B11CD25-3A00-4B2E-8B00-D6D11AB06737"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
+ "matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:21.04:*:*:*:*:*:*:*",
- "matchCriteriaId": "007BD6B0-1F0C-419C-812A-08A497B80F94"
+ "criteria": "cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A3B7C6A7-5FA8-42B8-B83B-0BF908A72E44"
}
]
}
diff --git a/CVE-2020/CVE-2020-265xx/CVE-2020-26517.json b/CVE-2020/CVE-2020-265xx/CVE-2020-26517.json
index 033a834e28b..af3d613eb25 100644
--- a/CVE-2020/CVE-2020-265xx/CVE-2020-26517.json
+++ b/CVE-2020/CVE-2020-265xx/CVE-2020-26517.json
@@ -2,7 +2,7 @@
"id": "CVE-2020-26517",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-08T13:15:07.527",
- "lastModified": "2021-06-15T14:10:20.363",
+ "lastModified": "2023-10-18T19:04:17.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,63 +84,63 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "D7256650-C44F-4A3F-918D-A186F6A62948"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "EE5B0480-89AF-44AE-A9C1-0656627FA777"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:prerelease4:*:*:*:*:*:*",
- "matchCriteriaId": "F11152A1-FCD7-4B89-B4D6-BA16111D04C1"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:prerelease4:*:*:*:*:*:*",
+ "matchCriteriaId": "E3C0AE05-0E16-498D-B38D-4104C764CDAC"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "593CA18F-2BE1-4AC1-9518-4E6A647A1848"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "83F33C62-2D1B-462D-B3D6-FA0BB3EF4BE4"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C8EDDB84-727E-440A-8B28-B9F7A3453866"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "F9DC14C6-92A8-4388-9D8F-AD2C3201AD5C"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "374FD2B9-1DBE-4F8A-8963-FD0B6A402DFA"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D61084-CBE7-464D-BA6A-485627BCB2B8"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.0.1:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "D12BBF90-DE0D-4965-B319-5E9BB3CE4A8C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.0.1:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "568A8794-36C0-40BE-9867-7D29D77DBC6A"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:-:*:*:*:*:*:*",
- "matchCriteriaId": "29EA9491-EC5A-4E04-A797-719FC87EB86C"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A0128D1A-DA5B-49EE-ABC2-DA75EF2B5594"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "C779D2FF-F4E0-4DC4-A2CC-A3456AB16681"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp1:*:*:*:*:*:*",
+ "matchCriteriaId": "35461BDC-7A06-49AE-A528-DB6A986C9F14"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp2:*:*:*:*:*:*",
- "matchCriteriaId": "11D9F5E1-CC89-4E32-9FE5-F5E0CA6839C2"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp2:*:*:*:*:*:*",
+ "matchCriteriaId": "B32DF425-549F-4BEC-A7B6-F66CE063C878"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp3:*:*:*:*:*:*",
- "matchCriteriaId": "B6E5E3CB-B9E4-445A-8654-A506A52C4815"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8166F01E-B271-4491-B932-00BF843D2146"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:10.1.0:sp4:*:*:*:*:*:*",
- "matchCriteriaId": "4B11CD25-3A00-4B2E-8B00-D6D11AB06737"
+ "criteria": "cpe:2.3:a:intland:codebeamer:10.1.0:sp4:*:*:*:*:*:*",
+ "matchCriteriaId": "504110BC-FC0C-4A3F-824C-5BF4C573A792"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:intland:codebeamer_application_lifecycle_management:21.04:*:*:*:*:*:*:*",
- "matchCriteriaId": "007BD6B0-1F0C-419C-812A-08A497B80F94"
+ "criteria": "cpe:2.3:a:intland:codebeamer:21.04:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A3B7C6A7-5FA8-42B8-B83B-0BF908A72E44"
}
]
}
diff --git a/CVE-2020/CVE-2020-272xx/CVE-2020-27213.json b/CVE-2020/CVE-2020-272xx/CVE-2020-27213.json
index 8e3045cb5e3..aaa7a05576c 100644
--- a/CVE-2020/CVE-2020-272xx/CVE-2020-27213.json
+++ b/CVE-2020/CVE-2020-272xx/CVE-2020-27213.json
@@ -2,31 +2,101 @@
"id": "CVE-2020-27213",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T17:15:10.337",
- "lastModified": "2023-10-10T17:52:17.703",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-27T19:34:58.647",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en Ethernut Nut/OS 5.1. El c\u00f3digo que genera Initial Sequence Numbers (ISN) para conexiones TCP deriva el ISN de una fuente insuficientemente aleatoria. Como resultado, un atacante puede determinar el ISN de las conexiones TCP actuales y futuras y secuestrar las existentes o falsificar las futuras. Si bien el generador de ISN parece cumplir con RFC 793 (donde un contador global de 32 bits se incrementa aproximadamente cada 4 microsegundos), la generaci\u00f3n de ISN adecuada debe aspirar a seguir al menos las especificaciones descritas en RFC 6528."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-330"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:ethernut:nut\\/os:5.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33F926DD-C48D-4FB6-9CEC-E48DC7FDA4D7"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "http://lists.egnite.de/mailman/listinfo/en-nut-announce",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Not Applicable"
+ ]
},
{
"url": "http://www.ethernut.de/en/download/index.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
},
{
"url": "https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-277xx/CVE-2020-27781.json b/CVE-2020/CVE-2020-277xx/CVE-2020-27781.json
index e9871a47354..bac65fc6d8a 100644
--- a/CVE-2020/CVE-2020-277xx/CVE-2020-27781.json
+++ b/CVE-2020/CVE-2020-277xx/CVE-2020-27781.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-27781",
"sourceIdentifier": "secalert@redhat.com",
"published": "2020-12-18T21:15:12.660",
- "lastModified": "2021-06-03T18:40:08.803",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.277",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -176,6 +176,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJ7FFROL25FYRL6FMI33VRKOD74LINRP/",
"source": "secalert@redhat.com",
diff --git a/CVE-2020/CVE-2020-295xx/CVE-2020-29583.json b/CVE-2020/CVE-2020-295xx/CVE-2020-29583.json
index 88878a333e0..6ac16b3b6c1 100644
--- a/CVE-2020/CVE-2020-295xx/CVE-2020-29583.json
+++ b/CVE-2020/CVE-2020-295xx/CVE-2020-29583.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-29583",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-12-22T22:15:14.443",
- "lastModified": "2022-07-12T17:42:04.277",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-28T01:15:51.480",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2022-05-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
- "cisaVulnerabilityName": "Zyxel Unified Security Gateway Undocumented Administrator Account with Default Credentials",
+ "cisaVulnerabilityName": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -517,6 +517,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.secpod.com/blog/a-secret-zyxel-firewall-and-ap-controllers-could-allow-for-administrative-access-cve-2020-29583/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.zyxel.com/support/CVE-2020-29583.shtml",
"source": "cve@mitre.org",
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36637.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36637.json
index efe96a56c2f..4f0797ddac1 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36637.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36637.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36637",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:09.217",
- "lastModified": "2023-01-06T20:39:10.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:08.750",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been declared as problematic. This vulnerability affects unknown code of the file resources/core/adminserv.php. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 3ed17dab3b4d6e8bf1c82ddfbf882314365e9cd7. It is recommended to apply a patch to fix this issue. VDB-217042 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36638.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36638.json
index 82f53fdeff8..73f5fddba9a 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36638.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36638.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36638",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:09.300",
- "lastModified": "2023-01-06T20:38:31.473",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:08.823",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de AdminServ. It has been rated as problematic. This issue affects some unknown processing of the file resources/core/adminserv.php. The manipulation of the argument error leads to cross site scripting. The attack may be initiated remotely. The patch is named 9a45087814295de6fb3a3fe38f96293665234da1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217043. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36639.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36639.json
index 71357f9af41..5b0881925e6 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36639.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36639.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36639",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T10:15:10.383",
- "lastModified": "2023-01-10T17:38:58.630",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:08.890",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in AlliedModders AMX Mod X and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The name of the patch is a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in AlliedModders AMX Mod X on Windows and classified as critical. This vulnerability affects the function cmdVoteMap of the file plugins/adminvote.sma of the component Console Command Handler. The manipulation of the argument amx_votemap leads to path traversal. The patch is identified as a5f2b5539f6d61050b68df8b22ebb343a2862681. It is recommended to apply a patch to fix this issue. VDB-217354 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36640.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36640.json
index 26ca4fd3e74..40845d01fd3 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36640.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36640.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36640",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T10:15:09.773",
- "lastModified": "2023-01-11T18:34:10.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:08.967",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443."
+ "value": "A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36641.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36641.json
index 43a62c44ac3..81d1347ed9a 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36641.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36641.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36641",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T12:15:09.287",
- "lastModified": "2023-01-11T19:33:44.993",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.033",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The name of the patch is ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.12.1 is able to address this issue. The patch is identified as ad6615b3ec41353e614f6ea5fdd5b046442a832b. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36642.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36642.json
index 3a418910d65..70eb7f84335 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36642.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36642.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36642",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T11:15:09.443",
- "lastModified": "2023-01-12T15:52:22.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.107",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability."
+ "value": "A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The identifier of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36644.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36644.json
index 2af0946c0f3..0c948880039 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36644.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36644.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36644",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T10:15:09.417",
- "lastModified": "2023-01-12T16:40:20.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.183",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The identifier of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36645.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36645.json
index 9c8c9a92693..cdeaa3aa4b7 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36645.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36645.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36645",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T19:15:09.383",
- "lastModified": "2023-01-12T18:40:31.593",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.263",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623."
+ "value": "A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36646.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36646.json
index 559d32763fa..c08b9db0b9e 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36646.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36646.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36646",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T20:15:09.523",
- "lastModified": "2023-01-12T20:32:59.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.333",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The identifier of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36647.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36647.json
index f8ecfeddd62..27eec9dff0f 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36647.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36647.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36647",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T10:15:11.707",
- "lastModified": "2023-01-12T16:54:49.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.407",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The patch is identified as f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36648.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36648.json
index 640b156f667..ab910e6cb03 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36648.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36648.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36648",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T10:15:11.793",
- "lastModified": "2023-01-12T16:47:45.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.473",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The identifier of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36650.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36650.json
index 8823d8e4068..bb7cf45bb0c 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36650.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36650.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36650",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T18:15:09.003",
- "lastModified": "2023-01-18T19:20:51.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.550",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019."
+ "value": "A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The patch is named 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36651.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36651.json
index c3e6af45cca..42c889c4a82 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36651.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36651.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36651",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T01:15:11.800",
- "lastModified": "2023-01-25T17:51:15.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.627",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The identifier of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36653.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36653.json
index f683b827fb0..2198aea1938 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36653.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36653.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36653",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T08:15:09.957",
- "lastModified": "2023-01-25T16:59:24.830",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.700",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The name of the patch is c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in GENI Portal. It has been rated as problematic. Affected by this issue is some unknown functionality of the file portal/www/portal/error-text.php. The manipulation of the argument error leads to cross site scripting. The attack may be launched remotely. The patch is identified as c2356cc41260551073bfaa3a94d1ab074f554938. It is recommended to apply a patch to fix this issue. VDB-218474 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36654.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36654.json
index 9d379e48e0f..3a27e608c2d 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36654.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36654.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36654",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-18T08:15:10.073",
- "lastModified": "2023-01-25T19:25:21.523",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475."
+ "value": "A vulnerability classified as problematic has been found in GENI Portal. This affects the function no_invocation_id_error of the file portal/www/portal/sliceresource.php. The manipulation of the argument invocation_id/invocation_user leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 39a96fb4b822bd3497442a96135de498d4a81337. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218475."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36660.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36660.json
index 8dfe5efbfdc..55af50e0e4d 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36660.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36660.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36660",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T17:15:09.437",
- "lastModified": "2023-02-14T22:47:33.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.853",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211."
+ "value": "A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36661.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36661.json
index d21853b9869..45e5520919c 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36661.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36661.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36661",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-12T21:15:10.650",
- "lastModified": "2023-02-24T06:24:34.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:09.943",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36663.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36663.json
index eab922bd89a..4767107fc61 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36663.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36663.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36663",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-04T07:15:08.690",
- "lastModified": "2023-03-09T21:03:57.110",
+ "lastModified": "2023-10-29T02:34:51.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in Artes\u00e3os SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231."
+ "value": "A vulnerability, which was classified as problematic, was found in Artes\u00e3os SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is named ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-601"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36665.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36665.json
index f781b83a7f2..ea08f59dcf0 100644
--- a/CVE-2020/CVE-2020-366xx/CVE-2020-36665.json
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36665.json
@@ -2,12 +2,12 @@
"id": "CVE-2020-36665",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-04T19:15:10.193",
- "lastModified": "2023-03-09T21:01:58.203",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.107",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Artes\u00e3os SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Artes\u00e3os SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2020/CVE-2020-366xx/CVE-2020-36698.json b/CVE-2020/CVE-2020-366xx/CVE-2020-36698.json
new file mode 100644
index 00000000000..d229c1bd803
--- /dev/null
+++ b/CVE-2020/CVE-2020-366xx/CVE-2020-36698.json
@@ -0,0 +1,125 @@
+{
+ "id": "CVE-2020-36698",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:14.487",
+ "lastModified": "2023-10-26T17:32:52.447",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files."
+ },
+ {
+ "lang": "es",
+ "value": "El an\u00e1lisis de Seguridad y Malware del complemento CleanTalk para WordPress es vulnerable a la interacci\u00f3n no autorizada del usuario en versiones hasta la 2.50 incluida. Esto se debe a que faltan comprobaciones de capacidad en varias acciones AJAX y a la divulgaci\u00f3n nonce en la p\u00e1gina de origen del panel administrativo. Esto hace posible que atacantes autenticados, con permisos de nivel de suscriptor y superiores, llamen funciones y eliminen y/o carguen archivos."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cleantalk:security_\\&_malware_scan:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "2.51",
+ "matchCriteriaId": "FD64F886-2406-4186-9649-43C2DC48E05E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/multiple-vulnerabilities-fixed-in-security-malware-scan-by-cleantalk-plugin/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/23960f42-dfc1-4951-9169-02d889283f01",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36706.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36706.json
new file mode 100644
index 00000000000..4e9f15f0fd3
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36706.json
@@ -0,0 +1,132 @@
+{
+ "id": "CVE-2020-36706",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:14.650",
+ "lastModified": "2023-10-26T17:32:28.667",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible."
+ },
+ {
+ "lang": "es",
+ "value": "The Simple:Press \u2013 WordPress Forum Plugin para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validaci\u00f3n del tipo de archivo en el archivo ~/admin/resources/jscript/ajaxupload/sf-uploader.php en versiones hasta la 6.6.0 incluida. Esto hace posible que los atacantes carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:simple-press:simple\\:press:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "6.6.1",
+ "matchCriteriaId": "D7B168C0-0C23-496A-B9E4-0A6A947C576E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36714.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36714.json
new file mode 100644
index 00000000000..8706b79bd90
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36714.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2020-36714",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.020",
+ "lastModified": "2023-10-26T17:23:11.363",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Brizy para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una verificaci\u00f3n de capacidad incorrecta en la funci\u00f3n is_administrator() en versiones hasta la 1.0.125 incluida. Esto hace posible que los atacantes autenticados accedan e interact\u00faen con las funciones AJAX disponibles."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:brizy:brizy-page_builder:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.0.125",
+ "matchCriteriaId": "2711C8DC-F5A7-40F7-8517-6C5B6EF560BA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/wordpress-brizy-page-builder-plugin-fixed-critical-vulnerabilities/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36751.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36751.json
new file mode 100644
index 00000000000..d74aeb0a1bf
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36751.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36751",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.100",
+ "lastModified": "2023-10-27T16:45:20.603",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Coupon Creator para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 3.1 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save_meta(). Esto hace posible que atacantes no autenticados guarden metacampos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jesseeproductions:coupon_creator:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "3.1",
+ "matchCriteriaId": "DAD701D5-D608-4E14-A82E-C0C238E24491"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2368658/coupon-creator/tags/2.5.2.1/plugin-engine/src/Pngx/Admin/Meta.php",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ab57f010-4fd2-40c2-950f-c03888521c8f?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36753.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36753.json
new file mode 100644
index 00000000000..49d98aae978
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36753.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36753",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.177",
+ "lastModified": "2023-10-27T16:37:17.417",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El Hueman theme para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 3.6.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save_meta_box(). Esto hace posible que atacantes no autenticados guarden datos de Metabox a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:presscustomizr:hueman:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "3.6.3",
+ "matchCriteriaId": "0A9E4B9C-029A-4028-AD58-05B71D103B45"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://themes.trac.wordpress.org/browser/hueman/3.6.4/option-tree/includes/class-ot-meta-box.php#L207",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36754.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36754.json
new file mode 100644
index 00000000000..ac5ab65bdf1
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36754.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36754",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.250",
+ "lastModified": "2023-10-27T16:32:39.073",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Paid Memberships Pro para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 2.4.2 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n pmpro_page_save(). Esto hace posible que atacantes no autenticados guarden p\u00e1ginas a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:paidmembershipspro:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "2.4.2",
+ "matchCriteriaId": "6E4AD015-E3FF-4AB7-8CCB-ECB0A0043953"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368689%40paid-memberships-pro&new=2368689%40paid-memberships-pro&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36755.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36755.json
new file mode 100644
index 00000000000..18ffa367a8f
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36755.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36755",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.327",
+ "lastModified": "2023-10-27T16:32:00.433",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El Customizr theme para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 4.3.0 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n czr_fn_post_fields_save(). Esto hace posible que atacantes no autenticados publiquen campos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:presscustomizr:customizr:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "4.3.0",
+ "matchCriteriaId": "A13010DD-61C9-46E0-B6B6-E2C77C24952A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://themes.trac.wordpress.org/browser/customizr/4.3.1/core/czr-admin-ccat.php?rev=135570#L1764",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36758.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36758.json
new file mode 100644
index 00000000000..3df2392495f
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36758.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36758",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.393",
+ "lastModified": "2023-10-27T18:54:33.777",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento RSS Aggregator de Feedzy para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 3.4.2 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save_feedzy_post_type_meta(). Esto hace posible que atacantes no autenticados actualicen el metadato de la publicaci\u00f3n a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:themeisle:rss_aggregator_by_feedzy:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "3.4.2",
+ "matchCriteriaId": "A8178F22-EB49-4843-A03C-AC5DCC69DE0D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2369394/feedzy-rss-feeds/trunk/includes/admin/feedzy-rss-feeds-admin.php",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e3b916dc-3b94-4319-a805-0ea99d14429f?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36759.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36759.json
new file mode 100644
index 00000000000..9d83f7fb2c3
--- /dev/null
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36759.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2020-36759",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.473",
+ "lastModified": "2023-10-27T18:54:19.870",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Woody code snippets para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 2.3.9 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n runActions(). Esto hace posible que atacantes no autenticados activen y desactiven fragmentos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cm-wp:woody_code_snippets:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "2.3.9",
+ "matchCriteriaId": "5890F565-03DC-41E3-86CE-93EE81E282E8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368332%40insert-php&new=2368332%40insert-php&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e573c0a4-d053-400b-828c-0d0eca880776?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2020/CVE-2020-40xx/CVE-2020-4030.json b/CVE-2020/CVE-2020-40xx/CVE-2020-4030.json
index ffcd42a9f76..b75a3521b44 100644
--- a/CVE-2020/CVE-2020-40xx/CVE-2020-4030.json
+++ b/CVE-2020/CVE-2020-40xx/CVE-2020-4030.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-4030",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:13.087",
- "lastModified": "2023-10-07T21:15:14.837",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:27:12.637",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -165,8 +165,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -176,6 +176,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -212,7 +227,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-40xx/CVE-2020-4031.json b/CVE-2020/CVE-2020-40xx/CVE-2020-4031.json
index 050f17d8650..e62318e2907 100644
--- a/CVE-2020/CVE-2020-40xx/CVE-2020-4031.json
+++ b/CVE-2020/CVE-2020-40xx/CVE-2020-4031.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-4031",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:13.163",
- "lastModified": "2023-10-07T21:15:14.957",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:27:09.040",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -165,8 +165,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -176,6 +176,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -213,7 +228,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-40xx/CVE-2020-4032.json b/CVE-2020/CVE-2020-40xx/CVE-2020-4032.json
index c11ed2da59a..02debd9581c 100644
--- a/CVE-2020/CVE-2020-40xx/CVE-2020-4032.json
+++ b/CVE-2020/CVE-2020-40xx/CVE-2020-4032.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-4032",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:13.257",
- "lastModified": "2023-10-07T21:15:15.087",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:27:02.060",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -155,8 +155,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -166,6 +166,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -202,7 +217,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2020/CVE-2020-40xx/CVE-2020-4033.json b/CVE-2020/CVE-2020-40xx/CVE-2020-4033.json
index b30cac44dc5..2823dbb9cd5 100644
--- a/CVE-2020/CVE-2020-40xx/CVE-2020-4033.json
+++ b/CVE-2020/CVE-2020-40xx/CVE-2020-4033.json
@@ -2,8 +2,8 @@
"id": "CVE-2020-4033",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-06-22T22:15:13.353",
- "lastModified": "2023-10-07T21:15:15.193",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:26:55.590",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -165,8 +165,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
- "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"
},
{
"vulnerable": true,
@@ -176,6 +176,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -213,7 +228,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/",
diff --git a/CVE-2021/CVE-2021-10xx/CVE-2021-1050.json b/CVE-2021/CVE-2021-10xx/CVE-2021-1050.json
index 88257f20f83..8116b03a26e 100644
--- a/CVE-2021/CVE-2021-10xx/CVE-2021-1050.json
+++ b/CVE-2021/CVE-2021-10xx/CVE-2021-1050.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-1050",
"sourceIdentifier": "security@android.com",
"published": "2022-11-08T22:15:10.173",
- "lastModified": "2022-11-09T17:19:53.960",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T16:15:08.827",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -64,6 +64,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/175260/PowerVR-Out-Of-Bounds-Access-Information-Leak.html",
+ "source": "security@android.com"
+ },
{
"url": "https://source.android.com/security/bulletin/2022-11-01",
"source": "security@android.com",
diff --git a/CVE-2021/CVE-2021-17xx/CVE-2021-1704.json b/CVE-2021/CVE-2021-17xx/CVE-2021-1704.json
index 14d71826e31..40ba63673b8 100644
--- a/CVE-2021/CVE-2021-17xx/CVE-2021-1704.json
+++ b/CVE-2021/CVE-2021-17xx/CVE-2021-1704.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-1704",
"sourceIdentifier": "secure@microsoft.com",
"published": "2021-01-12T20:15:34.040",
- "lastModified": "2021-01-21T15:41:29.590",
+ "lastModified": "2023-10-17T19:01:11.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -144,8 +144,8 @@
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:sp1:*:*:*:*:*:*",
- "matchCriteriaId": "504D0038-4CFC-4CF6-A013-008B8F3F852E"
+ "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
diff --git a/CVE-2021/CVE-2021-200xx/CVE-2021-20090.json b/CVE-2021/CVE-2021-200xx/CVE-2021-20090.json
index 546e3baabac..ad5bbbc3a2d 100644
--- a/CVE-2021/CVE-2021-200xx/CVE-2021-20090.json
+++ b/CVE-2021/CVE-2021-200xx/CVE-2021-20090.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-20090",
"sourceIdentifier": "vulnreport@tenable.com",
"published": "2021-04-29T15:15:10.630",
- "lastModified": "2022-04-26T17:05:38.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T01:15:24.427",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
- "cisaVulnerabilityName": "Arcadyan Buffalo Firmware Multiple Versions Path Traversal",
+ "cisaVulnerabilityName": "Arcadyan Buffalo Firmware Path Traversal Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -146,6 +146,10 @@
"US Government Resource"
]
},
+ {
+ "url": "https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/",
+ "source": "vulnreport@tenable.com"
+ },
{
"url": "https://www.tenable.com/security/research/tra-2021-13",
"source": "vulnreport@tenable.com",
diff --git a/CVE-2021/CVE-2021-202xx/CVE-2021-20288.json b/CVE-2021/CVE-2021-202xx/CVE-2021-20288.json
index 7bccf77e0e0..aee2d7bbdf0 100644
--- a/CVE-2021/CVE-2021-202xx/CVE-2021-20288.json
+++ b/CVE-2021/CVE-2021-202xx/CVE-2021-20288.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-20288",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-04-15T15:15:12.257",
- "lastModified": "2021-06-03T18:28:00.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.387",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -143,6 +143,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/362CEPPYF3YMJZBEJQUT3KDE2EHYYIYQ/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-205xx/CVE-2021-20581.json b/CVE-2021/CVE-2021-205xx/CVE-2021-20581.json
index e88a05b7ee4..995cd63e5b8 100644
--- a/CVE-2021/CVE-2021-205xx/CVE-2021-20581.json
+++ b/CVE-2021/CVE-2021-205xx/CVE-2021-20581.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-20581",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:09.813",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:58:51.443",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-613"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/199324",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-205xx/CVE-2021-20588.json b/CVE-2021/CVE-2021-205xx/CVE-2021-20588.json
index 50c93d10cb3..11e85d2650d 100644
--- a/CVE-2021/CVE-2021-205xx/CVE-2021-20588.json
+++ b/CVE-2021/CVE-2021-205xx/CVE-2021-20588.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-20588",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2021-02-19T20:15:13.023",
- "lastModified": "2022-11-21T17:15:23.613",
+ "lastModified": "2023-10-18T00:15:10.020",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -322,12 +322,8 @@
]
},
{
- "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-049-02",
- "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
- "tags": [
- "Third Party Advisory",
- "US Government Resource"
- ]
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-049-02",
+ "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp"
},
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2020-021_en.pdf",
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21602.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21602.json
index 7c52f3e5357..a6f3eecb3d2 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21602.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21602.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21602",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.337",
- "lastModified": "2021-01-15T18:38:19.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.590",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-59"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21603.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21603.json
index 44de31ac155..c1542adab27 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21603.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21603.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21603",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.460",
- "lastModified": "2021-01-15T18:40:44.310",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.693",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21604.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21604.json
index 965a2e20723..d126a63ab42 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21604.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21604.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21604",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.523",
- "lastModified": "2021-01-15T19:08:04.457",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21605.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21605.json
index e89e56ae385..3751ca403ab 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21605.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21605.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21605",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.600",
- "lastModified": "2022-10-24T16:59:53.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:44.873",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-20"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21606.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21606.json
index 65035b9e09c..bf7771be555 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21606.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21606.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21606",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.663",
- "lastModified": "2021-01-15T18:58:36.943",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-20"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-20"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21607.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21607.json
index 5a0092a2042..31c7db0df24 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21607.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21607.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21607",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.740",
- "lastModified": "2021-01-15T20:32:44.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.097",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-770"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-789"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21608.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21608.json
index 2c14cc4f2d5..7789cccdda6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21608.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21608.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21608",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.837",
- "lastModified": "2021-01-15T19:45:20.460",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.210",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21609.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21609.json
index e97f845edb1..1a560010938 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21609.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21609.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21609",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:13.897",
- "lastModified": "2021-01-15T20:00:06.520",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.280",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21610.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21610.json
index 90171c4ee9f..24b05592279 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21610.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21610.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21610",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:14.007",
- "lastModified": "2021-01-15T19:41:32.033",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21611.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21611.json
index 14a73e485b9..f8d5951119d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21611.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21611.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21611",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:14.087",
- "lastModified": "2021-01-15T19:25:57.793",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.470",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21612.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21612.json
index 5f50a3896c9..6b085308748 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21612.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21612.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21612",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:14.147",
- "lastModified": "2021-01-19T16:59:32.280",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.603",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21613.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21613.json
index 88d9e50de7b..23890b0318a 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21613.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21613.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21613",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:14.273",
- "lastModified": "2021-01-19T17:19:45.323",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.717",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21614.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21614.json
index 5948d59e6ed..eb39c4b4bd6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21614.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21614.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21614",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-13T16:15:14.350",
- "lastModified": "2021-01-19T17:39:52.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21615.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21615.json
index 1e391b844ee..0db33a555b3 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21615.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21615.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21615",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-01-26T18:16:18.693",
- "lastModified": "2021-02-02T16:20:54.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:45.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-367"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-367"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21616.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21616.json
index 48c5786f90e..dbbeba43ac2 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21616.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21616.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21616",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:14.663",
- "lastModified": "2021-02-27T04:56:50.777",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.033",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21617.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21617.json
index 546a93361ed..c291d8a81a3 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21617.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21617.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21617",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:14.807",
- "lastModified": "2021-02-26T22:33:30.130",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.157",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21618.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21618.json
index 147f8bdb17e..783744b6bbd 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21618.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21618.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21618",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:14.897",
- "lastModified": "2021-02-27T04:53:40.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21619.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21619.json
index cd30b6acb21..91797f2107a 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21619.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21619.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21619",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:14.983",
- "lastModified": "2021-02-27T04:52:14.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.350",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2188%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2188%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21620.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21620.json
index 3eb8b07d2f2..44003f100a8 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21620.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21620.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21620",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:15.053",
- "lastModified": "2021-02-26T22:31:31.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2188%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-02-24/#SECURITY-2188%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21621.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21621.json
index 798e3dc760a..0b2de6f28b1 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21621.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21621.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21621",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:15.133",
- "lastModified": "2022-10-25T16:03:04.260",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.520",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-200"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-201"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21622.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21622.json
index d33d0f135c2..208a79349f6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21622.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21622.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21622",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-02-24T16:15:15.227",
- "lastModified": "2021-02-27T04:46:34.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21623.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21623.json
index 4f6c98c63f9..79c933dd852 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21623.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21623.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21623",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-18T14:15:13.227",
- "lastModified": "2021-03-23T19:58:17.833",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.727",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21624.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21624.json
index 77ff87895cb..2347e1f5ef3 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21624.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21624.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21624",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-18T14:15:13.350",
- "lastModified": "2021-03-24T15:55:52.877",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.860",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21625.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21625.json
index 73167539879..8196b6162fe 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21625.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21625.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21625",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-18T14:15:13.427",
- "lastModified": "2021-03-24T16:12:13.943",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:46.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21626.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21626.json
index 8efc387bef8..8ed84660d18 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21626.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21626.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21626",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-18T14:15:13.490",
- "lastModified": "2021-03-24T16:43:53.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21627.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21627.json
index 3f2cbb22316..789efad3cf5 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21627.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21627.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21627",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-18T14:15:13.570",
- "lastModified": "2021-03-24T12:23:35.180",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.130",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21628.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21628.json
index c14c09d39bc..832b8653d6a 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21628.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21628.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21628",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.187",
- "lastModified": "2021-04-02T17:29:00.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21629.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21629.json
index b40852fc747..9688804bf97 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21629.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21629.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21629",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.327",
- "lastModified": "2021-04-02T17:41:23.513",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21630.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21630.json
index 92c0e2f27f5..e161132afeb 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21630.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21630.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21630",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.407",
- "lastModified": "2021-04-02T17:51:14.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.470",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21631.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21631.json
index 86b134a662b..2e466edcf04 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21631.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21631.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21631",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.470",
- "lastModified": "2021-04-02T16:56:09.400",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.607",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21632.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21632.json
index 6e7866a08bc..681e6df9845 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21632.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21632.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21632",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.547",
- "lastModified": "2021-04-02T16:24:02.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.680",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json
index 2f03ae51f29..5f0ce3ef21d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21633.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21633",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.627",
- "lastModified": "2021-04-02T16:23:13.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21634.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21634.json
index 8c036904ce6..1ca3334b8f0 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21634.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21634.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21634",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.687",
- "lastModified": "2021-04-02T16:16:54.697",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.873",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21635.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21635.json
index 4379818ccc0..9ea8ae94a2f 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21635.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21635.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21635",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.767",
- "lastModified": "2021-04-05T18:01:58.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:47.963",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21636.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21636.json
index 4916b45743b..59b8cb29973 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21636.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21636.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21636",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.843",
- "lastModified": "2021-04-05T18:39:00.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.093",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21637.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21637.json
index 516c99c0aa8..a61ad95d786 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21637.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21637.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21637",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.907",
- "lastModified": "2021-04-05T18:43:14.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json
index e49eb4b77f9..0113a94f746 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21638.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21638",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-03-30T12:16:10.987",
- "lastModified": "2021-04-02T20:59:22.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-03-30/#SECURITY-2283%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21639.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21639.json
index 3dc081b480f..451803eff80 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21639.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21639.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21639",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-07T14:15:16.890",
- "lastModified": "2021-04-13T18:16:14.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.380",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-20"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21640.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21640.json
index 3b6f4aab812..b42ad8d800c 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21640.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21640.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21640",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-07T14:15:17.017",
- "lastModified": "2021-04-13T18:00:15.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.480",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-240"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json
index 662012dbb9e..1fd187b5700 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21641.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21641",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-07T14:15:17.093",
- "lastModified": "2021-04-13T03:17:12.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.573",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21642.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21642.json
index ee577fa8a32..f9d97c95420 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21642.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21642.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21642",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.287",
- "lastModified": "2021-04-23T19:46:57.893",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.677",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21643.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21643.json
index 2cb702bce45..4ca7c4abb55 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21643.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21643.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21643",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.340",
- "lastModified": "2021-04-24T03:47:43.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.810",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json
index 766a4fa1ce9..f26e5167bb6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21644.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21644",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.373",
- "lastModified": "2021-04-26T19:59:33.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:48.910",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21645.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21645.json
index 345eb80170a..81750885f74 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21645.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21645.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21645",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.407",
- "lastModified": "2021-04-26T20:00:27.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.003",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21646.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21646.json
index 523b0ffbdd4..f2ba12e2599 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21646.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21646.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21646",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.440",
- "lastModified": "2021-04-26T18:12:26.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.080",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21647.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21647.json
index bd527623aa7..cd991e25d88 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21647.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21647.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21647",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-04-21T15:15:08.477",
- "lastModified": "2021-04-26T18:06:19.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21648.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21648.json
index 5e080fecdeb..198b47dc3ef 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21648.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21648.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21648",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:07.873",
- "lastModified": "2021-05-14T21:39:52.740",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21649.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21649.json
index 6bda4096c4d..1160c691c69 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21649.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21649.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21649",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:07.917",
- "lastModified": "2021-05-14T21:40:22.630",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.473",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21650.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21650.json
index f2cf26a46b1..c2e1ae62b5d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21650.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21650.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21650",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:07.953",
- "lastModified": "2021-05-19T13:24:28.963",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21651.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21651.json
index 28a805c608c..644d6b68de8 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21651.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21651.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21651",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:07.993",
- "lastModified": "2021-05-19T12:26:15.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.687",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json
index 33df1d92bce..0a2554de9a9 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21652.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21652",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.030",
- "lastModified": "2023-01-30T19:18:25.510",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.753",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21653.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21653.json
index 0a43de5faa7..e26bb003cf2 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21653.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21653.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21653",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.070",
- "lastModified": "2021-05-19T18:01:49.933",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-05-11/#SECURITY-2251%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21654.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21654.json
index 52bf59701aa..1233e74b6c0 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21654.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21654.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21654",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.110",
- "lastModified": "2021-05-19T15:15:43.413",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21655.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21655.json
index d47021a8a77..1bdb5bdd573 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21655.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21655.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21655",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.147",
- "lastModified": "2021-05-20T13:56:33.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:49.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21656.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21656.json
index ded6a9107e1..91b53acbb5f 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21656.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21656.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21656",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-11T15:15:08.183",
- "lastModified": "2021-05-19T15:48:21.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.037",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21657.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21657.json
index 1971492c46e..55eb4c9a9c0 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21657.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21657.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21657",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-25T17:15:08.037",
- "lastModified": "2021-06-01T18:16:50.203",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21658.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21658.json
index 314e51dfb42..3fbabc49abf 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21658.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21658.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21658",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-25T17:15:08.073",
- "lastModified": "2021-06-01T14:32:00.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.183",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21659.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21659.json
index c521728ba2d..cb4939a4dda 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21659.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21659.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21659",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-25T17:15:08.110",
- "lastModified": "2021-05-28T21:26:29.663",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.250",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21660.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21660.json
index 25ad72b669c..85675b16dfd 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21660.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21660.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21660",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-05-25T17:15:08.150",
- "lastModified": "2021-06-01T12:18:22.893",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.313",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21661.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21661.json
index 37e635b0b84..283449960a2 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21661.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21661.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21661",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:08.693",
- "lastModified": "2021-06-15T16:18:31.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21662.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21662.json
index 1f09bb7c97e..17e58f7fd4e 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21662.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21662.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21662",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:08.767",
- "lastModified": "2021-06-15T18:24:37.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.467",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21663.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21663.json
index 71236e830ed..e8c6cb5cdfa 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21663.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21663.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21663",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:08.837",
- "lastModified": "2021-06-15T18:25:23.753",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.530",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21664.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21664.json
index e790b374f19..0aa0eac665a 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21664.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21664.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21664",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:08.907",
- "lastModified": "2021-06-15T18:00:03.840",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.597",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21665.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21665.json
index 5a1f830747a..af60faaa291 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21665.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21665.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21665",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:08.977",
- "lastModified": "2021-06-15T18:01:53.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21666.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21666.json
index c4f5bc692b4..701a16b863d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21666.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21666.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21666",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-10T15:15:09.057",
- "lastModified": "2021-06-15T17:20:15.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.727",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21667.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21667.json
index ff7b35b4ef0..de74a2882ca 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21667.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21667.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21667",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-16T14:15:08.523",
- "lastModified": "2021-06-22T14:06:49.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.790",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21668.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21668.json
index 9b1cfcb7e2c..528db42f55b 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21668.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21668.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21668",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-16T14:15:08.610",
- "lastModified": "2021-06-22T14:08:54.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.867",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21669.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21669.json
index 7786e63f4a9..12731151b21 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21669.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21669.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21669",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-18T10:15:08.557",
- "lastModified": "2021-06-22T17:33:15.843",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.927",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21670.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21670.json
index bf5ef47adeb..fa2dda4aec5 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21670.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21670.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21670",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:08.900",
- "lastModified": "2021-07-06T14:02:57.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:50.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21671.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21671.json
index decf4b36644..ad86e03bdff 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21671.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21671.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21671",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:08.987",
- "lastModified": "2021-07-06T14:01:01.810",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.073",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-384"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21672.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21672.json
index 5b327184c44..771570c9bf3 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21672.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21672.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21672",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.067",
- "lastModified": "2022-06-01T20:43:02.050",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.140",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21673.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21673.json
index da77050fc1d..83abdc19ec6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21673.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21673.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21673",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.160",
- "lastModified": "2021-07-06T17:07:47.470",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-601"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21674.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21674.json
index 376370a55f0..3909916d25d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21674.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21674.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21674",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.240",
- "lastModified": "2021-07-07T10:59:38.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21675.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21675.json
index 989404ed89e..cda0c5f97ee 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21675.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21675.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21675",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.317",
- "lastModified": "2021-07-06T17:25:11.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.337",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -103,11 +91,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21676.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21676.json
index 1bbf400b910..1d0753822b7 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21676.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21676.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21676",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-06-30T17:15:09.400",
- "lastModified": "2021-07-07T11:00:49.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.423",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2021-06-30/#SECURITY-2136%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21677.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21677.json
index a21da1a47c9..27514f11a06 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21677.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21677.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21677",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.447",
- "lastModified": "2021-09-08T15:30:19.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.493",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21678.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21678.json
index 01b601eb6f0..8244e067aa4 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21678.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21678.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21678",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.500",
- "lastModified": "2022-10-25T18:01:24.780",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.577",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21679.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21679.json
index c825b379e49..40261d9612d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21679.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21679.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21679",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.553",
- "lastModified": "2022-10-25T18:02:47.170",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.640",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21680.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21680.json
index 21c77e9de3f..36b84969bc5 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21680.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21680.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21680",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.607",
- "lastModified": "2021-09-07T19:00:40.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.703",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21681.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21681.json
index ba0b69bafcb..d29dfad9b82 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21681.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21681.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21681",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-08-31T14:15:25.663",
- "lastModified": "2022-04-25T17:25:37.380",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.773",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21682.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21682.json
index ad16e410661..3b6914c3d6d 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21682.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21682.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21682",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.860",
- "lastModified": "2021-10-19T18:52:31.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.837",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-42"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21683.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21683.json
index 2aeae4b4762..cbdf1bf6f1a 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21683.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21683.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21683",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.927",
- "lastModified": "2021-10-19T18:58:12.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.927",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"operator": "AND",
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21684.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21684.json
index 721fcf2b1de..fba53a8255b 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21684.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21684.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21684",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-10-06T23:15:06.977",
- "lastModified": "2022-10-25T15:26:57.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:51.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-116"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21685.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21685.json
index 7f333381ecb..d791642979b 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21685.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21685.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21685",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:07.710",
- "lastModified": "2021-11-08T13:59:09.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.083",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21686.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21686.json
index a431fdbb22c..12cf153cc60 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21686.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21686.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21686",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.277",
- "lastModified": "2021-11-08T14:38:53.720",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.177",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21687.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21687.json
index b488b77a16f..4a9d7fc7747 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21687.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21687.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21687",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.390",
- "lastModified": "2021-11-08T16:47:05.250",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.253",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21688.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21688.json
index 7b0596530b3..c589dad4cfc 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21688.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21688.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21688",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.447",
- "lastModified": "2021-11-05T19:20:09.340",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.333",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21689.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21689.json
index 56e2233c4fc..0ab428b89aa 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21689.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21689.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21689",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.500",
- "lastModified": "2022-10-24T16:06:45.763",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.407",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21690.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21690.json
index 4db9679009c..b8ae3d88338 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21690.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21690.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21690",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.553",
- "lastModified": "2021-11-09T15:20:43.307",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21691.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21691.json
index a4f1ab4f445..0e1091ce7ae 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21691.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21691.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21691",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.607",
- "lastModified": "2021-11-09T19:35:13.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.560",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21692.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21692.json
index 379ba2d9c78..c04dc7e47c8 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21692.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21692.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21692",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.660",
- "lastModified": "2021-11-09T19:30:50.273",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.623",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21693.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21693.json
index 65e8f4db952..d78985ea4f6 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21693.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21693.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21693",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.717",
- "lastModified": "2022-12-07T17:08:55.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21694.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21694.json
index 6b5e612fd36..a451defc593 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21694.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21694.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21694",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.767",
- "lastModified": "2021-11-09T19:08:43.403",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.783",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21695.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21695.json
index 24b48603e4d..1ebc9555183 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21695.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21695.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21695",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.820",
- "lastModified": "2022-10-24T16:07:08.163",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.867",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21696.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21696.json
index 6c7206a201f..beb8b2efd1b 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21696.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21696.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21696",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.873",
- "lastModified": "2021-11-08T17:33:05.410",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:52.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21697.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21697.json
index 410d2b6e2bd..78ca24adb75 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21697.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21697.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21697",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.927",
- "lastModified": "2021-11-08T17:36:20.117",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.007",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-184"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21698.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21698.json
index c8ce443fdd3..ae0928dad4f 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21698.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21698.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21698",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-04T17:15:08.987",
- "lastModified": "2021-11-08T17:44:26.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-216xx/CVE-2021-21699.json b/CVE-2021/CVE-2021-216xx/CVE-2021-21699.json
index 694fbaef56a..479031a8a01 100644
--- a/CVE-2021/CVE-2021-216xx/CVE-2021-21699.json
+++ b/CVE-2021/CVE-2021-216xx/CVE-2021-21699.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21699",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.007",
- "lastModified": "2021-11-17T01:25:52.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-217xx/CVE-2021-21700.json b/CVE-2021/CVE-2021-217xx/CVE-2021-21700.json
index 7f3633269ad..a2a3b7e8151 100644
--- a/CVE-2021/CVE-2021-217xx/CVE-2021-21700.json
+++ b/CVE-2021/CVE-2021-217xx/CVE-2021-21700.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21700",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.113",
- "lastModified": "2021-11-17T01:25:25.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.287",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-217xx/CVE-2021-21701.json b/CVE-2021/CVE-2021-217xx/CVE-2021-21701.json
index 40d45ae49b1..0e087d8e6ee 100644
--- a/CVE-2021/CVE-2021-217xx/CVE-2021-21701.json
+++ b/CVE-2021/CVE-2021-217xx/CVE-2021-21701.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-21701",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.167",
- "lastModified": "2021-11-17T01:18:10.560",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.360",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-23xx/CVE-2021-2351.json b/CVE-2021/CVE-2021-23xx/CVE-2021-2351.json
index 327370f9909..edca7c95a18 100644
--- a/CVE-2021/CVE-2021-23xx/CVE-2021-2351.json
+++ b/CVE-2021/CVE-2021-23xx/CVE-2021-2351.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-2351",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2021-07-21T15:15:21.827",
- "lastModified": "2022-10-06T18:22:41.560",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.477",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -90,7 +90,11 @@
"description": [
{
"lang": "en",
- "value": "NVD-CWE-noinfo"
+ "value": "CWE-327"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-384"
}
]
}
@@ -1472,6 +1476,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://www.oracle.com/security-alerts/cpujan2023.html",
+ "source": "secalert_us@oracle.com"
+ },
{
"url": "https://www.oracle.com/security-alerts/cpujul2021.html",
"source": "secalert_us@oracle.com",
diff --git a/CVE-2021/CVE-2021-243xx/CVE-2021-24370.json b/CVE-2021/CVE-2021-243xx/CVE-2021-24370.json
index 1b5f2297751..acf4f448667 100644
--- a/CVE-2021/CVE-2021-243xx/CVE-2021-24370.json
+++ b/CVE-2021/CVE-2021-243xx/CVE-2021-24370.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-24370",
"sourceIdentifier": "contact@wpscan.com",
"published": "2021-06-21T20:15:08.727",
- "lastModified": "2021-09-20T17:10:10.107",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T01:15:25.467",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -65,7 +65,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "contact@wpscan.com",
"type": "Primary",
"description": [
{
@@ -75,7 +75,7 @@
]
},
{
- "source": "contact@wpscan.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -130,6 +130,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/",
+ "source": "contact@wpscan.com"
+ },
{
"url": "https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/",
"source": "contact@wpscan.com",
diff --git a/CVE-2021/CVE-2021-267xx/CVE-2021-26734.json b/CVE-2021/CVE-2021-267xx/CVE-2021-26734.json
new file mode 100644
index 00000000000..a9707f939d9
--- /dev/null
+++ b/CVE-2021/CVE-2021-267xx/CVE-2021-26734.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2021-26734",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:08.927",
+ "lastModified": "2023-10-27T00:30:43.053",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "El instalador de Zscaler Client Connector en Windows anterior a la versi\u00f3n 3.4.0.124 manejaba incorrectamente las uniones de directorios durante la desinstalaci\u00f3n. Un adversario local puede eliminar carpetas en un contexto elevado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "3.4.0.124",
+ "matchCriteriaId": "8318DD99-D4B2-4917-AAB3-56D65DE97B57"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-267xx/CVE-2021-26735.json b/CVE-2021/CVE-2021-267xx/CVE-2021-26735.json
new file mode 100644
index 00000000000..fe4c5fb445b
--- /dev/null
+++ b/CVE-2021/CVE-2021-267xx/CVE-2021-26735.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2021-26735",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.000",
+ "lastModified": "2023-10-27T00:30:49.677",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Zscaler Client Connector Installer and Unsintallers para Windows anteriores a 3.6 ten\u00edan una vulnerabilidad de ruta de b\u00fasqueda sin comillas. Un adversario local puede ejecutar c\u00f3digo con privilegios de SYSTEM."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-428"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "3.6",
+ "matchCriteriaId": "B3A7E628-F74C-46BC-A5E5-25402F2B90D8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-267xx/CVE-2021-26736.json b/CVE-2021/CVE-2021-267xx/CVE-2021-26736.json
new file mode 100644
index 00000000000..fa502a3de63
--- /dev/null
+++ b/CVE-2021/CVE-2021-267xx/CVE-2021-26736.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2021-26736",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.063",
+ "lastModified": "2023-10-27T00:33:29.907",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "M\u00faltiples vulnerabilidades en Zscaler Client Connector Installer and Uninstaller para Windows anteriores a 3.6 permit\u00edan la ejecuci\u00f3n de archivos binarios desde una ruta con pocos privilegios. Un adversario local puede ejecutar c\u00f3digo con privilegios de SYSTEM."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "3.6",
+ "matchCriteriaId": "B3A7E628-F74C-46BC-A5E5-25402F2B90D8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2021",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-267xx/CVE-2021-26737.json b/CVE-2021/CVE-2021-267xx/CVE-2021-26737.json
new file mode 100644
index 00000000000..ae2937b6ee2
--- /dev/null
+++ b/CVE-2021/CVE-2021-267xx/CVE-2021-26737.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2021-26737",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.127",
+ "lastModified": "2023-10-27T00:33:45.490",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Zscaler Client Connector para macOS anterior a 3.6 no validaba suficientemente los clientes RPC. Un adversario local sin privilegios suficientes podr\u00eda cerrar el t\u00fanel Zscaler aprovechando una condici\u00f3n de ejecuci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 3.6
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
+ "versionEndExcluding": "3.6",
+ "matchCriteriaId": "87D5E96F-6D38-4787-8E26-589C0EABDFFF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.6&deployment_date=2022-01-07&id=1388686",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-267xx/CVE-2021-26738.json b/CVE-2021/CVE-2021-267xx/CVE-2021-26738.json
new file mode 100644
index 00000000000..13bef829f6a
--- /dev/null
+++ b/CVE-2021/CVE-2021-267xx/CVE-2021-26738.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2021-26738",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.187",
+ "lastModified": "2023-10-27T00:33:51.687",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Zscaler Client Connector para macOS anterior a 3.7 ten\u00eda una vulnerabilidad de ruta de b\u00fasqueda sin comillas a trav\u00e9s de la variable PATH. Un adversario local puede ejecutar c\u00f3digo con privilegios de root."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-426"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-426"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
+ "versionEndExcluding": "3.7",
+ "matchCriteriaId": "42F3A99E-0E82-49F1-88D5-9397220A0A1A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=macOS&applicable_version=3.7&deployment_date=2022-08-19&id=1414851",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-284xx/CVE-2021-28485.json b/CVE-2021/CVE-2021-284xx/CVE-2021-28485.json
index 9c5521c4601..eaffa3cece7 100644
--- a/CVE-2021/CVE-2021-284xx/CVE-2021-28485.json
+++ b/CVE-2021/CVE-2021-284xx/CVE-2021-28485.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-28485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T15:15:07.827",
- "lastModified": "2023-09-21T12:51:08.870",
+ "lastModified": "2023-10-25T20:13:17.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -21,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "HIGH",
+ "confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
- "baseScore": 6.5,
+ "baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
- "impactScore": 3.6
+ "impactScore": 1.4
}
]
},
diff --git a/CVE-2021/CVE-2021-286xx/CVE-2021-28651.json b/CVE-2021/CVE-2021-286xx/CVE-2021-28651.json
index bed5d870bda..daf2620c265 100644
--- a/CVE-2021/CVE-2021-286xx/CVE-2021-28651.json
+++ b/CVE-2021/CVE-2021-286xx/CVE-2021-28651.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-28651",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T12:15:08.197",
- "lastModified": "2023-10-17T05:15:49.187",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:43:32.560",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -159,11 +159,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5104",
diff --git a/CVE-2021/CVE-2021-286xx/CVE-2021-28652.json b/CVE-2021/CVE-2021-286xx/CVE-2021-28652.json
index 58201445aa8..4d130c07f56 100644
--- a/CVE-2021/CVE-2021-286xx/CVE-2021-28652.json
+++ b/CVE-2021/CVE-2021-286xx/CVE-2021-28652.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-28652",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T12:15:08.230",
- "lastModified": "2023-10-17T05:15:49.470",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:46:43.467",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -144,11 +144,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5106",
diff --git a/CVE-2021/CVE-2021-286xx/CVE-2021-28662.json b/CVE-2021/CVE-2021-286xx/CVE-2021-28662.json
index 9ff979013d3..db8ec278842 100644
--- a/CVE-2021/CVE-2021-286xx/CVE-2021-28662.json
+++ b/CVE-2021/CVE-2021-286xx/CVE-2021-28662.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-28662",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T12:15:08.263",
- "lastModified": "2023-10-17T05:15:49.577",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:34:35.160",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -139,11 +139,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch",
diff --git a/CVE-2021/CVE-2021-299xx/CVE-2021-29913.json b/CVE-2021/CVE-2021-299xx/CVE-2021-29913.json
index 6bf2118021a..82952da5f0b 100644
--- a/CVE-2021/CVE-2021-299xx/CVE-2021-29913.json
+++ b/CVE-2021/CVE-2021-299xx/CVE-2021-29913.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-29913",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:09.910",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:59:20.763",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.2
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207898",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-301xx/CVE-2021-30116.json b/CVE-2021/CVE-2021-301xx/CVE-2021-30116.json
index 027f9ed2fbb..9500fef90ea 100644
--- a/CVE-2021/CVE-2021-301xx/CVE-2021-30116.json
+++ b/CVE-2021/CVE-2021-301xx/CVE-2021-30116.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-30116",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-07-09T14:15:07.770",
- "lastModified": "2022-07-12T17:42:04.277",
+ "lastModified": "2023-10-23T14:15:09.250",
"vulnStatus": "Modified",
"cisaExploitAdd": "2021-11-03",
"cisaActionDue": "2021-11-17",
"cisaRequiredAction": "Apply updates per vendor instructions.",
- "cisaVulnerabilityName": "Kaseya VSA Remote Code Execution Vulnerability",
+ "cisaVulnerabilityName": "Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability",
"descriptions": [
{
"lang": "en",
@@ -94,7 +94,7 @@
"description": [
{
"lang": "en",
- "value": "NVD-CWE-noinfo"
+ "value": "CWE-522"
}
]
}
@@ -144,6 +144,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.secpod.com/blog/kaseya-vsa-zero-day-by-revil/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31806.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31806.json
index aca99dd8240..0e2c4418d84 100644
--- a/CVE-2021/CVE-2021-318xx/CVE-2021-31806.json
+++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31806.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-31806",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T13:15:08.270",
- "lastModified": "2023-10-17T05:15:49.683",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:36:29.477",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -158,11 +158,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch",
diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31807.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31807.json
index 7a20498133b..b43f9f2ab3f 100644
--- a/CVE-2021/CVE-2021-318xx/CVE-2021-31807.json
+++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31807.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-31807",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-06-08T20:15:09.057",
- "lastModified": "2023-10-17T05:15:49.790",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T15:00:49.823",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -254,11 +254,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch",
diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31808.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31808.json
index 4148543047d..3f8a8e7da7c 100644
--- a/CVE-2021/CVE-2021-318xx/CVE-2021-31808.json
+++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31808.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-31808",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-27T14:15:07.500",
- "lastModified": "2023-10-17T05:15:49.943",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:39:44.803",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -158,11 +158,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch",
diff --git a/CVE-2021/CVE-2021-327xx/CVE-2021-32749.json b/CVE-2021/CVE-2021-327xx/CVE-2021-32749.json
index ad418e2e726..113d9dca956 100644
--- a/CVE-2021/CVE-2021-327xx/CVE-2021-32749.json
+++ b/CVE-2021/CVE-2021-327xx/CVE-2021-32749.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-32749",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-07-16T18:15:08.270",
- "lastModified": "2021-11-28T23:18:14.820",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-19T08:15:07.893",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -85,22 +85,22 @@
},
"weaknesses": [
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-78"
+ "value": "CWE-94"
}
]
},
{
- "source": "nvd@nist.gov",
+ "source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-94"
+ "value": "CWE-78"
}
]
}
@@ -198,6 +198,10 @@
"Mailing List",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202310-13",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33620.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33620.json
index c4ea72ca0d9..cd8c6a7f4dd 100644
--- a/CVE-2021/CVE-2021-336xx/CVE-2021-33620.json
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33620.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-33620",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-05-28T12:15:07.697",
- "lastModified": "2023-10-17T05:15:50.050",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T14:52:13.753",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -158,11 +158,19 @@
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/14",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch",
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json
new file mode 100644
index 00000000000..d1021ba3f25
--- /dev/null
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33634.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-33634",
+ "sourceIdentifier": "securities@openeuler.org",
+ "published": "2023-10-29T08:15:20.567",
+ "lastModified": "2023-10-29T08:15:20.567",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-665"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/src-openeuler/lcr/pulls/251/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://gitee.com/src-openeuler/lcr/pulls/257/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1692",
+ "source": "securities@openeuler.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json
new file mode 100644
index 00000000000..9b7f96b8e44
--- /dev/null
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33635.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-33635",
+ "sourceIdentifier": "securities@openeuler.org",
+ "published": "2023-10-29T08:15:20.647",
+ "lastModified": "2023-10-29T08:15:20.647",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "When malicious images are pulled by isula pull, attackers can execute arbitrary code."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-665"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
+ "source": "securities@openeuler.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json
new file mode 100644
index 00000000000..26fc8bc2f04
--- /dev/null
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33636.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-33636",
+ "sourceIdentifier": "securities@openeuler.org",
+ "published": "2023-10-29T08:15:20.707",
+ "lastModified": "2023-10-29T08:15:20.707",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-665"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
+ "source": "securities@openeuler.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json
new file mode 100644
index 00000000000..a8305964cf2
--- /dev/null
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33637.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-33637",
+ "sourceIdentifier": "securities@openeuler.org",
+ "published": "2023-10-29T08:15:20.763",
+ "lastModified": "2023-10-29T08:15:20.763",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-665"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
+ "source": "securities@openeuler.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json b/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json
new file mode 100644
index 00000000000..f33740e3826
--- /dev/null
+++ b/CVE-2021/CVE-2021-336xx/CVE-2021-33638.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2021-33638",
+ "sourceIdentifier": "securities@openeuler.org",
+ "published": "2023-10-29T08:15:20.823",
+ "lastModified": "2023-10-29T08:15:20.823",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "securities@openeuler.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-665"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/600/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://gitee.com/src-openeuler/iSulad/pulls/627/files",
+ "source": "securities@openeuler.org"
+ },
+ {
+ "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
+ "source": "securities@openeuler.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-359xx/CVE-2021-35991.json b/CVE-2021/CVE-2021-359xx/CVE-2021-35991.json
index 94c2a91ac5f..c0b312fb38a 100644
--- a/CVE-2021/CVE-2021-359xx/CVE-2021-35991.json
+++ b/CVE-2021/CVE-2021-359xx/CVE-2021-35991.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-35991",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-08-20T19:15:10.263",
- "lastModified": "2023-07-07T19:25:15.007",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.437",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Adobe Bridge version 11.0.2 (and earlier) is affected by an uninitialized variable vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+ "value": "Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
@@ -65,22 +65,22 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-908"
+ "value": "CWE-824"
}
]
},
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-908"
}
]
}
diff --git a/CVE-2021/CVE-2021-35xx/CVE-2021-3524.json b/CVE-2021/CVE-2021-35xx/CVE-2021-3524.json
index 20f8198df24..6d28c7237e1 100644
--- a/CVE-2021/CVE-2021-35xx/CVE-2021-3524.json
+++ b/CVE-2021/CVE-2021-35xx/CVE-2021-3524.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-3524",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-05-17T17:15:08.773",
- "lastModified": "2022-10-27T12:38:51.343",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -166,6 +166,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-35xx/CVE-2021-3531.json b/CVE-2021/CVE-2021-35xx/CVE-2021-3531.json
index 1c64246675b..8ad3291b603 100644
--- a/CVE-2021/CVE-2021-35xx/CVE-2021-3531.json
+++ b/CVE-2021/CVE-2021-35xx/CVE-2021-3531.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-3531",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-05-18T12:15:08.080",
- "lastModified": "2022-10-27T12:38:40.087",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -161,6 +161,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX5ZHI5L7FOHXOSEV3TYBAL66DMLJ7V5/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36045.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36045.json
index 5f8e5cae562..b1a808c8a0b 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36045.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36045.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36045",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.417",
- "lastModified": "2023-09-26T01:15:46.750",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:50:15.037",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36046.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36046.json
index f5b8672829f..5662e9ed143 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36046.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36046.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36046",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.473",
- "lastModified": "2023-09-26T01:15:46.870",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:46:52.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -65,22 +85,22 @@
},
"weaknesses": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-788"
+ "value": "CWE-787"
}
]
},
{
- "source": "nvd@nist.gov",
+ "source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-787"
+ "value": "CWE-788"
}
]
}
@@ -101,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -114,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36047.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36047.json
index 1f56f1f6705..41e069a8e42 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36047.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36047.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36047",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.530",
- "lastModified": "2023-09-26T01:15:46.973",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:47:48.550",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36048.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36048.json
index 3f81275ea1b..47dca1761e9 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36048.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36048.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36048",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.590",
- "lastModified": "2023-09-26T01:15:47.067",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:48:27.930",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36050.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36050.json
index e4ecec4e665..1f3b18016c0 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36050.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36050.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36050",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.707",
- "lastModified": "2023-09-26T01:15:47.833",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:51:01.250",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -65,8 +85,18 @@
},
"weaknesses": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -91,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36051.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36051.json
index 7cf55894e6b..4c71ab27e69 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36051.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36051.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36051",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-10-04T14:15:07.333",
- "lastModified": "2023-09-26T01:15:48.450",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:40:14.177",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -115,8 +115,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:xmp_toolkit_software_development_kit:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "2021.07",
- "matchCriteriaId": "DAADC477-7FFD-4620-84A0-1816F918132F"
+ "versionEndIncluding": "2020.1",
+ "matchCriteriaId": "021E6279-3B11-4D53-B76E-C302A18724E6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -128,12 +143,17 @@
"url": "https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html",
"source": "psirt@adobe.com",
"tags": [
+ "Patch",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36052.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36052.json
index 27c27622339..b4fdd926c5b 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36052.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36052.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36052",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.767",
- "lastModified": "2023-09-26T01:15:48.997",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:51:16.713",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -121,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -134,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36053.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36053.json
index 0274f65b046..3e69b3acd4d 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36053.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36053.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36053",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.827",
- "lastModified": "2023-09-26T01:15:49.500",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:51:47.677",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.3,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 1.4
}
],
"cvssMetricV2": [
@@ -101,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -114,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36054.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36054.json
index 58c8266b9b5..8d393a82853 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36054.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36054.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36054",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.883",
- "lastModified": "2023-09-26T01:15:49.633",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:52:08.853",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -85,8 +85,18 @@
},
"weaknesses": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -111,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -124,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36055.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36055.json
index 29e2f60843e..4d401dec7d7 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36055.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36055.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36055",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:10.940",
- "lastModified": "2023-09-26T01:15:49.727",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:52:29.037",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36058.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36058.json
index ca7b56f339d..e488c6a9471 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36058.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36058.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36058",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:11.120",
- "lastModified": "2023-09-26T01:15:49.987",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:30:33.967",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,10 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-360xx/CVE-2021-36064.json b/CVE-2021/CVE-2021-360xx/CVE-2021-36064.json
index 6095eec0b12..a60145ec3c0 100644
--- a/CVE-2021/CVE-2021-360xx/CVE-2021-36064.json
+++ b/CVE-2021/CVE-2021-360xx/CVE-2021-36064.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-36064",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:11.430",
- "lastModified": "2023-09-26T01:15:50.077",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:37:52.817",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-388xx/CVE-2021-38859.json b/CVE-2021/CVE-2021-388xx/CVE-2021-38859.json
index f8066eba450..ff6f8c838f0 100644
--- a/CVE-2021/CVE-2021-388xx/CVE-2021-38859.json
+++ b/CVE-2021/CVE-2021-388xx/CVE-2021-38859.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-38859",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.000",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:59:31.703",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/207899",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-390xx/CVE-2021-39077.json b/CVE-2021/CVE-2021-390xx/CVE-2021-39077.json
index c41f99e2a2d..6111b653973 100644
--- a/CVE-2021/CVE-2021-390xx/CVE-2021-39077.json
+++ b/CVE-2021/CVE-2021-390xx/CVE-2021-39077.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-39077",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-11-03T20:15:24.037",
- "lastModified": "2022-12-08T21:48:33.330",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T18:15:09.520",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587."
+ "value": "\nIBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587.\n\n?"
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-398xx/CVE-2021-39847.json b/CVE-2021/CVE-2021-398xx/CVE-2021-39847.json
index 40d8c99ca0c..2c6b4296d56 100644
--- a/CVE-2021/CVE-2021-398xx/CVE-2021-39847.json
+++ b/CVE-2021/CVE-2021-398xx/CVE-2021-39847.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-39847",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-01T15:15:12.827",
- "lastModified": "2023-09-26T01:15:50.173",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:33:12.167",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +139,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json
index 0909444c38b..e3efb2a6ff7 100644
--- a/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json
+++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3979.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-3979",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-08-25T20:15:09.473",
- "lastModified": "2023-07-11T20:21:32.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:10.850",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -62,7 +62,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -182,7 +181,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -235,6 +233,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-407xx/CVE-2021-40716.json b/CVE-2021/CVE-2021-407xx/CVE-2021-40716.json
index 8a66a7afc75..e73a05239b2 100644
--- a/CVE-2021/CVE-2021-407xx/CVE-2021-40716.json
+++ b/CVE-2021/CVE-2021-407xx/CVE-2021-40716.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-40716",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-09-29T16:15:11.600",
- "lastModified": "2023-09-26T01:15:50.270",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:39:09.420",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -115,8 +115,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:xmp_toolkit_software_development_kit:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "2021.08",
- "matchCriteriaId": "C005B9A2-8AD8-45A2-B3F0-97478CEBF478"
+ "versionEndIncluding": "2021.07",
+ "matchCriteriaId": "A3EDDBF7-CFE9-4D16-86F6-ABC565470620"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -133,7 +148,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-407xx/CVE-2021-40732.json b/CVE-2021/CVE-2021-407xx/CVE-2021-40732.json
index 891718d7b27..f5004b83a06 100644
--- a/CVE-2021/CVE-2021-407xx/CVE-2021-40732.json
+++ b/CVE-2021/CVE-2021-407xx/CVE-2021-40732.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-40732",
"sourceIdentifier": "psirt@adobe.com",
"published": "2021-10-13T17:15:07.603",
- "lastModified": "2023-09-26T01:15:50.393",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:41:04.883",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-476"
}
]
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
}
],
"configurations": [
@@ -105,8 +115,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:xmp_toolkit_software_development_kit:*:*:*:*:*:*:*:*",
- "versionEndIncluding": "2021.07",
- "matchCriteriaId": "A3EDDBF7-CFE9-4D16-86F6-ABC565470620"
+ "versionEndIncluding": "2020.1",
+ "matchCriteriaId": "021E6279-3B11-4D53-B76E-C302A18724E6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -124,7 +149,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json b/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json
index 39bc3e73d35..ecab8919f08 100644
--- a/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json
+++ b/CVE-2021/CVE-2021-40xx/CVE-2021-4034.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-4034",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-01-28T20:15:12.193",
- "lastModified": "2023-09-11T19:45:38.343",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T01:15:25.660",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2022-06-27",
"cisaActionDue": "2022-07-18",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -15,7 +15,7 @@
},
{
"lang": "es",
- "value": "Se ha encontrado una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\u00f3n pkexec es una herramienta setuid dise\u00f1ada para permitir a usuarios no privilegiados ejecutar comandos como usuarios con privilegios seg\u00fan pol\u00edticas predefinidas. La versi\u00f3n actual de pkexec no maneja correctamente el recuento de par\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto al dise\u00f1ar variables de entorno de tal manera que induzcan a pkexec a ejecutar c\u00f3digo arbitrario. Cuando es ejecutado con \u00e9xito, el ataque puede causar una escalada de privilegios local, dando a usuarios no privilegiados derechos administrativos en la m\u00e1quina de destino"
+ "value": "Se encontr\u00f3 una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\u00f3n pkexec es una herramienta setuid dise\u00f1ada para permitir a usuarios sin privilegios ejecutar comandos como usuarios privilegiados de acuerdo con pol\u00edticas predefinidas. La versi\u00f3n actual de pkexec no maneja correctamente el recuento de par\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto creando variables de entorno de tal manera que induzcan a pkexec a ejecutar c\u00f3digo arbitrario. Cuando se ejecuta con \u00e9xito, el ataque puede provocar una escalada de privilegios locales otorgando a los usuarios sin privilegios derechos administrativos en la m\u00e1quina de destino."
}
],
"metrics": {
@@ -535,6 +535,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-411xx/CVE-2021-41116.json b/CVE-2021/CVE-2021-411xx/CVE-2021-41116.json
index 495a71a4374..13e4da24907 100644
--- a/CVE-2021/CVE-2021-411xx/CVE-2021-41116.json
+++ b/CVE-2021/CVE-2021-411xx/CVE-2021-41116.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-41116",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-10-05T18:15:08.407",
- "lastModified": "2022-09-10T02:38:23.860",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.573",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -163,13 +163,8 @@
]
},
{
- "url": "https://www.tenable.com/security/tns-2022-09",
- "source": "security-advisories@github.com",
- "tags": [
- "Patch",
- "Release Notes",
- "Third Party Advisory"
- ]
+ "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-41xx/CVE-2021-4104.json b/CVE-2021/CVE-2021-41xx/CVE-2021-4104.json
index 4391757c6cc..9ad419ff50f 100644
--- a/CVE-2021/CVE-2021-41xx/CVE-2021-4104.json
+++ b/CVE-2021/CVE-2021-41xx/CVE-2021-4104.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-4104",
"sourceIdentifier": "secalert@redhat.com",
"published": "2021-12-14T12:15:12.200",
- "lastModified": "2022-10-05T17:53:48.013",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T07:15:37.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -530,6 +530,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://security.gentoo.org/glsa/202310-16",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20211223-0007/",
"source": "secalert@redhat.com",
diff --git a/CVE-2021/CVE-2021-425xx/CVE-2021-42528.json b/CVE-2021/CVE-2021-425xx/CVE-2021-42528.json
index 05925e4c315..78a6012c1ce 100644
--- a/CVE-2021/CVE-2021-425xx/CVE-2021-42528.json
+++ b/CVE-2021/CVE-2021-425xx/CVE-2021-42528.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-42528",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-05-02T23:15:07.730",
- "lastModified": "2023-09-26T01:15:50.517",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:00:45.217",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -103,7 +138,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-425xx/CVE-2021-42529.json b/CVE-2021/CVE-2021-425xx/CVE-2021-42529.json
index 8c81e308b05..1e153ae36ff 100644
--- a/CVE-2021/CVE-2021-425xx/CVE-2021-42529.json
+++ b/CVE-2021/CVE-2021-425xx/CVE-2021-42529.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-42529",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-05-02T23:15:07.803",
- "lastModified": "2023-09-26T01:15:52.687",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:43:57.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -101,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -113,7 +148,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-425xx/CVE-2021-42530.json b/CVE-2021/CVE-2021-425xx/CVE-2021-42530.json
index 8d15a9209e5..4a4e3b53ddd 100644
--- a/CVE-2021/CVE-2021-425xx/CVE-2021-42530.json
+++ b/CVE-2021/CVE-2021-425xx/CVE-2021-42530.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-42530",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-05-02T23:15:07.867",
- "lastModified": "2023-09-26T01:15:54.537",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:47:01.727",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -121,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -133,7 +148,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-425xx/CVE-2021-42531.json b/CVE-2021/CVE-2021-425xx/CVE-2021-42531.json
index ea0ef8ae2eb..bc2993e7836 100644
--- a/CVE-2021/CVE-2021-425xx/CVE-2021-42531.json
+++ b/CVE-2021/CVE-2021-425xx/CVE-2021-42531.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-42531",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-05-02T23:15:07.927",
- "lastModified": "2023-09-26T01:15:56.087",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:49:46.497",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -101,6 +121,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -113,7 +148,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-425xx/CVE-2021-42532.json b/CVE-2021/CVE-2021-425xx/CVE-2021-42532.json
index 0b1973ff6fa..1f8151bad5c 100644
--- a/CVE-2021/CVE-2021-425xx/CVE-2021-42532.json
+++ b/CVE-2021/CVE-2021-425xx/CVE-2021-42532.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-42532",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-05-02T23:15:07.990",
- "lastModified": "2023-09-26T01:15:56.980",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:52:28.547",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -35,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
+ },
+ {
+ "source": "psirt@adobe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -91,6 +111,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -103,7 +138,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html",
- "source": "psirt@adobe.com"
+ "source": "psirt@adobe.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4263.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4263.json
index cc21d029bbe..113ef790f50 100644
--- a/CVE-2021/CVE-2021-42xx/CVE-2021-4263.json
+++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4263.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4263",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-21T19:15:12.350",
- "lastModified": "2023-03-03T20:15:09.083",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T14:15:10.207",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,7 +93,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4297.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4297.json
index 2d19eb48ba2..f6bb1be98af 100644
--- a/CVE-2021/CVE-2021-42xx/CVE-2021-4297.json
+++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4297.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4297",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-01T19:15:10.453",
- "lastModified": "2023-01-09T18:21:08.977",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.287",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The name of the patch is 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in trampgeek jobe up to 1.6.4 and classified as problematic. This vulnerability affects the function runs_post of the file application/controllers/Restapi.php. The manipulation of the argument sourcefilename leads to an unknown weakness. Upgrading to version 1.6.5 is able to address this issue. The patch is identified as 694da5013dbecc8d30dd83e2a83e78faadf93771. It is recommended to upgrade the affected component. VDB-217174 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-42xx/CVE-2021-4298.json b/CVE-2021/CVE-2021-42xx/CVE-2021-4298.json
index 3d6ccb588d8..be361e83037 100644
--- a/CVE-2021/CVE-2021-42xx/CVE-2021-4298.json
+++ b/CVE-2021/CVE-2021-42xx/CVE-2021-4298.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4298",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-02T08:15:10.197",
- "lastModified": "2023-01-09T17:47:56.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.353",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The name of the patch is d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217179."
+ "value": "A vulnerability classified as critical has been found in Hesburgh Libraries of Notre Dame Sipity. This affects the function SearchCriteriaForWorksParameter of the file app/parameters/sipity/parameters/search_criteria_for_works_parameter.rb. The manipulation leads to sql injection. Upgrading to version 2021.8 is able to address this issue. The patch is named d1704c7363b899ffce65be03a796a0ee5fdbfbdc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217179."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-435xx/CVE-2021-43576.json b/CVE-2021/CVE-2021-435xx/CVE-2021-43576.json
index fa26cd08669..bcc9cf16dbd 100644
--- a/CVE-2021/CVE-2021-435xx/CVE-2021-43576.json
+++ b/CVE-2021/CVE-2021-435xx/CVE-2021-43576.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-43576",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.237",
- "lastModified": "2021-11-17T01:17:29.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.680",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-435xx/CVE-2021-43577.json b/CVE-2021/CVE-2021-435xx/CVE-2021-43577.json
index 95ed443c314..a81f7b77d6e 100644
--- a/CVE-2021/CVE-2021-435xx/CVE-2021-43577.json
+++ b/CVE-2021/CVE-2021-435xx/CVE-2021-43577.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-43577",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.287",
- "lastModified": "2021-11-17T01:10:20.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.743",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-435xx/CVE-2021-43578.json b/CVE-2021/CVE-2021-435xx/CVE-2021-43578.json
index eaf81a81d55..1a8abe19d6b 100644
--- a/CVE-2021/CVE-2021-435xx/CVE-2021-43578.json
+++ b/CVE-2021/CVE-2021-435xx/CVE-2021-43578.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-43578",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2021-11-12T11:15:08.340",
- "lastModified": "2021-11-17T00:43:15.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2021/CVE-2021-438xx/CVE-2021-43809.json b/CVE-2021/CVE-2021-438xx/CVE-2021-43809.json
index 730ac42e63f..1237cdb0417 100644
--- a/CVE-2021/CVE-2021-438xx/CVE-2021-43809.json
+++ b/CVE-2021/CVE-2021-438xx/CVE-2021-43809.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-43809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2021-12-08T19:15:10.067",
- "lastModified": "2021-12-13T18:50:31.237",
+ "lastModified": "2023-10-27T12:57:25.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code."
+ "value": "`Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash.\n\nTo exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside.\n\nThis vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code."
},
{
"lang": "es",
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-88"
}
]
+ },
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-88"
+ }
+ ]
}
],
"configurations": [
@@ -145,6 +155,15 @@
"Exploit",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Mitigation",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4300.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4300.json
index 831255f1db6..dc475206ca5 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4300.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4300.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T22:15:08.903",
- "lastModified": "2023-01-11T01:40:32.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.433",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The name of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The identifier of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4301.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4301.json
index 71b1c51f493..c3991718994 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4301.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4301.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4301",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T22:15:08.800",
- "lastModified": "2023-01-12T20:05:49.253",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.517",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is identified as 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4302.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4302.json
index 67f39f610b6..6c81a4e6148 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4302.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4302.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4302",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T22:15:09.000",
- "lastModified": "2023-01-11T01:46:15.570",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.597",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419."
+ "value": "A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to address this issue. The patch is named b39db9c7ad3800f319195ff0e26a0981395b1c54. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217419."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4303.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4303.json
index af933fccff6..7346cd2bbab 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4303.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4303.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4303",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T09:15:08.647",
- "lastModified": "2023-01-11T17:06:39.900",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.673",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default."
+ "value": "A vulnerability, which was classified as problematic, has been found in shannah Xataface up to 2.x. Affected by this issue is the function testftp of the file install/install_form.js.php of the component Installer. The manipulation leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 3.0.0 is able to address this issue. The patch is identified as 94143a4299e386f33bf582139cd4702571d93bde. It is recommended to upgrade the affected component. VDB-217442 is the identifier assigned to this vulnerability. NOTE: Installer is disabled by default."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4304.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4304.json
index 2e205f80e7a..f67a9c2956b 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4304.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4304.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4304",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T10:15:09.887",
- "lastModified": "2023-01-11T19:05:12.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.757",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The name of the patch is 811edaae81eb044891594f00062a828f51b22cb1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217447."
+ "value": "A vulnerability was found in eprintsug ulcc-core. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file cgi/toolbox/toolbox. The manipulation of the argument password leads to command injection. The attack can be launched remotely. The patch is named 811edaae81eb044891594f00062a828f51b22cb1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217447."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4307.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4307.json
index c84df4cdc98..db06e6f6a0b 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4307.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4307.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4307",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T20:15:09.623",
- "lastModified": "2023-01-12T20:34:50.617",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:10.870",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627."
+ "value": "A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The patch is named c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4308.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4308.json
index 4520bdb7304..b296a63fdc1 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4308.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4308.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4308",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T10:15:11.903",
- "lastModified": "2023-01-12T16:16:14.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.017",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The name of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability."
+ "value": "A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The identifier of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4309.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4309.json
index a34a1c9ab1b..fbb67f8c311 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4309.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4309.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4309",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T17:15:17.947",
- "lastModified": "2023-01-12T22:25:20.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.100",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4310.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4310.json
index b16876f3316..2867c8643f4 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4310.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4310.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4310",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T09:15:09.940",
- "lastModified": "2023-01-13T12:56:45.903",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.193",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The patch is identified as ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4311.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4311.json
index 595bde4eb40..1a44422598b 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4311.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4311.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4311",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T12:15:15.587",
- "lastModified": "2023-01-12T21:50:46.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.277",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4312.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4312.json
index 26b975a481b..e17c5609c36 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4312.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4312.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4312",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-13T18:15:10.833",
- "lastModified": "2023-01-23T17:54:03.727",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.370",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
+ "value": "** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4313.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4313.json
index 2869b6ee916..779f1bd791d 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4313.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4313.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4313",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T12:15:16.480",
- "lastModified": "2023-01-24T16:15:44.047",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.467",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The name of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability."
+ "value": "A vulnerability was found in NethServer phonenehome. It has been rated as critical. This issue affects the function get_info/get_country_coor of the file server/index.php. The manipulation leads to sql injection. The identifier of the patch is 759c30b0ddd7d493836bbdf695cf71624b377391. It is recommended to apply a patch to fix this issue. The identifier VDB-218393 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4325.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4325.json
index ffe4f4d5199..9dc2f7bc949 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4325.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4325.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4325",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-22T00:15:11.113",
- "lastModified": "2023-03-03T14:20:01.380",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.560",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The identifier of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4327.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4327.json
index 1671c5ed17c..01a8dfcdadc 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4327.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4327.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4327",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-01T11:15:12.817",
- "lastModified": "2023-03-13T14:10:35.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.650",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4328.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4328.json
index 15c3f730434..38e56e583f8 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4328.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4328.json
@@ -2,8 +2,8 @@
"id": "CVE-2021-4328",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-02T19:15:10.193",
- "lastModified": "2023-03-09T19:24:16.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.757",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4329.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4329.json
index 816379f69c3..ded464d365c 100644
--- a/CVE-2021/CVE-2021-43xx/CVE-2021-4329.json
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4329.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-4329",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-05T19:15:10.260",
- "lastModified": "2023-03-13T16:53:41.907",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T14:15:11.930",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4334.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4334.json
new file mode 100644
index 00000000000..104757e1460
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4334.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2021-4334",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.560",
+ "lastModified": "2023-10-26T17:18:21.413",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Fancy Product Designer para WordPress es vulnerable a modificaciones no autorizadas de las opciones del sitio debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n fpd_update_options en versiones hasta la 4.6.9 incluida. Esto hace posible que los atacantes autenticados con permisos a nivel de suscriptor modifiquen las opciones del sitio, incluida la configuraci\u00f3n del rol predeterminado de administrador, lo que puede permitir la escalada de privilegios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "4.7.0",
+ "matchCriteriaId": "71A93E72-A3FE-4AFC-96EB-88362E89A093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Release Notes"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4335.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4335.json
new file mode 100644
index 00000000000..4d78bb1882e
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4335.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2021-4335",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:14.757",
+ "lastModified": "2023-10-26T17:32:09.367",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Fancy Product Designer para WordPress es vulnerable al acceso no autorizado a los datos y a la modificaci\u00f3n de la configuraci\u00f3n del complemento debido a una falta de verificaci\u00f3n de capacidad en m\u00faltiples funciones AJAX en versiones hasta la 4.6.9 incluida. Esto hace posible que atacantes autenticados con permisos a nivel de suscriptor modifiquen la configuraci\u00f3n del complemento, incluida la recuperaci\u00f3n de informaci\u00f3n de pedidos arbitraria o la creaci\u00f3n/actualizaci\u00f3n/eliminaci\u00f3n de productos, pedidos u otra informaci\u00f3n confidencial no asociada con su propia cuenta."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-285"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "4.7.0",
+ "matchCriteriaId": "71A93E72-A3FE-4AFC-96EB-88362E89A093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Release Notes"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-43xx/CVE-2021-4353.json b/CVE-2021/CVE-2021-43xx/CVE-2021-4353.json
new file mode 100644
index 00000000000..de5d0cf58d7
--- /dev/null
+++ b/CVE-2021/CVE-2021-43xx/CVE-2021-4353.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2021-4353",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:14.870",
+ "lastModified": "2023-10-26T17:30:20.947",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento WooCommerce Dynamic Pricing and Discounts para WordPress es vulnerable a la exportaci\u00f3n de configuraciones no autenticadas en versiones hasta la 2.4.1 incluida. Esto se debe a la falta de autorizaci\u00f3n en la funci\u00f3n export(), que hace posible que atacantes no autenticados exporten la configuraci\u00f3n del complemento."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rightpress:woocommerce_dynamic_pricing_\\&_discounts:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "2.4.2",
+ "matchCriteriaId": "DEDE041A-2EFD-4F76-AF14-4F200C02568D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/woocommerce-dynamic-pricing-and-discounts-plugin-fixed-multiple-vulnerabilities/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-446xx/CVE-2021-44653.json b/CVE-2021/CVE-2021-446xx/CVE-2021-44653.json
index d5791670473..c2e3b19265e 100644
--- a/CVE-2021/CVE-2021-446xx/CVE-2021-44653.json
+++ b/CVE-2021/CVE-2021-446xx/CVE-2021-44653.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-44653",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-15T16:15:07.697",
- "lastModified": "2022-03-29T16:28:30.477",
+ "lastModified": "2023-10-18T15:56:29.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:online_magazine_management_system_project:online_magazine_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "6D3359CE-07F1-4A93-8144-17034D6B0A2C"
+ "criteria": "cpe:2.3:a:oretnom23:online_magazine_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1653463-AB6F-41F6-9B90-045C9FBFFBF5"
}
]
}
diff --git a/CVE-2021/CVE-2021-448xx/CVE-2021-44862.json b/CVE-2021/CVE-2021-448xx/CVE-2021-44862.json
index 3ef804cebe7..bff1cab1c32 100644
--- a/CVE-2021/CVE-2021-448xx/CVE-2021-44862.json
+++ b/CVE-2021/CVE-2021-448xx/CVE-2021-44862.json
@@ -2,12 +2,12 @@
"id": "CVE-2021-44862",
"sourceIdentifier": "psirt@netskope.com",
"published": "2022-11-03T20:15:24.700",
- "lastModified": "2022-11-04T13:28:51.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:53.973",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user."
+ "value": "Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.\n"
}
],
"metrics": {
diff --git a/CVE-2021/CVE-2021-44xx/CVE-2021-4418.json b/CVE-2021/CVE-2021-44xx/CVE-2021-4418.json
new file mode 100644
index 00000000000..97353b123a9
--- /dev/null
+++ b/CVE-2021/CVE-2021-44xx/CVE-2021-4418.json
@@ -0,0 +1,167 @@
+{
+ "id": "CVE-2021-4418",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.627",
+ "lastModified": "2023-10-27T18:54:08.300",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Custom CSS, JS & PHP para WordPress es vulnerable a Cross-Site Request Forgery (CSRF) en versiones hasta la 2.0.7 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n save(). Esto hace posible que atacantes no autenticados guarden fragmentos de c\u00f3digo a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wpfactory:custom_css\\,_js_\\&_php:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "2.0.7",
+ "matchCriteriaId": "D6B61669-B3B4-4E37-91C3-34A30CE74030"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/custom-css-js-php/trunk/modules/code/model.code.php#L85",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-450xx/CVE-2021-45046.json b/CVE-2021/CVE-2021-450xx/CVE-2021-45046.json
index 3bfa906a9fd..111c6ceaa33 100644
--- a/CVE-2021/CVE-2021-450xx/CVE-2021-45046.json
+++ b/CVE-2021/CVE-2021-450xx/CVE-2021-45046.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45046",
"sourceIdentifier": "security@apache.org",
"published": "2021-12-14T19:15:07.733",
- "lastModified": "2023-06-27T14:15:09.800",
+ "lastModified": "2023-10-26T07:15:36.677",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-05-01",
"cisaActionDue": "2023-05-22",
@@ -91,7 +91,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -136,7 +135,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -219,7 +217,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -563,7 +560,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -584,7 +580,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -601,7 +596,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -840,6 +834,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://security.gentoo.org/glsa/202310-16",
+ "source": "security@apache.org"
+ },
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd",
"source": "security@apache.org",
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45222.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45222.json
index 99e9689621b..a6c9a757d81 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45222.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45222.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45222",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-24T20:15:08.283",
- "lastModified": "2022-01-28T16:23:54.587",
+ "lastModified": "2023-10-18T17:26:54.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:coins-global:construction_cloud:11.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "E05A0CD6-41AE-4F41-820A-D079D74A03C2"
+ "criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"
}
]
}
@@ -97,7 +97,9 @@
"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
"source": "cve@mitre.org",
"tags": [
- "Product"
+ "Patch",
+ "Product",
+ "Vendor Advisory"
]
},
{
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45223.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45223.json
index c68907a7fa6..1a983083b21 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45223.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45223.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45223",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-24T20:15:08.327",
- "lastModified": "2022-01-28T16:26:59.947",
+ "lastModified": "2023-10-18T17:25:35.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:coins-global:construction_cloud:11.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "E05A0CD6-41AE-4F41-820A-D079D74A03C2"
+ "criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"
}
]
}
@@ -97,7 +97,9 @@
"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
"source": "cve@mitre.org",
"tags": [
- "Product"
+ "Patch",
+ "Product",
+ "Vendor Advisory"
]
},
{
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45224.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45224.json
index 1710a6ae293..2fad69767d7 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45224.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45224.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45224",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-24T20:15:08.370",
- "lastModified": "2022-01-28T16:27:42.867",
+ "lastModified": "2023-10-18T17:24:52.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:coins-global:construction_cloud:11.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "E05A0CD6-41AE-4F41-820A-D079D74A03C2"
+ "criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"
}
]
}
@@ -97,7 +97,9 @@
"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
"source": "cve@mitre.org",
"tags": [
- "Product"
+ "Patch",
+ "Product",
+ "Vendor Advisory"
]
},
{
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45225.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45225.json
index f90e4bb9332..42f48666782 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45225.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45225.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45225",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-24T20:15:08.413",
- "lastModified": "2022-01-28T16:29:02.253",
+ "lastModified": "2023-10-18T17:24:42.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:coins-global:construction_cloud:11.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "E05A0CD6-41AE-4F41-820A-D079D74A03C2"
+ "criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"
}
]
}
@@ -97,7 +97,9 @@
"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
"source": "cve@mitre.org",
"tags": [
- "Product"
+ "Patch",
+ "Product",
+ "Vendor Advisory"
]
},
{
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45226.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45226.json
index fbcdaa237da..46e2d18e05f 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45226.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45226.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45226",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-24T20:15:08.457",
- "lastModified": "2022-07-12T17:42:04.277",
+ "lastModified": "2023-10-18T17:24:25.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:coins-global:construction_cloud:11.12:*:*:*:*:*:*:*",
- "matchCriteriaId": "E05A0CD6-41AE-4F41-820A-D079D74A03C2"
+ "criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"
}
]
}
@@ -97,7 +97,9 @@
"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
"source": "cve@mitre.org",
"tags": [
- "Product"
+ "Patch",
+ "Product",
+ "Vendor Advisory"
]
},
{
diff --git a/CVE-2021/CVE-2021-452xx/CVE-2021-45252.json b/CVE-2021/CVE-2021-452xx/CVE-2021-45252.json
index 11b0f23eddf..0056f987ac7 100644
--- a/CVE-2021/CVE-2021-452xx/CVE-2021-45252.json
+++ b/CVE-2021/CVE-2021-452xx/CVE-2021-45252.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-45252",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-12-21T12:15:07.457",
- "lastModified": "2021-12-27T16:26:17.977",
+ "lastModified": "2023-10-18T16:00:42.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:simple_forum\\/discussion_system_project:simple_forum\\/discussion_system:1.0:*:*:*:*:wordpress:*:*",
- "matchCriteriaId": "58066796-23EC-49F1-A6DF-E25854A5FAC4"
+ "criteria": "cpe:2.3:a:oretnom23:simple_forum\\/discussion_system:1.0:*:*:*:*:wordpress:*:*",
+ "matchCriteriaId": "D9279E5E-ED04-49A0-9C7B-9F19139F180E"
}
]
}
diff --git a/CVE-2021/CVE-2021-467xx/CVE-2021-46784.json b/CVE-2021/CVE-2021-467xx/CVE-2021-46784.json
index 3942605d7a3..667c642235b 100644
--- a/CVE-2021/CVE-2021-467xx/CVE-2021-46784.json
+++ b/CVE-2021/CVE-2021-467xx/CVE-2021-46784.json
@@ -2,7 +2,7 @@
"id": "CVE-2021-46784",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-17T22:15:08.737",
- "lastModified": "2023-10-13T21:15:51.373",
+ "lastModified": "2023-10-22T00:15:08.640",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -117,6 +117,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/10",
"source": "cve@mitre.org"
},
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/21/1",
+ "source": "cve@mitre.org"
+ },
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch",
"source": "cve@mitre.org",
diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46897.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46897.json
new file mode 100644
index 00000000000..2fd8bd2b891
--- /dev/null
+++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46897.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2021-46897",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-22T19:15:08.240",
+ "lastModified": "2023-10-23T11:35:01.280",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media."
+ },
+ {
+ "lang": "es",
+ "value": "views.py en Wagtail CRX CodeRed Extensions (anteriormente CodeRed CMS o coderedcms) anterior a 0.22.3 permite el path traversal hacia arriba protected/..%2f..%2f al servir medios protegidos."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/coderedcorp/coderedcms/issues/448",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/coderedcorp/coderedcms/pull/450",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2021/CVE-2021-468xx/CVE-2021-46898.json b/CVE-2021/CVE-2021-468xx/CVE-2021-46898.json
new file mode 100644
index 00000000000..70fcede7464
--- /dev/null
+++ b/CVE-2021/CVE-2021-468xx/CVE-2021-46898.json
@@ -0,0 +1,36 @@
+{
+ "id": "CVE-2021-46898",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-22T19:15:08.297",
+ "lastModified": "2023-10-23T11:35:01.280",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith(\"/\") but this does not consider a protocol-relative URL (e.g., //example.com) attack."
+ },
+ {
+ "lang": "es",
+ "value": "views/switch.py en django-grappelli (tambi\u00e9n conocido como Django Grappelli) anterior a 2.15.2 intenta evitar la redirecci\u00f3n externa con startwith(\"/\") pero esto no considera un ataque de URL relativo al protocolo (por ejemplo, //example.com) ."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/sehmaschine/django-grappelli/issues/975",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/sehmaschine/django-grappelli/pull/976",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-03xx/CVE-2022-0353.json b/CVE-2022/CVE-2022-03xx/CVE-2022-0353.json
new file mode 100644
index 00000000000..554bc5d5196
--- /dev/null
+++ b/CVE-2022/CVE-2022-03xx/CVE-2022-0353.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2022-0353",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-25T18:16:54.057",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-102365",
+ "source": "psirt@lenovo.com"
+ },
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json b/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json
index 25a904f9594..1ccb4db2c96 100644
--- a/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json
+++ b/CVE-2022/CVE-2022-05xx/CVE-2022-0538.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-0538",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-09T14:15:07.893",
- "lastModified": "2022-02-11T20:44:37.420",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.167",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-502"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-07xx/CVE-2022-0750.json b/CVE-2022/CVE-2022-07xx/CVE-2022-0750.json
index 5d673aa583a..6d279608e95 100644
--- a/CVE-2022/CVE-2022-07xx/CVE-2022-0750.json
+++ b/CVE-2022/CVE-2022-07xx/CVE-2022-0750.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-0750",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-03-23T20:15:10.297",
- "lastModified": "2022-03-29T00:43:19.970",
+ "lastModified": "2023-10-24T20:08:11.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14."
+ "value": "The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the thumbnail_width, thumbnail_height, max_image_width, and max_image_height parameters found in the ~/photoswipe-masonry.php file which allows authenticated attackers to inject arbitrary web scripts into galleries created by the plugin and on the PhotoSwipe Options page. This affects versions up to and including 1.2.14."
},
{
"lang": "es",
@@ -115,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thriveweb:photoswipe_masonry_gallery:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.2.14",
- "matchCriteriaId": "A3B86A90-DAB4-4FC1-82FC-6F1EAEAB252E"
+ "versionEndExcluding": "1.2.15",
+ "matchCriteriaId": "769DA9F2-35D7-49B1-8CD4-27B549CEF223"
}
]
}
@@ -124,6 +124,13 @@
}
],
"references": [
+ {
+ "url": "https://wordpress.org/plugins/photoswipe-masonry/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
{
"url": "https://www.wordfence.com/blog/2022/02/stored-cross-site-scripting-vulnerability-patched-in-a-wordpress-photo-gallery-plugin/",
"source": "security@wordfence.com",
@@ -131,6 +138,13 @@
"Exploit",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-08xx/CVE-2022-0856.json b/CVE-2022/CVE-2022-08xx/CVE-2022-0856.json
index 176d8cee2e2..ed7e11bb111 100644
--- a/CVE-2022/CVE-2022-08xx/CVE-2022-0856.json
+++ b/CVE-2022/CVE-2022-08xx/CVE-2022-0856.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-0856",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2022-03-10T17:44:57.487",
- "lastModified": "2023-10-11T03:15:09.657",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:57:40.437",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -100,6 +100,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -114,11 +134,19 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3E5GF2LSX2ZEY5JZNM7HXJMLHMY436X/",
- "source": "patrick@puiterwijk.org"
+ "source": "patrick@puiterwijk.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTDRPVX3HCYLQCLMQ6NNSRC3B7L6WGUM/",
- "source": "patrick@puiterwijk.org"
+ "source": "patrick@puiterwijk.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-09xx/CVE-2022-0992.json b/CVE-2022/CVE-2022-09xx/CVE-2022-0992.json
index 58ba0cc86c8..0ac9647ec59 100644
--- a/CVE-2022/CVE-2022-09xx/CVE-2022-0992.json
+++ b/CVE-2022/CVE-2022-09xx/CVE-2022-0992.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-0992",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-04-19T21:15:13.623",
- "lastModified": "2023-07-21T17:12:43.403",
+ "lastModified": "2023-10-24T20:10:10.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:siteground:siteground_security:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.2.5",
- "matchCriteriaId": "E3218CA5-B148-4D5D-B7F2-6DD790463954"
+ "criteria": "cpe:2.3:a:siteground:security_optimizer:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.2.6",
+ "matchCriteriaId": "0D87B7F9-C93A-408F-A5B1-BDB0E24D96DB"
}
]
}
@@ -139,6 +139,13 @@
"Exploit",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-11xx/CVE-2022-1186.json b/CVE-2022/CVE-2022-11xx/CVE-2022-1186.json
index 2d2a58050fc..d20ab587d31 100644
--- a/CVE-2022/CVE-2022-11xx/CVE-2022-1186.json
+++ b/CVE-2022/CVE-2022-11xx/CVE-2022-1186.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1186",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-04-19T21:15:13.870",
- "lastModified": "2022-04-27T16:50:49.737",
+ "lastModified": "2023-10-24T19:50:46.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -90,7 +90,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-200"
+ "value": "NVD-CWE-noinfo"
}
]
},
@@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:web-x.co:be_popia_compliant:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:web-x:be_popia_compliant:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1.5",
- "matchCriteriaId": "2DD64335-DC25-46BF-B1F9-678D8DAD5C00"
+ "matchCriteriaId": "77344548-F443-45DF-8334-A3F73D11DDA1"
}
]
}
@@ -128,13 +128,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2701343%40be-popia-compliant&new=2701343%40be-popia-compliant&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Release Notes",
- "Third Party Advisory"
+ "Patch"
]
},
{
- "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1186",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
diff --git a/CVE-2022/CVE-2022-11xx/CVE-2022-1187.json b/CVE-2022/CVE-2022-11xx/CVE-2022-1187.json
index 9dc6c8bd737..99288c7571b 100644
--- a/CVE-2022/CVE-2022-11xx/CVE-2022-1187.json
+++ b/CVE-2022/CVE-2022-11xx/CVE-2022-1187.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1187",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-04-19T21:15:13.927",
- "lastModified": "2022-04-27T17:06:03.457",
+ "lastModified": "2023-10-24T20:01:35.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:wp_youtube_live_project:wp_youtube_live:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.7.21",
- "matchCriteriaId": "652CE62D-BB9C-42B2-9BDC-67A84079B63A"
+ "criteria": "cpe:2.3:a:andrewrminion:wp_youtube_live:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.7.22",
+ "matchCriteriaId": "703F4895-D58D-4037-849F-49AFC45C755D"
}
]
}
@@ -125,19 +125,23 @@
],
"references": [
{
- "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2702715%40wp-youtube-live&new=2702715%40wp-youtube-live&sfp_email=&sfph_mail=",
+ "url": "https://github.com/macbookandrew/wp-youtube-live/commit/2d8ccb7b12742bf16b5a6068f9fdeeac69bc11b1",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Release Notes",
- "Vendor Advisory"
+ "Patch"
]
},
{
- "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1187",
+ "url": "https://plugins.trac.wordpress.org/browser/wp-youtube-live/trunk/inc/admin.php#L355",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=cve",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
"Third Party Advisory"
]
}
diff --git a/CVE-2022/CVE-2022-12xx/CVE-2022-1215.json b/CVE-2022/CVE-2022-12xx/CVE-2022-1215.json
index b37755ac68f..9155fe3a697 100644
--- a/CVE-2022/CVE-2022-12xx/CVE-2022-1215.json
+++ b/CVE-2022/CVE-2022-12xx/CVE-2022-1215.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-1215",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-06-02T14:15:32.187",
- "lastModified": "2022-06-09T19:11:31.000",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T07:15:37.177",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -124,6 +124,10 @@
"Mailing List",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202310-14",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-13xx/CVE-2022-1388.json b/CVE-2022/CVE-2022-13xx/CVE-2022-1388.json
index 6b1092289c7..445800ef8af 100644
--- a/CVE-2022/CVE-2022-13xx/CVE-2022-1388.json
+++ b/CVE-2022/CVE-2022-13xx/CVE-2022-1388.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-1388",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2022-05-05T17:15:10.570",
- "lastModified": "2023-01-24T16:08:33.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T01:15:25.983",
+ "vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2022-05-10",
"cisaActionDue": "2022-05-31",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -21,7 +21,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "nvd@nist.gov",
+ "source": "f5sirt@f5.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -41,7 +41,7 @@
"impactScore": 5.9
},
{
- "source": "f5sirt@f5.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@@ -618,6 +618,10 @@
"Mitigation",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.secpod.com/blog/critical-f5-big-ip-remote-code-execution-vulnerability-patch-now/",
+ "source": "f5sirt@f5.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-14xx/CVE-2022-1442.json b/CVE-2022/CVE-2022-14xx/CVE-2022-1442.json
index 2b0c9af9ce2..f6c066016ac 100644
--- a/CVE-2022/CVE-2022-14xx/CVE-2022-1442.json
+++ b/CVE-2022/CVE-2022-14xx/CVE-2022-1442.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1442",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-05-10T20:15:08.473",
- "lastModified": "2022-05-18T14:44:17.440",
+ "lastModified": "2023-10-24T20:02:03.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-862"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
}
],
"configurations": [
@@ -105,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmet:metform_elementor_contact_form_builder:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "2.1.3",
- "matchCriteriaId": "EBEC8339-CC44-4AFC-8AA1-6B02DECF9EB9"
+ "versionEndExcluding": "2.1.4",
+ "matchCriteriaId": "E11424B5-31BB-4901-B91C-AB4FDF13023E"
}
]
}
@@ -131,7 +141,7 @@
]
},
{
- "url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1442",
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
diff --git a/CVE-2022/CVE-2022-14xx/CVE-2022-1453.json b/CVE-2022/CVE-2022-14xx/CVE-2022-1453.json
index 37707ed309b..20b29953866 100644
--- a/CVE-2022/CVE-2022-14xx/CVE-2022-1453.json
+++ b/CVE-2022/CVE-2022-14xx/CVE-2022-1453.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1453",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-05-10T20:15:08.533",
- "lastModified": "2023-09-30T03:05:11.980",
+ "lastModified": "2023-10-24T20:05:30.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -105,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "9.2.5",
- "matchCriteriaId": "1BB6D30A-5310-4656-B504-BA9B5335DB23"
+ "versionEndExcluding": "9.2.6",
+ "matchCriteriaId": "93579873-A457-4D80-A586-EC6AD3D9623C"
}
]
}
@@ -118,15 +128,20 @@
"url": "https://github.com/davidfcarr/rsvpmaker/commit/bfb189f49af7ab0d34499a2da772e3266f72167d",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2714389%40rsvpmaker&new=2714389%40rsvpmaker&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-15xx/CVE-2022-1505.json b/CVE-2022/CVE-2022-15xx/CVE-2022-1505.json
index eb896983c61..df0a002f82a 100644
--- a/CVE-2022/CVE-2022-15xx/CVE-2022-1505.json
+++ b/CVE-2022/CVE-2022-15xx/CVE-2022-1505.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1505",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-05-10T20:15:08.713",
- "lastModified": "2023-09-30T03:05:11.980",
+ "lastModified": "2023-10-24T19:30:53.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -105,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carrcommunications:rsvpmaker:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "9.2.6",
- "matchCriteriaId": "063C8BE0-1838-4F27-8D37-92E8A9647E75"
+ "versionEndExcluding": "9.2.7",
+ "matchCriteriaId": "AACA4F53-36CE-42FD-8188-80387BEB0F34"
}
]
}
@@ -118,7 +128,13 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2715095%40rsvpmaker&new=2715095%40rsvpmaker&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-15xx/CVE-2022-1565.json b/CVE-2022/CVE-2022-15xx/CVE-2022-1565.json
index d4028e85fb3..fc8a8ecfcef 100644
--- a/CVE-2022/CVE-2022-15xx/CVE-2022-1565.json
+++ b/CVE-2022/CVE-2022-15xx/CVE-2022-1565.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-1565",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:08.537",
- "lastModified": "2023-03-30T20:15:06.603",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T20:37:55.853",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-434"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
}
],
"configurations": [
@@ -80,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpallimport:wp_all_import:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "3.6.7",
- "matchCriteriaId": "B3134105-D9B8-4C4A-9977-C97CBDBE3153"
+ "versionEndExcluding": "3.6.8",
+ "matchCriteriaId": "BF8F1680-CC1F-4DBA-B3BD-79EA067F7F3B"
}
]
}
@@ -89,15 +99,17 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/171578/WordPress-WP-All-Import-3.6.7-Remote-Code-Execution.html",
- "source": "security@wordfence.com"
- },
{
"url": "https://plugins.trac.wordpress.org/changeset/2749264/wp-all-import/trunk?contextall=1&old=2737093&old_path=%2Fwp-all-import%2Ftrunk",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-15xx/CVE-2022-1567.json b/CVE-2022/CVE-2022-15xx/CVE-2022-1567.json
index 8bd252240bb..6d1c0770fee 100644
--- a/CVE-2022/CVE-2022-15xx/CVE-2022-1567.json
+++ b/CVE-2022/CVE-2022-15xx/CVE-2022-1567.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1567",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-05-10T20:15:08.787",
- "lastModified": "2022-05-17T19:33:04.357",
+ "lastModified": "2023-10-24T20:05:41.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -118,7 +128,13 @@
"url": "https://plugins.trac.wordpress.org/browser/wp-js/trunk/wp-js.php?rev=100281#L140",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1707.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1707.json
index efadd021045..32f62bcfaaf 100644
--- a/CVE-2022/CVE-2022-17xx/CVE-2022-1707.json
+++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1707.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1707",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T13:15:11.793",
- "lastModified": "2022-06-17T23:23:32.557",
+ "lastModified": "2023-10-24T19:35:00.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -115,8 +115,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gtm4wp:google_tag_manager:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.15",
- "matchCriteriaId": "6DAFF0B4-D9B7-40AC-B0C6-94A82491F119"
+ "versionEndExcluding": "1.15.1",
+ "matchCriteriaId": "7B6A08FD-7BA1-4026-92F3-03406F0FFDE5"
}
]
}
@@ -128,23 +128,27 @@
"url": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L298",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
- "Third Party Advisory"
+ "Product"
]
},
{
"url": "https://github.com/duracelltomi/gtm4wp/blob/1.15/public/frontend.php#L782",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
- "Third Party Advisory"
+ "Product"
]
},
{
"url": "https://github.com/duracelltomi/gtm4wp/issues/224",
"source": "security@wordfence.com",
"tags": [
- "Issue Tracking",
+ "Issue Tracking"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json
index c9312eec072..c7165563e15 100644
--- a/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json
+++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1749.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-1749",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T14:15:08.577",
- "lastModified": "2022-06-21T20:49:58.123",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:16.453",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1."
+ "value": "The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the\u00a0createplugin_atf_admin_setting_page()\u00a0function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1."
},
{
"lang": "es",
@@ -122,6 +122,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1749",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-17xx/CVE-2022-1750.json b/CVE-2022/CVE-2022-17xx/CVE-2022-1750.json
index 1394aea8bba..66e605cdfc6 100644
--- a/CVE-2022/CVE-2022-17xx/CVE-2022-1750.json
+++ b/CVE-2022/CVE-2022-17xx/CVE-2022-1750.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-1750",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T14:15:08.637",
- "lastModified": "2022-06-21T20:51:17.150",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:16.560",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators."
+ "value": "The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018 popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\u00a0This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators."
},
{
"lang": "es",
@@ -114,6 +114,10 @@
}
],
"references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5262d8-d9cd-4bd9-a95e-f60782095173?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1750",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json b/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json
index 8a9b7fc4025..4abc2589850 100644
--- a/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json
+++ b/CVE-2022/CVE-2022-18xx/CVE-2022-1822.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1822",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T13:15:13.223",
- "lastModified": "2023-09-27T21:06:35.427",
+ "lastModified": "2023-10-24T19:35:16.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -118,7 +128,21 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2727947%40zephyr-project-manager&new=2727947%40zephyr-project-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://wordpress.org/plugins/zephyr-project-manager/#developers",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product",
+ "Release Notes"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22d50526-e21f-412d-9eed-b9b1f48c3358?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1900.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1900.json
index c5b2e5be13c..4a80924597f 100644
--- a/CVE-2022/CVE-2022-19xx/CVE-2022-1900.json
+++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1900.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1900",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T13:15:13.287",
- "lastModified": "2022-06-21T18:17:42.470",
+ "lastModified": "2023-10-24T19:35:32.850",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -114,6 +124,13 @@
}
],
"references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-1900",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1912.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1912.json
index c4766652884..aea849cf26a 100644
--- a/CVE-2022/CVE-2022-19xx/CVE-2022-1912.json
+++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1912.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1912",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:08.603",
- "lastModified": "2022-07-25T03:21:32.157",
+ "lastModified": "2023-10-24T20:38:21.870",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -102,7 +102,13 @@
"url": "https://plugins.trac.wordpress.org/browser/smartsoftbutton-widget-de-botones-de-chat/trunk/admin/pages/settings.php#L60",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/53757567-5024-46cc-b2ae-04b5fc55a35c?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1961.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1961.json
index 56964d82a04..ba15074fb66 100644
--- a/CVE-2022/CVE-2022-19xx/CVE-2022-1961.json
+++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1961.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1961",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T14:15:08.843",
- "lastModified": "2022-08-06T03:57:36.347",
+ "lastModified": "2023-10-24T20:32:09.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -126,7 +136,21 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2732977%40duracelltomi-google-tag-manager&new=2732977%40duracelltomi-google-tag-manager&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://wordpress.org/plugins/duracelltomi-google-tag-manager/#developers",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product",
+ "Release Notes"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1969.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1969.json
index 971459f03a2..2c5ea53e5c7 100644
--- a/CVE-2022/CVE-2022-19xx/CVE-2022-1969.json
+++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1969.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-1969",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-06-13T14:15:08.907",
- "lastModified": "2022-06-21T20:37:09.320",
+ "lastModified": "2023-10-24T20:33:17.757",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,7 +85,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,6 +93,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -118,7 +128,13 @@
"url": "https://plugins.trac.wordpress.org/browser/mobile-browser-color-select/trunk/mobile-browser-color-select.php#L62",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/687cd0ac-5f78-4429-b6b5-dd1113143a4d?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20612.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20612.json
index 779b004cf22..6481c1c7e1d 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20612.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20612.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20612",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.653",
- "lastModified": "2022-07-29T16:20:21.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.247",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20613.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20613.json
index e8c0ed47813..e50a623d6d7 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20613.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20613.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20613",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.713",
- "lastModified": "2022-07-29T16:20:41.853",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.327",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20614.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20614.json
index eb8f135e6cb..54afa1c064b 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20614.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20614.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20614",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.763",
- "lastModified": "2022-10-17T19:24:16.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.413",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20615.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20615.json
index 5a91ba12ef8..0de5c43895c 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20615.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20615.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20615",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.810",
- "lastModified": "2022-07-29T16:21:19.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20616.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20616.json
index df2dbdd1727..755b01b4ddc 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20616.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20616.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20616",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.857",
- "lastModified": "2022-10-17T19:23:47.163",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.540",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20617.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20617.json
index c25c3a30b98..e4e52e6954b 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20617.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20617.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20617",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.907",
- "lastModified": "2022-01-18T15:09:43.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20618.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20618.json
index cce7aac7153..b4e1c9bb278 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20618.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20618.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20618",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:08.957",
- "lastModified": "2022-10-17T19:23:23.903",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.703",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20619.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20619.json
index 43bbc9202b0..6c5395553d7 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20619.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20619.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20619",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.007",
- "lastModified": "2022-01-20T13:37:25.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.783",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20620.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20620.json
index 48ef7aa11cd..0d74dedf657 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20620.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20620.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20620",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.057",
- "lastModified": "2022-10-17T19:22:56.057",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.850",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-206xx/CVE-2022-20621.json b/CVE-2022/CVE-2022-206xx/CVE-2022-20621.json
index 4141517c64a..7dc2dada846 100644
--- a/CVE-2022/CVE-2022-206xx/CVE-2022-20621.json
+++ b/CVE-2022/CVE-2022-206xx/CVE-2022-20621.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-20621",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.107",
- "lastModified": "2022-01-18T19:27:34.253",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.903",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-20xx/CVE-2022-2001.json b/CVE-2022/CVE-2022-20xx/CVE-2022-2001.json
index b54a7ec69de..4d30ca3d913 100644
--- a/CVE-2022/CVE-2022-20xx/CVE-2022-2001.json
+++ b/CVE-2022/CVE-2022-20xx/CVE-2022-2001.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2001",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:08.770",
- "lastModified": "2022-07-25T17:04:36.783",
+ "lastModified": "2023-10-24T20:39:09.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -80,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:devrix:dx_share_selection:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.4",
- "matchCriteriaId": "B7778B8C-3184-4821-B11F-A539771B5F2A"
+ "versionEndExcluding": "1.5",
+ "matchCriteriaId": "CE71BABF-E442-4362-9E94-EB9D85A789A0"
}
]
}
@@ -89,11 +99,31 @@
}
],
"references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/dx-share-selection/trunk/dx-share-selection.php#L284",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
{
"url": "https://plugins.trac.wordpress.org/changeset/2747572/dx-share-selection/trunk?contextall=1&old=2384535&old_path=%2Fdx-share-selection%2Ftrunk",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://wordpress.org/plugins/dx-share-selection/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a85fe7f-2d28-4509-99f2-875cb63c6500?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-21xx/CVE-2022-2108.json b/CVE-2022/CVE-2022-21xx/CVE-2022-2108.json
index 431b299f33f..762db4aabfc 100644
--- a/CVE-2022/CVE-2022-21xx/CVE-2022-2108.json
+++ b/CVE-2022/CVE-2022-21xx/CVE-2022-2108.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2108",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:08.947",
- "lastModified": "2023-07-24T13:08:38.660",
+ "lastModified": "2023-10-24T20:40:09.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 6.3,
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 2.8,
- "impactScore": 3.4
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
}
]
},
@@ -75,7 +75,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-863"
+ "value": "CWE-862"
}
]
}
@@ -99,9 +99,23 @@
}
],
"references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/review-buddypress-groups/trunk/includes/bgr-ajax.php#L359",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
{
"url": "https://plugins.trac.wordpress.org/changeset/2742109",
"source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=cve",
+ "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22375.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22375.json
index bfb99d0b5a3..76a3b4f317e 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22375.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22375.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22375",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.090",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:59:45.190",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221681",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22377.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22377.json
index c6319f7d6ea..5ed2902fbfd 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22377.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22377.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22377",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T01:15:09.687",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:57:47.170",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221827",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22380.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22380.json
index 87ef97bcad7..f2836efb66e 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22380.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22380.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22380",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.177",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:00:02.107",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221957",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22384.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22384.json
index 0aeac244204..c3385a087b4 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22384.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22384.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22384",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T01:15:09.773",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:58:36.670",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221961",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22385.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22385.json
index 2d9302f052c..fed6def7ecd 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22385.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22385.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22385",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.257",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:00:15.817",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,56 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221962",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22386.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22386.json
index 8df09a63705..2e82a68e2f1 100644
--- a/CVE-2022/CVE-2022-223xx/CVE-2022-22386.json
+++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22386.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-22386",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.340",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:07:50.837",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/221963",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-224xx/CVE-2022-22466.json b/CVE-2022/CVE-2022-224xx/CVE-2022-22466.json
new file mode 100644
index 00000000000..fa28f9faef7
--- /dev/null
+++ b/CVE-2022/CVE-2022-224xx/CVE-2022-22466.json
@@ -0,0 +1,119 @@
+{
+ "id": "CVE-2022-22466",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-23T20:15:08.603",
+ "lastModified": "2023-10-28T03:24:44.390",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contrase\u00f1a o clave criptogr\u00e1fica, que utiliza para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 225222."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndExcluding": "10.0.2",
+ "matchCriteriaId": "2F71600E-74AE-4A57-B9F6-2773CBD8761D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/225222",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7057377",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-22xx/CVE-2022-2223.json b/CVE-2022/CVE-2022-22xx/CVE-2022-2223.json
index 25856b3fdd6..05f8d95c556 100644
--- a/CVE-2022/CVE-2022-22xx/CVE-2022-2223.json
+++ b/CVE-2022/CVE-2022-22xx/CVE-2022-2223.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2223",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:09.067",
- "lastModified": "2022-07-25T15:47:20.257",
+ "lastModified": "2023-10-24T20:42:27.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -41,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
- "availabilityImpact": "HIGH",
- "baseScore": 8.8,
- "baseSeverity": "HIGH"
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
- "impactScore": 5.9
+ "impactScore": 2.5
}
]
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -93,7 +103,13 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-22xx/CVE-2022-2233.json b/CVE-2022/CVE-2022-22xx/CVE-2022-2233.json
index a363e65beeb..e5683b4600f 100644
--- a/CVE-2022/CVE-2022-22xx/CVE-2022-2233.json
+++ b/CVE-2022/CVE-2022-22xx/CVE-2022-2233.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-2233",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.223",
- "lastModified": "2022-09-09T02:26:46.740",
+ "lastModified": "2023-10-24T20:43:15.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site\u2019s administrator into performing an action such as clicking on a link."
+ "value": "The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabc_admin_slides_postback() function found in the ~/admin/admin.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site\u2019s administrator into performing an action such as clicking on a link"
},
{
"lang": "es",
@@ -103,7 +103,13 @@
"url": "https://plugins.trac.wordpress.org/browser/banner-cycler/trunk/admin/admin.php#L131",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc1d7f2-053d-42d4-afb7-6fb69fd71b91?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23105.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23105.json
index 1350dbc0075..a9b160a367d 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23105.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23105.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23105",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.157",
- "lastModified": "2022-01-18T19:31:28.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:54.963",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-319"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23106.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23106.json
index 2a324d5de88..886e479ecea 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23106.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23106.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23106",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.207",
- "lastModified": "2022-01-18T19:34:52.043",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.023",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23107.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23107.json
index 82ee48170ac..dd0bf310851 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23107.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23107.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23107",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.257",
- "lastModified": "2022-03-23T17:19:42.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.083",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23108.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23108.json
index ace90900696..9b561716f9b 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23108.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23108.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23108",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.303",
- "lastModified": "2022-01-18T19:39:27.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23109.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23109.json
index fae80c76870..d10c70cc127 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23109.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23109.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23109",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.347",
- "lastModified": "2022-01-18T19:43:37.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.213",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-668"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23110.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23110.json
index a03d9a27a39..3939d29eb4c 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23110.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23110.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23110",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.397",
- "lastModified": "2022-01-18T19:44:52.813",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.267",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23111.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23111.json
index f24513a4558..92150191a58 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23111.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23111.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23111",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.450",
- "lastModified": "2022-01-18T19:46:52.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.330",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23112.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23112.json
index 0fd82130ca8..c9ea0945f7e 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23112.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23112.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23112",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.507",
- "lastModified": "2022-01-18T19:48:06.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23113.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23113.json
index 9d3f1d51ff5..9eb7a6c6159 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23113.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23113.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23113",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.557",
- "lastModified": "2022-01-19T20:18:15.133",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.453",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23114.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23114.json
index 2143b7e9f69..176e38eb58b 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23114.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23114.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23114",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.607",
- "lastModified": "2022-01-18T19:49:23.150",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.510",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23115.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23115.json
index a63a6366d4d..17938d0152d 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23115.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23115.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23115",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.657",
- "lastModified": "2022-01-18T19:51:16.577",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.573",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23116.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23116.json
index 40259389725..4be14d1029c 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23116.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23116.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23116",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.707",
- "lastModified": "2022-01-18T20:40:55.290",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.630",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-311"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json
index b897d1bac79..e90117cfeb6 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23117.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23117",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.757",
- "lastModified": "2022-01-19T20:21:34.433",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-269"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2522%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json b/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json
index 9ec155ef644..738df0e1945 100644
--- a/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json
+++ b/CVE-2022/CVE-2022-231xx/CVE-2022-23118.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23118",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-01-12T20:15:09.807",
- "lastModified": "2023-06-27T19:03:24.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-668"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-232xx/CVE-2022-23220.json b/CVE-2022/CVE-2022-232xx/CVE-2022-23220.json
index cfe639a6e2e..7f7e3108fa9 100644
--- a/CVE-2022/CVE-2022-232xx/CVE-2022-23220.json
+++ b/CVE-2022/CVE-2022-232xx/CVE-2022-23220.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23220",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-01-21T16:15:08.193",
- "lastModified": "2022-01-27T18:10:43.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T07:15:37.307",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-287"
+ "value": "CWE-306"
}
]
}
@@ -132,6 +132,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://security.gentoo.org/glsa/202310-15",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://www.debian.org/security/2022/dsa-5052",
"source": "cve@mitre.org",
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23468.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23468.json
index 886f0392be4..360cdd1d41a 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23468.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23468.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23468",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:13.047",
- "lastModified": "2023-09-19T05:16:07.477",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:29:09.967",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +64,16 @@
"value": "CWE-120"
}
]
+ },
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
}
],
"configurations": [
@@ -82,6 +92,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +119,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23477.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23477.json
index 42964dcc673..3287e6a8df7 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23477.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23477.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23477",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:13.787",
- "lastModified": "2023-09-19T05:16:53.837",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:07:09.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23478.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23478.json
index 5e772e4e1ef..2918761fb57 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23478.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23478.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23478",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:14.207",
- "lastModified": "2023-09-19T05:16:55.783",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:29:20.227",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23479.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23479.json
index 4fa31a9f9b0..814e9b3bbf0 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23479.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23479.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23479",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:14.817",
- "lastModified": "2023-09-19T05:16:57.237",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:29:49.307",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23480.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23480.json
index 7cf0618e3a9..b0e63a8ef95 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23480.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23480.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23480",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:15.530",
- "lastModified": "2023-09-19T05:17:02.960",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:27:17.610",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -92,6 +92,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -104,7 +119,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23481.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23481.json
index d3ce6cacd32..6e412c8f4c3 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23481.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23481.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23481",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:16.153",
- "lastModified": "2023-09-19T05:17:04.317",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:27:49.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23482.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23482.json
index 67c1c44a692..9b348a885b4 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23482.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23482.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23482",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:16.557",
- "lastModified": "2023-09-19T05:17:05.350",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:28:01.137",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23483.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23483.json
index 859f1317db1..3898e8b4362 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23483.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23483.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23483",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:16.877",
- "lastModified": "2023-09-19T05:17:06.230",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:22:04.263",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23484.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23484.json
index f93781ef81f..f316269c1a7 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23484.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23484.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23484",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:17.207",
- "lastModified": "2023-09-19T05:17:07.450",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:22:19.020",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-234xx/CVE-2022-23493.json b/CVE-2022/CVE-2022-234xx/CVE-2022-23493.json
index af2adc4b871..50a9f0b71c6 100644
--- a/CVE-2022/CVE-2022-234xx/CVE-2022-23493.json
+++ b/CVE-2022/CVE-2022-234xx/CVE-2022-23493.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-23493",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-12-09T18:15:17.643",
- "lastModified": "2023-09-19T05:17:08.953",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:22:23.907",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -94,7 +109,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5502",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24400.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24400.json
new file mode 100644
index 00000000000..4bb55c9cfba
--- /dev/null
+++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24400.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2022-24400",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:08.930",
+ "lastModified": "2023-10-25T18:45:06.947",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS challenge RAND2 to set session key DCK to zero."
+ },
+ {
+ "lang": "es",
+ "value": "Una falla en el procedimiento de autenticaci\u00f3n TETRA permite que un adversario MITM que puede predecir el desaf\u00edo MS RAND2 establezca la clave de sesi\u00f3n DCK en cero."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 4.2
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24401.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24401.json
new file mode 100644
index 00000000000..3469374ddd2
--- /dev/null
+++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24401.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2022-24401",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.510",
+ "lastModified": "2023-10-25T19:24:09.957",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA keystream generator. IV generation is based upon several TDMA frame counters, which are frequently broadcast by the infrastructure in an unauthenticated manner. An active adversary can manipulate the view of these counters in a mobile station, provoking keystream re-use. By sending crafted messages to the MS and analyzing MS responses, keystream for arbitrary frames can be recovered."
+ },
+ {
+ "lang": "es",
+ "value": "Reutilizaci\u00f3n del flujo de claves inducida por el adversario en el tr\u00e1fico cifrado de interfaz a\u00e9rea TETRA utilizando cualquier generador de flujo de claves TEA. La generaci\u00f3n IV se basa en varios contadores de frame TDMA, que frecuentemente la infraestructura transmite sin autenticaci\u00f3n. Un adversario activo puede manipular la vista de estos contadores en una estaci\u00f3n m\u00f3vil, provocando la reutilizaci\u00f3n del flujo de claves. Al enviar mensajes manipulados al MS y analizar las respuestas del MS, se puede recuperar el flujo de claves de frames arbitrarios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24402.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24402.json
new file mode 100644
index 00000000000..bb0d20c7c1f
--- /dev/null
+++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24402.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2022-24402",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.573",
+ "lastModified": "2023-10-25T16:16:34.507",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks."
+ },
+ {
+ "lang": "es",
+ "value": "El generador de flujo de claves TETRA TEA1 implementa una funci\u00f3n de inicializaci\u00f3n de registro de claves que comprime la clave de 80 bits a solo 32 bits para su uso durante la fase de generaci\u00f3n del flujo de claves, lo cual es insuficiente para protegerse contra ataques de b\u00fasqueda exhaustiva."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-307"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-244xx/CVE-2022-24404.json b/CVE-2022/CVE-2022-244xx/CVE-2022-24404.json
new file mode 100644
index 00000000000..9603a60b0a4
--- /dev/null
+++ b/CVE-2022/CVE-2022-244xx/CVE-2022-24404.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2022-24404",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.627",
+ "lastModified": "2023-10-25T16:15:53.220",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion."
+ },
+ {
+ "lang": "es",
+ "value": "Falta de verificaci\u00f3n de integridad criptogr\u00e1fica en el tr\u00e1fico cifrado de interfaz a\u00e9rea TETRA. Dado que se emplea un cifrado de flujo, esto permite que un adversario activo manipule datos de texto plano bit a bit."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-354"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:midnightblue:tetra\\:burst:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E47ED5D3-E6C3-419A-9A3B-9F20863B9FDA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2433.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2433.json
index b09eacb24e7..74cd61fc7cb 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2433.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2433.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2433",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.590",
- "lastModified": "2022-09-09T19:48:56.207",
+ "lastModified": "2023-10-24T20:43:23.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "HIGH",
- "userInteraction": "NONE",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 7.2,
+ "baseScore": 8.8,
"baseSeverity": "HIGH"
},
- "exploitabilityScore": 1.2,
+ "exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
@@ -90,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:connekthq:ajax_load_more:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "5.5.3",
- "matchCriteriaId": "F53D9CB5-1960-4C57-903D-9AA1027862D8"
+ "versionEndExcluding": "5.5.4",
+ "matchCriteriaId": "506CF2A6-A4C6-4243-A655-96694C37296D"
}
]
}
@@ -103,7 +103,13 @@
"url": "https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2434.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2434.json
index a698bc64ce6..918a7d79584 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2434.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2434.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2434",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.650",
- "lastModified": "2022-09-09T19:52:29.983",
+ "lastModified": "2023-10-24T20:43:32.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -73,10 +73,6 @@
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
- {
- "lang": "en",
- "value": "CWE-352"
- },
{
"lang": "en",
"value": "CWE-502"
@@ -107,14 +103,20 @@
"url": "https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59",
"source": "security@wordfence.com",
"tags": [
- "Third Party Advisory"
+ "Broken Link"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2759486%40string-locator&new=2759486%40string-locator&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2435.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2435.json
index 3afb22760e5..98f4cbc52a8 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2435.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2435.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2435",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:09.187",
- "lastModified": "2022-07-25T15:18:56.713",
+ "lastModified": "2023-10-24T20:42:34.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -96,6 +106,13 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/174eae70-15d7-4772-8fcd-dc4c0fca5b7d?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2435",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2436.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2436.json
index 556dbbff4ea..3e4a958d8dd 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2436.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2436.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2436",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.710",
- "lastModified": "2022-09-12T13:18:41.737",
+ "lastModified": "2023-10-24T20:43:39.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -90,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "3.2.49",
- "matchCriteriaId": "42A9F9BB-E489-4F99-A986-E7FE20CEF35A"
+ "versionEndExcluding": "3.2.50",
+ "matchCriteriaId": "19251DD9-53AE-4A48-96FA-30E1C07B265A"
}
]
}
@@ -103,15 +103,20 @@
"url": "https://plugins.trac.wordpress.org/browser/download-manager/trunk/src/Admin/Menu/Packages.php#L68",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php&new=2761422%40download-manager%2Ftrunk%2Fsrc%2FAdmin%2FMenu%2FPackages.php",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2437.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2437.json
index 10dca6591f9..ed66a54e512 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2437.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2437.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2437",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:09.243",
- "lastModified": "2022-07-25T15:41:32.180",
+ "lastModified": "2023-10-24T20:42:41.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-502"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
}
],
"configurations": [
@@ -93,7 +103,13 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2754749%40feed-them-social&new=2754749%40feed-them-social&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2438.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2438.json
index c7ec9f95584..7a1e5ac438c 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2438.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2438.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2438",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.770",
- "lastModified": "2022-09-10T02:00:19.460",
+ "lastModified": "2023-10-24T20:27:56.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -90,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "1.11.16",
- "matchCriteriaId": "054F4826-66D3-418F-BE3D-F97015E90702"
+ "versionEndExcluding": "1.11.17",
+ "matchCriteriaId": "BA5D6B69-41F4-41A1-B594-8E11A3E7500E"
}
]
}
@@ -103,7 +103,13 @@
"url": "https://plugins.trac.wordpress.org/changeset/2757773/broken-link-checker/trunk/core/core.php?old=2605914&old_path=broken-link-checker%2Ftrunk%2Fcore%2Fcore.php",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2441.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2441.json
new file mode 100644
index 00000000000..e9e0ce22e97
--- /dev/null
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2441.json
@@ -0,0 +1,147 @@
+{
+ "id": "CVE-2022-2441",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.707",
+ "lastModified": "2023-10-27T18:53:39.887",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento ImageMagick Engine para WordPress es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s del par\u00e1metro 'cli_path' en versiones hasta la 1.7.5 incluida. Esto hace posible que usuarios no autenticados ejecuten comandos arbitrarios que conduzcan a la ejecuci\u00f3n remota de comandos, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. Esto hace posible que un atacante cree o modifique archivos alojados en el servidor, lo que puede otorgar f\u00e1cilmente a los atacantes acceso por puerta trasera al servidor afectado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:orangelab:imagemagick_engine:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.7.5",
+ "matchCriteriaId": "7B349E22-AA9C-4310-BCB9-D207A15CD10D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/orangelabweb/imagemagick-engine/blob/1.7.4/imagemagick-engine.php#L529",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://github.com/orangelabweb/imagemagick-engine/blob/v.1.7.2/imagemagick-engine.php#L529",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2801283%40imagemagick-engine%2Ftrunk&old=2732430%40imagemagick-engine%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/51025",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-2441",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2444.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2444.json
index c3240241611..d37b5515947 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2444.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2444.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2444",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-07-18T17:15:09.363",
- "lastModified": "2022-07-25T15:21:30.033",
+ "lastModified": "2023-10-24T20:42:47.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -103,31 +103,34 @@
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Module/Chart.php#L1115",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
- "Third Party Advisory"
+ "Product"
]
},
{
"url": "https://github.com/Codeinwp/visualizer/blob/master/classes/Visualizer/Source/Csv.php",
"source": "security@wordfence.com",
"tags": [
- "Exploit",
- "Third Party Advisory"
+ "Product"
]
},
{
"url": "https://github.com/Codeinwp/visualizer/compare/v3.7.9...v3.7.10",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2752058%40visualizer&new=2752058%40visualizer&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9606d92-8061-4dfc-a6e2-509b54613277?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2461.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2461.json
index 89909edbf3c..2e3efcffb1c 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2461.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2461.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-2461",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:13.890",
- "lastModified": "2022-09-09T17:16:54.787",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T21:15:07.527",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "security@wordfence.com",
"type": "Primary",
"description": [
{
@@ -70,7 +70,7 @@
]
},
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -132,6 +132,13 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2461",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-24xx/CVE-2022-2473.json b/CVE-2022/CVE-2022-24xx/CVE-2022-2473.json
index 8808eba0979..7644a1a3fe1 100644
--- a/CVE-2022/CVE-2022-24xx/CVE-2022-2473.json
+++ b/CVE-2022/CVE-2022-24xx/CVE-2022-2473.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2473",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:14.013",
- "lastModified": "2022-09-10T03:21:29.977",
+ "lastModified": "2023-10-24T20:28:46.317",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -112,8 +112,15 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758412%40wp-useronline&new=2758412%40wp-useronline&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.exploit-db.com/exploits/50988",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
]
},
{
@@ -124,12 +131,34 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.exploitalert.com/view-details.html?id=38912",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2473",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://youtu.be/Q3zInrUnAV0",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json
index d4a1eee578e..0025c603581 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25173.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25173",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.477",
- "lastModified": "2022-02-23T19:57:54.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json
index 9aa0eac98a3..61d896d65d5 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25174.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25174",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.560",
- "lastModified": "2022-02-23T20:00:35.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.910",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json
index 33d436677b6..6f5d961abb4 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25175.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25175",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.627",
- "lastModified": "2022-10-28T16:13:44.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:55.973",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-78"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-78"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json
index ef8e8fc83b7..4404102d6cd 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25176.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25176",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.697",
- "lastModified": "2022-02-24T01:47:56.463",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.037",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-59"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json
index 15f57579a3d..585ddae4a4e 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25177.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25177",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.767",
- "lastModified": "2022-02-24T01:54:29.653",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.097",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-59"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25178.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25178.json
index c7f77b5afe0..636d2d4a19c 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25178.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25178.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25178",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.837",
- "lastModified": "2022-02-24T01:58:58.740",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25179.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25179.json
index 087d6807a02..53e53f35f8d 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25179.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25179.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25179",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.907",
- "lastModified": "2022-02-24T02:05:52.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.210",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-59"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-59"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25180.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25180.json
index 8ef59c151ab..2124bf4e30f 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25180.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25180.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25180",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:08.977",
- "lastModified": "2023-07-10T19:34:39.193",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.267",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-319"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25181.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25181.json
index a7fcf7e0e14..34af19200b3 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25181.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25181.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25181",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.047",
- "lastModified": "2022-02-23T21:24:01.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.330",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25182.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25182.json
index 3a73561153c..2d6f8e1795f 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25182.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25182.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25182",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.120",
- "lastModified": "2022-02-23T21:24:46.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25183.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25183.json
index c899e4df3e8..c53376676aa 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25183.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25183.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25183",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.197",
- "lastModified": "2022-02-23T21:34:26.990",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.450",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25184.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25184.json
index dfa94bfb0ae..33fe3d5c7d6 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25184.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25184.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25184",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.270",
- "lastModified": "2022-02-23T21:10:42.487",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.513",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25185.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25185.json
index 0f0dd3ed5b8..809ab71b4ad 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25185.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25185.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25185",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.340",
- "lastModified": "2022-02-23T21:11:04.293",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.583",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25186.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25186.json
index cf0bcd4e192..5c881d67304 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25186.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25186.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25186",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.410",
- "lastModified": "2022-02-23T21:14:25.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.640",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25187.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25187.json
index af46b5ccf8f..d3e3f085173 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25187.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25187.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-25187",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.477",
- "lastModified": "2023-10-10T22:15:10.237",
+ "lastModified": "2023-10-25T18:16:56.697",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-212"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25188.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25188.json
index 80a7b4828a9..112ff58c0dd 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25188.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25188.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25188",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.547",
- "lastModified": "2022-02-23T20:26:57.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25189.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25189.json
index cbdf71d5233..41f6efa4654 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25189.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25189.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25189",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:09.880",
- "lastModified": "2022-02-23T19:43:20.780",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.823",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json
index 07765faa1fb..6aa97178c1e 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25190.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25190",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.147",
- "lastModified": "2022-02-23T20:20:31.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.887",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25191.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25191.json
index e1a341dd9c0..ab72a57a568 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25191.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25191.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25191",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.213",
- "lastModified": "2022-02-23T20:14:17.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:56.947",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25192.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25192.json
index 095a7a752c5..3c6daa520d6 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25192.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25192.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25192",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.283",
- "lastModified": "2022-10-28T14:24:09.563",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25193.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25193.json
index 3e740b83190..5c23b89edee 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25193.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25193.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25193",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.350",
- "lastModified": "2022-10-28T16:18:37.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.060",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25194.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25194.json
index 086093d2f7d..54935f05cdf 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25194.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25194.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25194",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.413",
- "lastModified": "2022-02-23T19:19:12.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.120",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25195.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25195.json
index 8a2efadd8c8..dece18e5fb8 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25195.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25195.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.470",
- "lastModified": "2022-02-23T19:22:38.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.173",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25196.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25196.json
index dc41fd4156f..aaaaa7f0d4e 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25196.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25196.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.537",
- "lastModified": "2022-02-23T19:57:44.403",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.233",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-601"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-601"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25197.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25197.json
index 514bd642f9d..ddbe13d12f1 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25197.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25197.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.600",
- "lastModified": "2022-02-23T19:28:51.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.287",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25198.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25198.json
index 78ff6eebefa..80d25a6109b 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25198.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25198.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.657",
- "lastModified": "2022-02-23T19:59:06.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.353",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-251xx/CVE-2022-25199.json b/CVE-2022/CVE-2022-251xx/CVE-2022-25199.json
index 10522d39aae..a05e5d79279 100644
--- a/CVE-2022/CVE-2022-251xx/CVE-2022-25199.json
+++ b/CVE-2022/CVE-2022-251xx/CVE-2022-25199.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25199",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.720",
- "lastModified": "2022-02-23T20:02:05.097",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25200.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25200.json
index a0ada1d6827..4039e033643 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25200.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25200.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25200",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.783",
- "lastModified": "2022-02-23T19:43:02.630",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25201.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25201.json
index 66b3113f229..36f3297c80d 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25201.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25201.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25201",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.850",
- "lastModified": "2022-02-23T19:45:42.780",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.537",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25202.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25202.json
index 546758eeb5e..02b152912a0 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25202.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25202.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25202",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.913",
- "lastModified": "2022-02-23T20:05:33.413",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.597",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25203.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25203.json
index 984eb9f470f..35f57b9eec3 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25203.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25203.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25203",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:10.977",
- "lastModified": "2022-02-23T20:07:00.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.657",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25204.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25204.json
index 846f4696326..c9323cf566c 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25204.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25204.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25204",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.047",
- "lastModified": "2022-02-23T20:12:12.100",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.717",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25205.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25205.json
index 7d066357e36..f09cb0ab408 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25205.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25205.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.107",
- "lastModified": "2022-02-23T19:53:06.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.773",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25206.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25206.json
index 643cb4f7df2..53db0074b7b 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25206.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25206.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25206",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.167",
- "lastModified": "2022-02-23T20:13:34.333",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.827",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25207.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25207.json
index ca0b4c92b27..50ec5292ef6 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25207.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25207.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25207",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.227",
- "lastModified": "2022-02-23T20:14:20.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.887",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25208.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25208.json
index 8b708bab92e..999df0586b9 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25208.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25208.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25208",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.287",
- "lastModified": "2022-02-23T20:15:28.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:57.940",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25209.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25209.json
index c5715fb8142..4147cd8169d 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25209.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25209.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25209",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.343",
- "lastModified": "2022-02-23T20:16:22.917",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25210.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25210.json
index 8d20eddf73d..54ddcc714fc 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25210.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25210.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25210",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.397",
- "lastModified": "2022-02-23T20:17:29.670",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.053",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-662"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-820"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25211.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25211.json
index d4dbdbc171f..44cbb7b91b3 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25211.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25211.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.457",
- "lastModified": "2022-02-23T20:18:25.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-252xx/CVE-2022-25212.json b/CVE-2022/CVE-2022-252xx/CVE-2022-25212.json
index 2b13e4b2dde..7871639fef1 100644
--- a/CVE-2022/CVE-2022-252xx/CVE-2022-25212.json
+++ b/CVE-2022/CVE-2022-252xx/CVE-2022-25212.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-02-15T17:15:11.573",
- "lastModified": "2022-02-23T20:18:50.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.167",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-253xx/CVE-2022-25319.json b/CVE-2022/CVE-2022-253xx/CVE-2022-25319.json
index f877eb1eb85..3f1223f0184 100644
--- a/CVE-2022/CVE-2022-253xx/CVE-2022-25319.json
+++ b/CVE-2022/CVE-2022-253xx/CVE-2022-25319.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25319",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.507",
- "lastModified": "2023-10-10T22:15:10.363",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T21:03:02.690",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -104,7 +104,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-forgotten-endpoint-authentication-bypass-with-open-prefix/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-253xx/CVE-2022-25321.json b/CVE-2022/CVE-2022-253xx/CVE-2022-25321.json
index f77de0d3b4a..a0b395460f8 100644
--- a/CVE-2022/CVE-2022-253xx/CVE-2022-25321.json
+++ b/CVE-2022/CVE-2022-253xx/CVE-2022-25321.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-25321",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-02-18T06:15:10.587",
- "lastModified": "2023-10-10T22:15:10.443",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T21:02:59.300",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -112,7 +112,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-be-careful-with-reflections-for-your-web-application-security/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-253xx/CVE-2022-25332.json b/CVE-2022/CVE-2022-253xx/CVE-2022-25332.json
new file mode 100644
index 00000000000..b3c7ea91961
--- /dev/null
+++ b/CVE-2022/CVE-2022-253xx/CVE-2022-25332.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2022-25332",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.683",
+ "lastModified": "2023-10-19T12:59:29.480",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs. Using this side channel, the SK_LOAD secure kernel routine can be used to recover the Customer Encryption Key (CEK)."
+ },
+ {
+ "lang": "es",
+ "value": "La implementaci\u00f3n de AES en Texas Instruments OMAP L138 (variantes seguras), presente en la m\u00e1scara ROM, sufre de un canal lateral de temporizaci\u00f3n que puede ser explotado por un adversario con privilegios de supervisor no seguros al administrar el contenido de la cach\u00e9 y recopilar informaci\u00f3n de temporizaci\u00f3n para diferentes entradas de texto cifrado. Usando este canal lateral, la rutina de kernel segura SK_LOAD se puede usar para recuperar el Customer Encryption Key (CEK)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-253xx/CVE-2022-25333.json b/CVE-2022/CVE-2022-253xx/CVE-2022-25333.json
new file mode 100644
index 00000000000..5ad1857f48d
--- /dev/null
+++ b/CVE-2022/CVE-2022-253xx/CVE-2022-25333.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2022-25333",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.747",
+ "lastModified": "2023-10-19T12:59:29.480",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture."
+ },
+ {
+ "lang": "es",
+ "value": "Texas Instruments OMAP L138 (variantes seguras) Trusted Execution Environment (TEE) realiza una verificaci\u00f3n RSA implementada en la m\u00e1scara ROM al cargar un m\u00f3dulo a trav\u00e9s de la rutina SK_LOAD. Sin embargo, s\u00f3lo se valida la autenticidad del encabezado del m\u00f3dulo. Un adversario puede reutilizar cualquier encabezado firmado correctamente y agregar un payload falsificado, que se cifrar\u00e1 mediante CEK (que se puede obtener a trav\u00e9s de CVE-2022-25332) para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario en un contexto seguro. Esto constituye una ruptura total de la arquitectura de seguridad de TEE."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-253xx/CVE-2022-25334.json b/CVE-2022/CVE-2022-253xx/CVE-2022-25334.json
new file mode 100644
index 00000000000..a555f98e6fd
--- /dev/null
+++ b/CVE-2022/CVE-2022-253xx/CVE-2022-25334.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2022-25334",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.803",
+ "lastModified": "2023-10-19T12:59:29.480",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture."
+ },
+ {
+ "lang": "es",
+ "value": "Texas Instruments OMAP L138 (variantes seguras) Trusted Execution Environment (TEE) carece de una verificaci\u00f3n de l\u00edmites en el campo de tama\u00f1o de firma en la rutina de carga del m\u00f3dulo SK_LOAD, presente en la m\u00e1scara ROM. Un m\u00f3dulo con un campo de firma suficientemente grande provoca un desbordamiento de la pila, lo que afecta las p\u00e1ginas seguras de datos del kernel. Esto se puede aprovechar para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario en un contexto de supervisor seguro sobrescribiendo un puntero de funci\u00f3n SHA256 en el \u00e1rea segura de datos del kernel al cargar un m\u00f3dulo SK_LOAD falsificado y sin firmar cifrado con CEK (obtenible a trav\u00e9s de CVE-2022-25332). Esto constituye una ruptura total de la arquitectura de seguridad de TEE."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2515.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2515.json
index 45d7ed84782..50915514179 100644
--- a/CVE-2022/CVE-2022-25xx/CVE-2022-2515.json
+++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2515.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2515",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:14.077",
- "lastModified": "2022-09-10T03:20:54.893",
+ "lastModified": "2023-10-24T20:29:16.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -90,8 +90,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_banner_project:simple_banner:*:*:*:*:*:wordpress:*:*",
- "versionEndIncluding": "2.11.0",
- "matchCriteriaId": "6BF6B653-A47E-498D-8BD0-180E226DA0AC"
+ "versionEndExcluding": "2.12.0",
+ "matchCriteriaId": "D3ABAB26-E082-4B33-ACA9-710D8987D6DF"
}
]
}
@@ -111,7 +111,13 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2758766%40simple-banner&new=2758766%40simple-banner&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
- "Patch",
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
"Third Party Advisory"
]
},
diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2518.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2518.json
index 1a35537621c..076abd696a9 100644
--- a/CVE-2022/CVE-2022-25xx/CVE-2022-2518.json
+++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2518.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-2518",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:14.260",
- "lastModified": "2022-09-09T19:22:54.837",
+ "lastModified": "2023-10-29T02:38:51.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -68,6 +68,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -96,6 +106,20 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://wordpress.org/plugins/stockists-manager/",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2518",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2541.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2541.json
index 441a5316bb2..ce791e83841 100644
--- a/CVE-2022/CVE-2022-25xx/CVE-2022-2541.json
+++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2541.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-2541",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:14.377",
- "lastModified": "2022-09-13T15:37:23.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:18.660",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -115,6 +115,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2541",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2542.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2542.json
index d75c8a87d07..0a13f66cbd8 100644
--- a/CVE-2022/CVE-2022-25xx/CVE-2022-2542.json
+++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2542.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-2542",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:14.437",
- "lastModified": "2022-09-13T15:48:21.553",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:18.763",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -115,6 +115,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2542",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-261xx/CVE-2022-26183.json b/CVE-2022/CVE-2022-261xx/CVE-2022-26183.json
index ac28bbfaa20..99e87ab877c 100644
--- a/CVE-2022/CVE-2022-261xx/CVE-2022-26183.json
+++ b/CVE-2022/CVE-2022-261xx/CVE-2022-26183.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-26183",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-21T22:15:07.987",
- "lastModified": "2022-03-29T14:30:07.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T23:15:09.150",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -121,6 +121,10 @@
"Release Notes",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-261xx/CVE-2022-26184.json b/CVE-2022/CVE-2022-261xx/CVE-2022-26184.json
index 26908af092a..beae98b6167 100644
--- a/CVE-2022/CVE-2022-261xx/CVE-2022-26184.json
+++ b/CVE-2022/CVE-2022-261xx/CVE-2022-26184.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-26184",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-21T22:15:08.030",
- "lastModified": "2022-03-29T14:56:10.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T22:15:08.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -121,6 +121,10 @@
"Release Notes",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-269xx/CVE-2022-26941.json b/CVE-2022/CVE-2022-269xx/CVE-2022-26941.json
new file mode 100644
index 00000000000..978ce8bfc16
--- /dev/null
+++ b/CVE-2022/CVE-2022-269xx/CVE-2022-26941.json
@@ -0,0 +1,138 @@
+{
+ "id": "CVE-2022-26941",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.860",
+ "lastModified": "2023-10-25T18:31:50.603",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de cadena de formato en el controlador de comandos AT del firmware de la serie Motorola MTM5000 para el comando AT+CTGL. Una cadena controlable por un atacante se maneja incorrectamente, lo que permite un escenario en el que se puede escribir cualquier cosa en cualquier lugar. Esto se puede aprovechar para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario dentro del binario teds_app, que se ejecuta con privilegios de root."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.6,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-134"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Technical Description"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-269xx/CVE-2022-26942.json b/CVE-2022/CVE-2022-269xx/CVE-2022-26942.json
new file mode 100644
index 00000000000..1e14b0813cd
--- /dev/null
+++ b/CVE-2022/CVE-2022-269xx/CVE-2022-26942.json
@@ -0,0 +1,138 @@
+{
+ "id": "CVE-2022-26942",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.913",
+ "lastModified": "2023-10-25T19:01:11.123",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives. "
+ },
+ {
+ "lang": "es",
+ "value": "Los firmwares de la serie Motorola MTM5000 carecen de validaci\u00f3n de puntero en los argumentos pasados a los m\u00f3dulos Trusted Execution Environment (TEE). Se utilizan dos m\u00f3dulos, uno responsable de la gesti\u00f3n de claves KVL y el otro de la funcionalidad criptogr\u00e1fica TETRA. En ambos m\u00f3dulos, un adversario con una ejecuci\u00f3n de c\u00f3digo de nivel de supervisor no segura puede aprovechar el problema para obtener una ejecuci\u00f3n segura de c\u00f3digo de supervisor dentro del TEE. Esto constituye una ruptura total del m\u00f3dulo TEE, exponiendo la clave del dispositivo, as\u00ed como cualquier clave criptogr\u00e1fica TETRA y las primitivas criptogr\u00e1ficas TETRA confidenciales."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-763"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Technical Description"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-269xx/CVE-2022-26943.json b/CVE-2022/CVE-2022-269xx/CVE-2022-26943.json
new file mode 100644
index 00000000000..0b6a6067729
--- /dev/null
+++ b/CVE-2022/CVE-2022-269xx/CVE-2022-26943.json
@@ -0,0 +1,138 @@
+{
+ "id": "CVE-2022-26943",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:09.963",
+ "lastModified": "2023-10-27T21:54:14.067",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400."
+ },
+ {
+ "lang": "es",
+ "value": "Los firmwares de la serie Motorola MTM5000 generan desaf\u00edos de autenticaci\u00f3n TETRA utilizando un PRNG que utiliza un registro de conteo de ticks como \u00fanica fuente de entrop\u00eda. La baja entrop\u00eda del tiempo de arranque y la resiembra limitada del grupo hacen que el desaf\u00edo de autenticaci\u00f3n sea vulnerable a dos ataques. En primer lugar, debido a la entrop\u00eda limitada del grupo de tiempo de arranque, un adversario puede derivar el contenido del grupo de entrop\u00eda mediante una b\u00fasqueda exhaustiva de valores posibles, bas\u00e1ndose en un desaf\u00edo de autenticaci\u00f3n observado. En segundo lugar, un adversario puede utilizar el conocimiento del conjunto de entrop\u00eda para predecir los desaf\u00edos de autenticaci\u00f3n. Como tal, la unidad es vulnerable a CVE-2022-24400."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-338"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Technical Description"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27195.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27195.json
index 42bdb74f8ff..36c9ad1a23c 100644
--- a/CVE-2022/CVE-2022-271xx/CVE-2022-27195.json
+++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27195.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:09.540",
- "lastModified": "2023-01-30T19:18:33.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.227",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-538"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27196.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27196.json
index a9e86af569d..ec5aecb773a 100644
--- a/CVE-2022/CVE-2022-271xx/CVE-2022-27196.json
+++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27196.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:09.920",
- "lastModified": "2022-03-23T17:56:53.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27197.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27197.json
index c76ab3bcc4d..e0657dead8d 100644
--- a/CVE-2022/CVE-2022-271xx/CVE-2022-27197.json
+++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27197.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.077",
- "lastModified": "2022-03-23T17:55:15.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27198.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27198.json
index 91d5ba94e82..cc228745318 100644
--- a/CVE-2022/CVE-2022-271xx/CVE-2022-27198.json
+++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27198.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.190",
- "lastModified": "2022-03-23T18:04:57.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.427",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-271xx/CVE-2022-27199.json b/CVE-2022/CVE-2022-271xx/CVE-2022-27199.json
index 8009752c2bf..0340b539910 100644
--- a/CVE-2022/CVE-2022-271xx/CVE-2022-27199.json
+++ b/CVE-2022/CVE-2022-271xx/CVE-2022-27199.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27199",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.320",
- "lastModified": "2022-10-17T19:21:51.560",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.493",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27200.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27200.json
index f737b02865c..43db063f400 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27200.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27200.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27200",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.433",
- "lastModified": "2022-03-22T19:21:53.073",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.553",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27201.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27201.json
index bf617a45b10..60fbcad9c53 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27201.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27201.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27201",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.527",
- "lastModified": "2022-11-29T13:43:09.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27202.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27202.json
index 569bf770cf4..aa805af3a44 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27202.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27202.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27202",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.757",
- "lastModified": "2022-03-23T13:29:00.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.703",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27203.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27203.json
index 252d3edfa0f..6edae0e4b0c 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27203.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27203.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27203",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:10.877",
- "lastModified": "2022-03-23T13:36:54.147",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.807",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27204.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27204.json
index 7f3f21cb9fb..1a553e55b88 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27204.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27204.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27204",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.073",
- "lastModified": "2022-03-23T14:17:17.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27205.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27205.json
index 8b36a541014..8148a973de0 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27205.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27205.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.203",
- "lastModified": "2022-10-17T19:20:49.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.933",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27206.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27206.json
index ed3e0f78df3..3a4e430f15c 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27206.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27206.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27206",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.340",
- "lastModified": "2022-10-17T19:29:34.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:58.987",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27207.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27207.json
index f9ce55fefd2..4c517c05c8b 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27207.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27207.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27207",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.557",
- "lastModified": "2022-03-23T14:34:12.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.053",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27208.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27208.json
index a8eb9a4dfc3..cd6b5ef1580 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27208.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27208.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27208",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.653",
- "lastModified": "2022-03-22T19:32:01.227",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.113",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27209.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27209.json
index 852e872eba3..8810dff3729 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27209.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27209.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27209",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.753",
- "lastModified": "2022-03-24T20:31:19.123",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.167",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27210.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27210.json
index 00897ecc11f..5e84fe3158c 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27210.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27210.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27210",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.857",
- "lastModified": "2022-05-23T16:21:17.017",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.227",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json
index cc4850383d6..9c1f39b5196 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27211.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:11.947",
- "lastModified": "2023-10-10T22:15:10.507",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T18:16:59.307",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27212.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27212.json
index a4884bbe36a..e0b87d65fa3 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27212.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27212.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.130",
- "lastModified": "2022-03-22T15:08:02.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.393",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27213.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27213.json
index 032caaa4dee..609b022ea07 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27213.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27213.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27213",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.263",
- "lastModified": "2022-03-25T12:07:51.960",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.463",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27214.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27214.json
index fe33702e09a..534eb13e563 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27214.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27214.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27214",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.433",
- "lastModified": "2022-03-22T17:31:18.780",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.523",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27215.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27215.json
index ced878fc80f..b0d6b0f2497 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27215.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27215.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27215",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.523",
- "lastModified": "2022-10-17T19:20:24.693",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.580",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27216.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27216.json
index a2e949fb64b..15e74c9c64a 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27216.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27216.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27216",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.637",
- "lastModified": "2022-03-25T13:21:37.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.640",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27217.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27217.json
index 13c36a06da7..0fbf2acfa08 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27217.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27217.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27217",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.777",
- "lastModified": "2022-03-25T13:45:23.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.703",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27218.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27218.json
index 324cad58379..353582e4213 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27218.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27218.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27218",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-15T17:15:12.877",
- "lastModified": "2023-07-18T13:53:44.023",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-272xx/CVE-2022-27261.json b/CVE-2022/CVE-2022-272xx/CVE-2022-27261.json
index da51644c4e3..22d04e1fb2c 100644
--- a/CVE-2022/CVE-2022-272xx/CVE-2022-27261.json
+++ b/CVE-2022/CVE-2022-272xx/CVE-2022-27261.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-27261",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-12T17:15:09.973",
- "lastModified": "2022-04-19T19:35:56.367",
+ "lastModified": "2023-10-18T16:03:27.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27510.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27510.json
index 6c98bafa250..c2e150a6d11 100644
--- a/CVE-2022/CVE-2022-275xx/CVE-2022-27510.json
+++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27510.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-27510",
"sourceIdentifier": "secure@citrix.com",
"published": "2022-11-08T22:15:13.020",
- "lastModified": "2022-11-09T22:03:45.173",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T17:15:08.340",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Unauthorized access to Gateway user capabilities"
+ "value": "Unauthorized access to Gateway user capabilities \n"
+ },
+ {
+ "lang": "es",
+ "value": "Acceso no autorizado a las capacidades del usuario de Gateway"
}
],
"metrics": {
@@ -78,7 +82,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27513.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27513.json
index 0f2f6a0d8dd..0116f432447 100644
--- a/CVE-2022/CVE-2022-275xx/CVE-2022-27513.json
+++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27513.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-27513",
"sourceIdentifier": "secure@citrix.com",
"published": "2022-11-08T22:15:13.313",
- "lastModified": "2022-11-09T22:04:00.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T18:15:08.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Remote desktop takeover via phishing"
+ "value": "Remote desktop takeover via phishing \n"
+ },
+ {
+ "lang": "es",
+ "value": "Adquisici\u00f3n de escritorio remoto mediante phishing"
}
],
"metrics": {
@@ -78,7 +82,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27516.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27516.json
index 0158706c144..2a8a1178d97 100644
--- a/CVE-2022/CVE-2022-275xx/CVE-2022-27516.json
+++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27516.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-27516",
"sourceIdentifier": "secure@citrix.com",
"published": "2022-11-08T22:15:13.633",
- "lastModified": "2022-11-09T19:29:17.697",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T18:15:08.840",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "User login brute force protection functionality bypass"
+ "value": "User login brute force protection functionality bypass \n"
+ },
+ {
+ "lang": "es",
+ "value": "Omisi\u00f3n de la funcionalidad de protecci\u00f3n de fuerza bruta de inicio de sesi\u00f3n de usuario"
}
],
"metrics": {
@@ -78,7 +82,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
diff --git a/CVE-2022/CVE-2022-275xx/CVE-2022-27518.json b/CVE-2022/CVE-2022-275xx/CVE-2022-27518.json
index c8bc8cc9ad2..421aef63f27 100644
--- a/CVE-2022/CVE-2022-275xx/CVE-2022-27518.json
+++ b/CVE-2022/CVE-2022-275xx/CVE-2022-27518.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27518",
"sourceIdentifier": "secure@citrix.com",
"published": "2022-12-13T17:15:14.350",
- "lastModified": "2022-12-14T15:20:07.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T18:15:08.927",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2022-12-13",
"cisaActionDue": "2023-01-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
- "value": "Unauthenticated remote arbitrary code execution"
+ "value": "Unauthenticated remote arbitrary code execution\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json b/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json
index cab50ae31ab..6ba12868d44 100644
--- a/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json
+++ b/CVE-2022/CVE-2022-276xx/CVE-2022-27635.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-27635",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:11.817",
- "lastModified": "2023-09-30T22:15:09.903",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:57:03.990",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -161,6 +161,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -174,19 +214,32 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-278xx/CVE-2022-27813.json b/CVE-2022/CVE-2022-278xx/CVE-2022-27813.json
new file mode 100644
index 00000000000..d11da7ef1c0
--- /dev/null
+++ b/CVE-2022/CVE-2022-278xx/CVE-2022-27813.json
@@ -0,0 +1,138 @@
+{
+ "id": "CVE-2022-27813",
+ "sourceIdentifier": "cert@ncsc.nl",
+ "published": "2023-10-19T10:15:10.013",
+ "lastModified": "2023-10-27T21:53:38.570",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions."
+ },
+ {
+ "lang": "es",
+ "value": "Los firmwares de la serie Motorola MTM5000 carecen de protecci\u00f3n de memoria configurada correctamente para las p\u00e1ginas compartidas entre los n\u00facleos OMAP-L138 ARM y DSP. El SoC proporciona dos unidades de protecci\u00f3n de memoria, MPU1 y MPU2, para reforzar el l\u00edmite de confianza entre los dos n\u00facleos. Dado que los firmwares dejan ambas unidades sin configurar, un adversario con control sobre cualquiera de los n\u00facleos puede obtener trivialmente la ejecuci\u00f3n de c\u00f3digo en el otro, sobrescribiendo el c\u00f3digo ubicado en la RAM compartida o en las regiones de memoria DDR2."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ },
+ {
+ "source": "cert@ncsc.nl",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://tetraburst.com/",
+ "source": "cert@ncsc.nl",
+ "tags": [
+ "Technical Description"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28133.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28133.json
index 0321c85e821..0d81eb3ad41 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28133.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28133.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28133",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.030",
- "lastModified": "2022-04-04T16:40:30.790",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.827",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28134.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28134.json
index ee3aa6c82db..1fac5380b24 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28134.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28134.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28134",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.090",
- "lastModified": "2022-04-04T16:42:25.197",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:16:59.927",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28135.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28135.json
index 643ac9138e9..6b9db8e8383 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28135.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28135.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28135",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.137",
- "lastModified": "2023-07-18T13:55:54.120",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28136.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28136.json
index 703036061ae..1e4922caa7b 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28136.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28136.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28136",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.187",
- "lastModified": "2022-04-04T19:20:13.503",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28137.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28137.json
index df7b169e8fa..3a0512c1fce 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28137.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28137.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28137",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.233",
- "lastModified": "2022-10-17T19:20:06.863",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.150",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28138.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28138.json
index 3fb95b9abd2..16b40a0dbfb 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28138.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28138.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28138",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.277",
- "lastModified": "2022-04-04T16:14:53.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.207",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28139.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28139.json
index e3f962095c5..4f91bf82ba3 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28139.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28139.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28139",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.327",
- "lastModified": "2022-04-04T16:27:54.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.263",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28140.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28140.json
index d1453a68465..19ebfbc5207 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28140.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28140.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28140",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.377",
- "lastModified": "2022-04-04T15:57:10.867",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.323",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28141.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28141.json
index ecee1d05ef2..adebd4459a0 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28141.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28141.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28141",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.430",
- "lastModified": "2022-04-04T19:57:22.250",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28142.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28142.json
index 57c2a889914..ee4dda61d49 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28142.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28142.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28142",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.483",
- "lastModified": "2022-04-04T16:04:14.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.463",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-295"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28143.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28143.json
index ef0a45e2226..141299208a2 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28143.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28143.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28143",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.533",
- "lastModified": "2022-04-04T20:17:51.170",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.523",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28144.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28144.json
index a97b8066072..2027e086f7c 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28144.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28144.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28144",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.577",
- "lastModified": "2022-04-04T20:18:23.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28145.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28145.json
index 9acda1475f4..91117601a2b 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28145.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28145.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28145",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.627",
- "lastModified": "2022-04-04T20:08:25.077",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.643",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28146.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28146.json
index 73185338384..458435eac78 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28146.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28146.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28146",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.673",
- "lastModified": "2022-04-04T20:09:39.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.707",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28147.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28147.json
index 65cb8ca0572..669817f9df6 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28147.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28147.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28147",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.720",
- "lastModified": "2022-10-17T19:19:55.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.763",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28148.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28148.json
index edaee9782b2..f5c52b260b9 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28148.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28148.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28148",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:08.770",
- "lastModified": "2022-04-04T20:26:22.700",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.817",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28149.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28149.json
index 33a5628ca08..e79de373e12 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28149.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28149.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28149",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:09.060",
- "lastModified": "2022-04-04T20:30:04.143",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.887",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28150.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28150.json
index f1da697e9fc..d6d9418439a 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28150.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28150.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28150",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:09.517",
- "lastModified": "2022-04-05T14:38:05.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:00.947",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28151.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28151.json
index c12fdf6efbc..a60b5a7d5ac 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28151.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28151.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28151",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:09.680",
- "lastModified": "2022-04-04T19:01:54.483",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.003",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28152.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28152.json
index 8490c488807..ee3ed928db6 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28152.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28152.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28152",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:09.743",
- "lastModified": "2022-04-04T19:01:27.010",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.063",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
@@ -113,11 +103,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2062%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28153.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28153.json
index 9a6b874fb9d..31b80978261 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28153.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28153.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28153",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:09.953",
- "lastModified": "2022-04-04T18:59:57.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.127",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28154.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28154.json
index fa784337d54..5c734a61006 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28154.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28154.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28154",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.180",
- "lastModified": "2022-04-04T18:59:18.700",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.187",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28155.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28155.json
index d94e37f8479..662020b3a07 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28155.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28155.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28155",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.320",
- "lastModified": "2022-04-04T18:57:55.403",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.253",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28156.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28156.json
index b0f7faee5d8..68b816c4a3c 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28156.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28156.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28156",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.383",
- "lastModified": "2022-04-04T18:55:50.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.317",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28157.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28157.json
index b78c7c1ae3a..592cac70130 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28157.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28157.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28157",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.440",
- "lastModified": "2022-04-04T18:55:04.543",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.377",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28158.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28158.json
index 8adbaf0c555..cb3ccff8c12 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28158.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28158.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28158",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.497",
- "lastModified": "2022-04-04T18:54:05.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.447",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28159.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28159.json
index 17b8bd4fd8c..5fd5730b402 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28159.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28159.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28159",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.550",
- "lastModified": "2022-04-04T18:53:08.623",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.513",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-281xx/CVE-2022-28160.json b/CVE-2022/CVE-2022-281xx/CVE-2022-28160.json
index 537f886eaa5..fddd5a9f6db 100644
--- a/CVE-2022/CVE-2022-281xx/CVE-2022-28160.json
+++ b/CVE-2022/CVE-2022-281xx/CVE-2022-28160.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-28160",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-03-29T13:15:10.617",
- "lastModified": "2022-04-04T18:52:08.443",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.603",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-668"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-668"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28890.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28890.json
index c519dfc2f36..ed573cb98db 100644
--- a/CVE-2022/CVE-2022-288xx/CVE-2022-28890.json
+++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28890.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-28890",
"sourceIdentifier": "security@apache.org",
"published": "2022-05-05T09:15:08.140",
- "lastModified": "2022-05-13T14:48:57.747",
+ "lastModified": "2023-10-25T17:01:16.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -82,12 +82,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "4.2.0",
- "matchCriteriaId": "A59336DF-15F2-4610-932E-D53BD9869F2A"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:jena:4.4.0:*:*:*:*:*:*:*",
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29036.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29036.json
index 63285889aaa..3ff9be15b8b 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29036.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29036.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29036",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.080",
- "lastModified": "2022-04-20T18:15:11.647",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.687",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29037.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29037.json
index d5a5aa7b85b..73aece2ddb9 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29037.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29037.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29037",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.133",
- "lastModified": "2022-04-20T18:30:18.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29038.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29038.json
index d109c95e3f5..cfb3187704e 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29038.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29038.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29038",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.180",
- "lastModified": "2022-04-20T18:49:43.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.837",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29039.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29039.json
index 9f7978a46a0..919650bb399 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29039.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29039.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29039",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.227",
- "lastModified": "2022-04-20T18:30:48.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.900",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29040.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29040.json
index de3c7069df9..466fa5a890b 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29040.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29040.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29040",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.277",
- "lastModified": "2022-04-20T18:31:24.370",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:01.957",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29041.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29041.json
index 3c19931c225..7a145695b3d 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29041.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29041.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29041",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.327",
- "lastModified": "2022-04-20T18:33:13.677",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29042.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29042.json
index 6da4485c0e3..44017b29784 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29042.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29042.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29042",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.373",
- "lastModified": "2022-04-20T18:35:31.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.080",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29043.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29043.json
index 103b3bc160e..31ceef3f985 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29043.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29043.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29043",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.420",
- "lastModified": "2022-04-20T18:36:37.853",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.137",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29044.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29044.json
index fed2309bbfe..be9a9de8b47 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29044.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29044.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29044",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.470",
- "lastModified": "2022-04-20T18:37:48.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29045.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29045.json
index 35a89f40423..80237b36a91 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29045.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29045.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29045",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.520",
- "lastModified": "2022-04-20T18:51:46.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.290",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29046.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29046.json
index 8fb9da20927..903a77f72a3 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29046.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29046.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29046",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.567",
- "lastModified": "2022-10-27T16:56:14.080",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.350",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29047.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29047.json
index 658d2103cf1..47faec8525b 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29047.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29047.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29047",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.613",
- "lastModified": "2022-04-20T18:54:46.427",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29048.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29048.json
index 71860f52092..74ebae2ea63 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29048.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29048.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29048",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.663",
- "lastModified": "2022-10-27T16:56:21.503",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.493",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29049.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29049.json
index e13109cbff9..c3e18010380 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29049.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29049.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29049",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.713",
- "lastModified": "2023-07-21T16:44:35.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.553",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-20"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29050.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29050.json
index 0aaa7b85009..6e656a802d2 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29050.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29050.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29050",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.760",
- "lastModified": "2022-04-20T18:45:00.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29051.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29051.json
index 54162e105a6..bfb8ce3ec44 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29051.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29051.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29051",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.807",
- "lastModified": "2022-04-20T18:46:31.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.680",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-290xx/CVE-2022-29052.json b/CVE-2022/CVE-2022-290xx/CVE-2022-29052.json
index f0946f2eb05..dd61715ed34 100644
--- a/CVE-2022/CVE-2022-290xx/CVE-2022-29052.json
+++ b/CVE-2022/CVE-2022-290xx/CVE-2022-29052.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29052",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-04-12T20:15:09.850",
- "lastModified": "2022-04-20T18:48:19.420",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.743",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-294xx/CVE-2022-29464.json b/CVE-2022/CVE-2022-294xx/CVE-2022-29464.json
index 6a0a3bdaf2a..ac99a12ed1e 100644
--- a/CVE-2022/CVE-2022-294xx/CVE-2022-29464.json
+++ b/CVE-2022/CVE-2022-294xx/CVE-2022-29464.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29464",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-18T22:15:09.027",
- "lastModified": "2022-09-09T16:54:45.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T22:15:09.020",
+ "vulnStatus": "Modified",
"cisaExploitAdd": "2022-04-25",
"cisaActionDue": "2022-05-16",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
- "value": "Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0."
+ "value": "Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0."
},
{
"lang": "es",
@@ -94,7 +94,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-434"
+ "value": "CWE-22"
}
]
}
@@ -177,14 +177,6 @@
"Third Party Advisory"
]
},
- {
- "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738",
- "source": "cve@mitre.org",
- "tags": [
- "Mitigation",
- "Vendor Advisory"
- ]
- },
{
"url": "https://github.com/hakivvi/CVE-2022-29464",
"source": "cve@mitre.org",
@@ -192,6 +184,10 @@
"Exploit",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29528.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29528.json
index 6165a764227..a8559ad43a9 100644
--- a/CVE-2022/CVE-2022-295xx/CVE-2022-29528.json
+++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29528.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29528",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.417",
- "lastModified": "2023-10-10T22:15:10.603",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T21:02:27.433",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -120,7 +120,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-exploring-the-phar-deserialization-php-vulnerability-a-white-box-testing-example/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29529.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29529.json
index ca8f9bd158d..cd382cfa752 100644
--- a/CVE-2022/CVE-2022-295xx/CVE-2022-29529.json
+++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29529.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29529",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.467",
- "lastModified": "2023-10-10T22:15:10.687",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:26:58.803",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -112,7 +112,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29530.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29530.json
index 63e7b4dba25..b50cb36475a 100644
--- a/CVE-2022/CVE-2022-295xx/CVE-2022-29530.json
+++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29530.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29530",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.513",
- "lastModified": "2023-10-10T22:15:10.753",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:27:03.147",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -112,7 +112,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-295xx/CVE-2022-29531.json b/CVE-2022/CVE-2022-295xx/CVE-2022-29531.json
index 099c1ae1fc8..34353d77c05 100644
--- a/CVE-2022/CVE-2022-295xx/CVE-2022-29531.json
+++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29531.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29531",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-04-20T23:15:08.557",
- "lastModified": "2023-10-10T22:15:10.817",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T14:27:28.633",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -112,7 +112,11 @@
},
{
"url": "https://zigrin.com/cakephp-application-cybersecurity-research-protect-your-website-from-stored-xss-attacks-understanding-and-preventing-vulnerabilities-in-open-source-applications/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29900.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29900.json
index 383ba7627ee..9c4ac167b65 100644
--- a/CVE-2022/CVE-2022-299xx/CVE-2022-29900.json
+++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29900.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29900",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2022-07-12T19:15:08.383",
- "lastModified": "2023-07-21T16:55:37.847",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-17T18:15:10.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -77,7 +77,6 @@
],
"configurations": [
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -3459,6 +3458,10 @@
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/",
+ "source": "vulnerability@ncsc.ch"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29901.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29901.json
index 72101471378..006c3a66ab6 100644
--- a/CVE-2022/CVE-2022-299xx/CVE-2022-29901.json
+++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29901.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-29901",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2022-07-12T19:15:08.437",
- "lastModified": "2023-02-23T15:40:15.337",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-17T18:15:10.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -3725,7 +3725,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -3751,7 +3750,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -3837,7 +3835,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
@@ -3953,6 +3950,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability/",
+ "source": "vulnerability@ncsc.ch"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-29xx/CVE-2022-2941.json b/CVE-2022/CVE-2022-29xx/CVE-2022-2941.json
index a33577b278f..ae0ebee2dec 100644
--- a/CVE-2022/CVE-2022-29xx/CVE-2022-2941.json
+++ b/CVE-2022/CVE-2022-29xx/CVE-2022-2941.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-2941",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:15.200",
- "lastModified": "2022-10-01T02:16:20.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:18.873",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -70,7 +70,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
@@ -99,15 +99,6 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/168479/WordPress-WP-UserOnline-2.88.0-Cross-Site-Scripting.html",
- "source": "security@wordfence.com",
- "tags": [
- "Exploit",
- "Third Party Advisory",
- "VDB Entry"
- ]
- },
{
"url": "https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c",
"source": "security@wordfence.com",
@@ -116,6 +107,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://packetstormsecurity.com/files/168479/wpuseronline2880-xss.txt",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2770235%40wp-useronline&new=2770235%40wp-useronline&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
@@ -124,6 +119,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2941",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json b/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json
index eb35b6a0e0c..a5bcf845c92 100644
--- a/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json
+++ b/CVE-2022/CVE-2022-29xx/CVE-2022-2943.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-2943",
"sourceIdentifier": "security@wordfence.com",
"published": "2022-09-06T18:15:15.267",
- "lastModified": "2023-07-20T18:06:23.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T21:15:07.633",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "security@wordfence.com",
"type": "Primary",
"description": [
{
@@ -70,12 +70,12 @@
]
},
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-73"
+ "value": "CWE-22"
}
]
}
@@ -115,6 +115,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d643d07-7533-430b-a1d8-8e66a2a2c5e6?source=cve",
+ "source": "security@wordfence.com"
+ },
{
"url": "https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2943",
"source": "security@wordfence.com",
diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json
index 3d63bfa0825..779c0772991 100644
--- a/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json
+++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30122.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30122",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-05T22:15:10.227",
- "lastModified": "2023-07-21T16:56:08.727",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T19:15:08.350",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -96,6 +96,10 @@
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
index 8c91d486e58..8e49a6aa5b7 100644
--- a/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
+++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30123.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30123",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-05T22:15:10.280",
- "lastModified": "2022-12-07T04:38:59.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T19:15:08.450",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -95,6 +95,10 @@
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30945.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30945.json
index 6590cac63b9..91a50853973 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30945.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30945.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30945",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:08.647",
- "lastModified": "2022-11-16T18:31:32.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30946.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30946.json
index bdac1f533c1..3a17767cd35 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30946.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30946.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30946",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:08.737",
- "lastModified": "2022-05-26T04:50:02.587",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30947.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30947.json
index c9281495542..345f0d3a522 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30947.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30947.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30947",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:08.797",
- "lastModified": "2022-05-26T14:57:41.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:02.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-435"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30948.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30948.json
index 000b6601717..92191316ab8 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30948.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30948.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30948",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:08.853",
- "lastModified": "2022-05-26T15:00:28.320",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.013",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-435"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30949.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30949.json
index 2fa60540873..233a7944465 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30949.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30949.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30949",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:08.963",
- "lastModified": "2022-05-26T15:35:25.460",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-435"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30950.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30950.json
index 0623072f605..80e5d835641 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30950.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30950.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30950",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.073",
- "lastModified": "2022-05-26T15:31:43.850",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.143",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-120"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-119"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30951.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30951.json
index 1c53940fadf..881c08da950 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30951.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30951.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30951",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.187",
- "lastModified": "2022-05-26T15:32:40.163",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.210",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30952.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30952.json
index 3f6f99208d7..60109605929 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30952.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30952.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30952",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.293",
- "lastModified": "2022-11-11T02:44:30.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30953.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30953.json
index f8aa397a321..0d76efe274b 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30953.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30953.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30953",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.397",
- "lastModified": "2022-05-26T15:48:54.330",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.337",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30954.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30954.json
index de4120e0778..2a5c9680dbd 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30954.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30954.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30954",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.450",
- "lastModified": "2022-05-26T15:49:55.847",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30955.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30955.json
index d2e699d5488..f6965d49bf1 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30955.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30955.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30955",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.563",
- "lastModified": "2022-05-26T15:53:10.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.460",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30956.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30956.json
index 3e5997e5531..105ad069474 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30956.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30956.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30956",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.687",
- "lastModified": "2022-05-26T15:53:54.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.517",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30957.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30957.json
index 860bf52d117..ffbbea16856 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30957.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30957.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30957",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:09.910",
- "lastModified": "2022-05-26T15:54:24.277",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.577",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30958.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30958.json
index db12afb6811..edc6ca6b8e5 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30958.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30958.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30958",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.013",
- "lastModified": "2022-05-25T16:53:16.700",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.643",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30959.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30959.json
index e9af1acd082..86dc8221727 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30959.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30959.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30959",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.117",
- "lastModified": "2022-05-25T17:01:00.190",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.700",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30960.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30960.json
index 938cd61e7f7..787d85dabb7 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30960.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30960.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30960",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.203",
- "lastModified": "2022-05-25T13:43:53.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.760",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30961.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30961.json
index 555e30b7648..dceb3c81efc 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30961.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30961.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30961",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.293",
- "lastModified": "2022-05-25T13:43:37.280",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.820",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30962.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30962.json
index 93f669b796a..0ada348963e 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30962.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30962.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30962",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.417",
- "lastModified": "2022-05-25T13:42:48.457",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.880",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30963.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30963.json
index e8ff11c460f..c0f43df8f24 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30963.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30963.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30963",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.523",
- "lastModified": "2022-05-25T13:27:32.990",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.937",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30964.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30964.json
index ed02f40722f..635babb88ab 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30964.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30964.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30964",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.617",
- "lastModified": "2022-05-25T16:21:17.000",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:03.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30965.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30965.json
index 585176d1d68..676efab89e5 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30965.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30965.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30965",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.717",
- "lastModified": "2022-05-25T16:21:33.147",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.050",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30966.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30966.json
index 68637aa2559..05885e27b7f 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30966.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30966.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30966",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.827",
- "lastModified": "2023-06-29T14:51:00.000",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.113",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-116"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30967.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30967.json
index e8725908ad4..80c53888305 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30967.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30967.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30967",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:10.937",
- "lastModified": "2022-05-25T16:17:18.687",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.193",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30968.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30968.json
index 5c80fc63e07..bc2d045772a 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30968.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30968.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30968",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:11.037",
- "lastModified": "2022-05-25T16:12:55.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.270",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30969.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30969.json
index 3d285f16f74..b9b3c326757 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30969.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30969.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30969",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:11.147",
- "lastModified": "2022-05-25T15:27:28.980",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.327",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30970.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30970.json
index 8b6aaabbe0e..be71f6282b7 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30970.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30970.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30970",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:11.257",
- "lastModified": "2022-05-25T14:56:15.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30971.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30971.json
index 0c9b8047c19..da61e29713d 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30971.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30971.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30971",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:11.370",
- "lastModified": "2022-05-25T15:28:28.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.460",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30972.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30972.json
index 7c62d47e0fd..fc0e95c5420 100644
--- a/CVE-2022/CVE-2022-309xx/CVE-2022-30972.json
+++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30972.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-30972",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-05-17T15:15:11.477",
- "lastModified": "2022-05-25T16:59:09.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:04.517",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-30xx/CVE-2022-3059.json b/CVE-2022/CVE-2022-30xx/CVE-2022-3059.json
index 9cb7567f4b8..317360c16ee 100644
--- a/CVE-2022/CVE-2022-30xx/CVE-2022-3059.json
+++ b/CVE-2022/CVE-2022-30xx/CVE-2022-3059.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-3059",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.330",
- "lastModified": "2022-11-03T16:44:03.187",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database."
+ "value": "\nThe application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL injection it was possible to extract data from the database.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a m\u00faltiples instancias de inyecci\u00f3n SQL (autenticadas y no autenticadas) a trav\u00e9s de un par\u00e1metro vulnerable. Debido al soporte de consultas apiladas, se pudieron manipular e inyectar comandos SQL complejos en el par\u00e1metro vulnerable y, utilizando una inyecci\u00f3n SQL inferencial basada en suspensi\u00f3n, fue posible extraer datos de la base de datos."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-327xx/CVE-2022-32755.json b/CVE-2022/CVE-2022-327xx/CVE-2022-32755.json
index e615b80ba8b..09d6edb80fa 100644
--- a/CVE-2022/CVE-2022-327xx/CVE-2022-32755.json
+++ b/CVE-2022/CVE-2022-327xx/CVE-2022-32755.json
@@ -2,16 +2,40 @@
"id": "CVE-2022-32755",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T15:15:09.643",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:13:07.170",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Directory Server 6.4.0 es vulnerable a un ataque de XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 228505."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-611"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,49 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F41F379B-77B9-4D07-AF10-14C4A000ECA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213D3285-0B6B-49AD-81C2-7265F3349B09"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228505",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047428",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33161.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33161.json
index 10760752f0a..9ac39bb9b91 100644
--- a/CVE-2022/CVE-2022-331xx/CVE-2022-33161.json
+++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33161.json
@@ -2,16 +2,40 @@
"id": "CVE-2022-33161",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T15:15:09.723",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:32:01.117",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Directory Server 6.4.0 podr\u00eda permitir que un atacante remoto obtenga informaci\u00f3n confidencial, causada por una falla al habilitar correctamente HTTP Strict Transport Security. Un atacante podr\u00eda aprovechar esta vulnerabilidad para obtener informaci\u00f3n confidencial utilizando t\u00e9cnicas de intermediario. ID de IBM X-Force: 228569."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,18 +80,62 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_server:6.4.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "24A76D30-88CD-418A-BEA2-BAD93A892FF0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_suite:8.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F41F379B-77B9-4D07-AF10-14C4A000ECA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_directory:10.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "213D3285-0B6B-49AD-81C2-7265F3349B09"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228569",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047116",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047428",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-331xx/CVE-2022-33165.json b/CVE-2022/CVE-2022-331xx/CVE-2022-33165.json
index 1eb4cbab64b..305253a3af0 100644
--- a/CVE-2022/CVE-2022-331xx/CVE-2022-33165.json
+++ b/CVE-2022/CVE-2022-331xx/CVE-2022-33165.json
@@ -2,16 +2,40 @@
"id": "CVE-2022-33165",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T15:15:09.797",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:34:14.447",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Directory Server 6.4.0 podr\u00eda permitir que un atacante remoto atraviese directorios del sistema. Un atacante podr\u00eda enviar una solicitud URL especialmente manipulada que contenga secuencias de \"puntos\" (/../) para ver archivos arbitrarios en el sistema. ID de IBM X-Force: 228582."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,18 +80,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_directory_integrator:7.2.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A1A95C-1687-4304-88C5-1BEB58BBC8DF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/228582",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047116",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047428",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33321.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33321.json
index 1cfd964ea2a..1a8d2992dad 100644
--- a/CVE-2022/CVE-2022-333xx/CVE-2022-33321.json
+++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33321.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-33321",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2022-11-08T20:15:10.080",
- "lastModified": "2023-01-09T19:48:51.017",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T06:15:07.963",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password). The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section."
+ "value": "Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier) allows a remote unauthenticated attacker to disclose information in the products or cause a denial of service (DoS) condition as a result by sniffing credential information (username and password).\nThe wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability.\nAs for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en la transmisi\u00f3n de texto plano de informaci\u00f3n confidencial debido al uso de autenticaci\u00f3n b\u00e1sica para conexiones HTTP en productos de electr\u00f3nica de consumo de Mitsubishi Electric (GU\u00cdA ECO DEL MONITOR DE COLOR FOTOVOLTAICO, adaptador HEMS, interfaz Wi-Fi, aire acondicionado, placa de inducci\u00f3n, unidad de medici\u00f3n de energ\u00eda HEMS de Mitsubishi Electric , refrigerador, control remoto con interfaz Wi-Fi, TERMO VENTILADOR DE BA\u00d1O, olla arrocera, adaptador de control HEMS de Mitsubishi Electric, ventilador de recuperaci\u00f3n de energ\u00eda, interruptor inteligente, ventilador, ventilador de campana extractora, unidad de medici\u00f3n de energ\u00eda y purificador de aire) permite un atacante remoto no autenticado revelar informaci\u00f3n en los productos o provocar una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS) como resultado del rastreo de informaci\u00f3n de credenciales (nombre de usuario y contrase\u00f1a). La amplia gama de modelos/versiones de productos de electr\u00f3nica de consumo de Mitsubishi Electric se ven afectados por esta vulnerabilidad. En cuanto a los modelos/versiones de productos afectados, consulte el aviso de Mitsubishi Electric que se enumera en la secci\u00f3n [References]."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33322.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33322.json
index b2554b3158b..c5a4582a7c6 100644
--- a/CVE-2022/CVE-2022-333xx/CVE-2022-33322.json
+++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33322.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-33322",
"sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
"published": "2022-11-08T20:15:11.017",
- "lastModified": "2023-01-31T19:03:56.877",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T06:15:09.297",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section."
+ "value": "Cross-site scripting vulnerability in Mitsubishi Electric consumer electronics products (Air Conditioning, Wi-Fi Interface, Refrigerator, HEMS adapter, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch and Air Purifier) allows a remote unauthenticated attacker to execute an malicious script on a user's browser to disclose information, etc. The wide range of models/versions of Mitsubishi Electric consumer electronics products are affected by this vulnerability. As for the affected product models/versions, see the Mitsubishi Electric's advisory which is listed in [References] section.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en productos de electr\u00f3nica de consumo de Mitsubishi Electric (aire acondicionado, interfaz Wi-Fi, refrigerador, adaptador HEMS, control remoto con interfaz Wi-Fi, TERMO VENTILADOR DE BA\u00d1O, olla arrocera, adaptador de control HEMS de Mitsubishi Electric, ventilador de recuperaci\u00f3n de energ\u00eda, Suiche Inteligente y Purificador de Aire) permite a un atacante remoto no autenticado ejecutar un script malicioso en el navegador de un usuario para revelar informaci\u00f3n, etc. La amplia gama de modelos/versiones de productos de electr\u00f3nica de consumo de Mitsubishi Electric se ven afectados por esta vulnerabilidad. En cuanto a los modelos/versiones de productos afectados, consulte el aviso de Mitsubishi Electric que se enumera en la secci\u00f3n [References]."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-338xx/CVE-2022-33859.json b/CVE-2022/CVE-2022-338xx/CVE-2022-33859.json
index 03400175bba..9819f6ca166 100644
--- a/CVE-2022/CVE-2022-338xx/CVE-2022-33859.json
+++ b/CVE-2022/CVE-2022-338xx/CVE-2022-33859.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-33859",
"sourceIdentifier": "CybersecurityCOE@eaton.com",
"published": "2022-10-28T02:15:17.343",
- "lastModified": "2022-11-01T18:23:17.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T07:15:08.907",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html ."
+ "value": "A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation\u2019s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. \n\nThis vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. \n\nCustomers are advised to update the software to the latest version (v7.6).\n\nForeseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please\u00a0refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html ."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en el software Eaton Foreseer EPMS. Foreseer EPMS conecta la amplia gama de dispositivos de una operaci\u00f3n para ayudar a reducir el consumo de energ\u00eda y evitar tiempos de inactividad no planificados causados ??por fallas de sistemas cr\u00edticos. Un actor de amenazas puede cargar archivos arbitrarios utilizando la funci\u00f3n de carga de archivos. Esta vulnerabilidad est\u00e1 presente en las versiones 4.x, 5.x, 6.x y 7.0 a 7.5. Eaton puso a disposici\u00f3n una nueva versi\u00f3n (v7.6) que contiene la soluci\u00f3n y se proporcion\u00f3 una mitigaci\u00f3n para las versiones afectadas que son compatibles actualmente. Se recomienda a los clientes que actualicen el software a la \u00faltima versi\u00f3n (v7.6). Eaton ya no admite las versiones 4.x, 5.x y 6.x de Foreseer EPMS. Consulte la notificaci\u00f3n de fin de soporte https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3342.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3342.json
new file mode 100644
index 00000000000..450b78749d8
--- /dev/null
+++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3342.json
@@ -0,0 +1,124 @@
+{
+ "id": "CVE-2022-3342",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.787",
+ "lastModified": "2023-10-27T18:53:17.093",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the \u2018zbscrmcsvimpf\u2019 parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Jetpack CRM para WordPress es vulnerable a la deserializaci\u00f3n PHAR a trav\u00e9s del par\u00e1metro 'zbscrmcsvimpf' en la funci\u00f3n 'zeroBSCRM_CSVImporterLitehtml_app' en versiones hasta la 5.3.1 incluida. Si bien la funci\u00f3n realiza una verificaci\u00f3n nonce, los pasos 2 y 3 de la verificaci\u00f3n no realizan ninguna acci\u00f3n ante una verificaci\u00f3n fallida. Luego, estos pasos realizan una verificaci\u00f3n de 'file_exists' en el valor de 'zbscrmcsvimpf'. Si se proporciona un archivo phar://, su contenido se deserializar\u00e1 y se inyectar\u00e1 un objeto en el flujo de ejecuci\u00f3n. Esto permite a un atacante no autenticado obtener una inyecci\u00f3n de objetos si puede cargar un archivo phar (por ejemplo, si el sitio admite la carga de im\u00e1genes) y luego enga\u00f1ar a un administrador para que realice una acci\u00f3n, como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automattic:jetpack_crm:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "5.3.1",
+ "matchCriteriaId": "23B2D955-C8DB-410C-854D-E1276B683ABA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php?rev=2790863",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/2805282/zero-bs-crm/trunk/includes/ZeroBSCRM.CSVImporter.php",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3388.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3388.json
index 9ffd5f18c79..a64f73299ab 100644
--- a/CVE-2022/CVE-2022-33xx/CVE-2022-3388.json
+++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3388.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-3388",
"sourceIdentifier": "cybersecurity@hitachienergy.com",
"published": "2022-11-21T19:15:13.353",
- "lastModified": "2022-12-08T15:26:01.427",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-19T05:15:58.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "An input validation vulnerability exists in the Monitor Pro interface of MicroSCADA Pro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role."
+ "value": "\n\n\nAn input validation vulnerability exists in the Monitor Pro interface of MicroSCADA\nPro and MicroSCADA X SYS600. An authenticated user can launch an administrator level remote code execution irrespective of the authenticated user's role.\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada en la interfaz Monitor Pro de MicroSCADA Pro y MicroSCADA X SYS600. Un usuario autenticado puede iniciar una ejecuci\u00f3n remota de c\u00f3digo a nivel de administrador independientemente de la funci\u00f3n del usuario autenticado."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-340xx/CVE-2022-34092.json b/CVE-2022/CVE-2022-340xx/CVE-2022-34092.json
index 524f71b39d5..5f56bea51c2 100644
--- a/CVE-2022/CVE-2022-340xx/CVE-2022-34092.json
+++ b/CVE-2022/CVE-2022-340xx/CVE-2022-34092.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34092",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-14T22:15:08.993",
- "lastModified": "2022-07-20T10:04:15.617",
+ "lastModified": "2023-10-18T15:51:58.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:i3geo_project:i3geo:7.0.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "D1CA9717-10E3-4BE2-9C09-564E53225B7D"
+ "criteria": "cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ADD2D314-E4BD-4399-BC3E-9BDC7A780477"
}
]
}
diff --git a/CVE-2022/CVE-2022-340xx/CVE-2022-34093.json b/CVE-2022/CVE-2022-340xx/CVE-2022-34093.json
index a27ba4ddf2a..c37c1a097dc 100644
--- a/CVE-2022/CVE-2022-340xx/CVE-2022-34093.json
+++ b/CVE-2022/CVE-2022-340xx/CVE-2022-34093.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34093",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-14T22:15:09.037",
- "lastModified": "2022-07-20T10:04:28.127",
+ "lastModified": "2023-10-18T15:52:09.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:i3geo_project:i3geo:7.0.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "D1CA9717-10E3-4BE2-9C09-564E53225B7D"
+ "criteria": "cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ADD2D314-E4BD-4399-BC3E-9BDC7A780477"
}
]
}
diff --git a/CVE-2022/CVE-2022-340xx/CVE-2022-34094.json b/CVE-2022/CVE-2022-340xx/CVE-2022-34094.json
index c42b24e1cfe..a319e9a28e7 100644
--- a/CVE-2022/CVE-2022-340xx/CVE-2022-34094.json
+++ b/CVE-2022/CVE-2022-340xx/CVE-2022-34094.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34094",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-14T22:15:09.083",
- "lastModified": "2022-07-20T10:04:03.587",
+ "lastModified": "2023-10-18T15:52:19.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:i3geo_project:i3geo:7.0.5:*:*:*:*:*:*:*",
- "matchCriteriaId": "D1CA9717-10E3-4BE2-9C09-564E53225B7D"
+ "criteria": "cpe:2.3:a:softwarepublico:i3geo:7.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ADD2D314-E4BD-4399-BC3E-9BDC7A780477"
}
]
}
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34132.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34132.json
index c2bcfc5b500..25da5b6c674 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34132.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34132.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34132",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-28T00:15:08.313",
- "lastModified": "2022-07-06T18:54:41.543",
+ "lastModified": "2023-10-25T15:00:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
+ "criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"
}
]
}
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34133.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34133.json
index 9e901d1e8fd..02d8c36feec 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34133.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34133.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34133",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-28T00:15:08.360",
- "lastModified": "2022-07-06T18:54:54.287",
+ "lastModified": "2023-10-25T15:00:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
+ "criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"
}
]
}
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34134.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34134.json
index 338f29b5b01..1713b5f6826 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34134.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34134.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34134",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-06-28T00:15:08.407",
- "lastModified": "2022-07-06T18:55:09.587",
+ "lastModified": "2023-10-25T15:00:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -84,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
+ "criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"
}
]
}
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34170.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34170.json
index 2967eb25200..f3a63177bd8 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34170.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34170.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34170",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.253",
- "lastModified": "2022-11-05T02:16:09.813",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.083",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34171.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34171.json
index da813709fa0..0e8d6cf3c0d 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34171.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34171.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34171",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.317",
- "lastModified": "2022-11-05T02:21:28.840",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.217",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34172.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34172.json
index 8b9295b9f5a..c570ffe1a63 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34172.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34172.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34172",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.383",
- "lastModified": "2022-11-05T02:21:39.413",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.293",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34173.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34173.json
index 922171bc4ab..be4fd885481 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34173.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34173.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34173",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.447",
- "lastModified": "2022-11-05T02:21:33.360",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34174.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34174.json
index e68c150e2b1..e69f7706056 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34174.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34174.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34174",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.507",
- "lastModified": "2022-06-29T15:29:33.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.660",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34175.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34175.json
index 729fd37e534..0103f82a682 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34175.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34175.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34175",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.563",
- "lastModified": "2022-10-20T16:28:16.470",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.823",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34176.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34176.json
index c2a454f1208..f582f9c08c6 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34176.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34176.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34176",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.620",
- "lastModified": "2022-06-29T16:52:44.270",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:05.927",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34177.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34177.json
index 23052171394..3aa2806ef97 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34177.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34177.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34177",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.680",
- "lastModified": "2022-06-29T18:35:17.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.077",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34178.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34178.json
index 6628e1ac770..20b0a092aa1 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34178.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34178.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34178",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.737",
- "lastModified": "2022-06-29T15:31:42.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.300",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34179.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34179.json
index 7865fe988dd..d205f1e7683 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34179.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34179.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34179",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.810",
- "lastModified": "2022-06-29T15:34:03.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.417",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34180.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34180.json
index 45df3babe28..8e00971b049 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34180.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34180.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34180",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.867",
- "lastModified": "2023-10-10T22:15:11.043",
+ "lastModified": "2023-10-25T18:17:06.497",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -64,19 +64,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34181.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34181.json
index c86522a74d6..53cec1d0940 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34181.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34181.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34181",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.923",
- "lastModified": "2022-06-29T15:37:26.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.667",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34182.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34182.json
index 8802284af29..dc6ad6ecaae 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34182.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34182.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34182",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:15.990",
- "lastModified": "2022-06-29T15:37:55.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34183.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34183.json
index b964d2fcc26..3159792b7f2 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34183.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34183.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34183",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.057",
- "lastModified": "2022-06-29T15:38:36.073",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.887",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34184.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34184.json
index 54452cfa48a..40a8fafabca 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34184.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34184.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34184",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.123",
- "lastModified": "2022-06-30T11:46:22.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:06.980",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34185.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34185.json
index 2ab82981eb4..a4f5c019d25 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34185.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34185.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34185",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.190",
- "lastModified": "2022-06-30T11:48:22.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34186.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34186.json
index 4cb64b4a937..864e3a353c4 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34186.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34186.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34186",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.257",
- "lastModified": "2022-06-30T11:53:37.150",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.203",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34187.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34187.json
index 59ca29aaa72..5b6687f7c8d 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34187.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34187.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34187",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.327",
- "lastModified": "2022-06-30T12:02:58.680",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.410",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34188.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34188.json
index fc3bff610c6..3bac95cfccb 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34188.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34188.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34188",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.387",
- "lastModified": "2022-06-30T12:18:00.860",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.527",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34189.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34189.json
index ac6cbc387a4..41cf8d92759 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34189.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34189.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34189",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.453",
- "lastModified": "2022-06-30T12:23:45.023",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34190.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34190.json
index 6840a835d9b..a0e959d1fa5 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34190.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34190.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34190",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.547",
- "lastModified": "2022-06-29T18:36:44.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.647",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34191.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34191.json
index 784f3eb44c0..e21e121c7dc 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34191.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34191.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34191",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.610",
- "lastModified": "2022-06-29T18:41:34.910",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.703",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34192.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34192.json
index 4e66c17afc3..3b2cac48210 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34192.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34192.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34192",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.670",
- "lastModified": "2022-06-29T18:49:13.123",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.767",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34193.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34193.json
index 5ed1ba01d8b..60dd3a3e0c1 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34193.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34193.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34193",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.730",
- "lastModified": "2022-06-29T18:56:55.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34194.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34194.json
index 36277f70707..93dbeb28745 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34194.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34194.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34194",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.797",
- "lastModified": "2022-06-29T19:02:41.823",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.887",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34195.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34195.json
index 99cfb9094b6..94952d7cbfa 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34195.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34195.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34195",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.857",
- "lastModified": "2022-06-29T19:06:05.827",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.940",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34196.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34196.json
index 4f2c33c853c..a6cd11f0165 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34196.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34196.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34196",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.920",
- "lastModified": "2022-06-29T19:18:03.893",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:07.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34197.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34197.json
index fb58822877a..4485aa70661 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34197.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34197.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34197",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:16.990",
- "lastModified": "2022-06-29T19:22:09.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.050",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34198.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34198.json
index 39488c87b28..a6e5a2aea08 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34198.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34198.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34198",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.107",
- "lastModified": "2022-06-29T19:24:10.473",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.107",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34199.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34199.json
index 5c59eae729c..7e57b1e0e0e 100644
--- a/CVE-2022/CVE-2022-341xx/CVE-2022-34199.json
+++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34199.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34199",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.220",
- "lastModified": "2023-06-29T15:43:15.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.163",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34200.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34200.json
index a5bd90201ff..86b34eb9f89 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34200.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34200.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34200",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.283",
- "lastModified": "2022-10-07T19:01:24.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.227",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34201.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34201.json
index 8f1735f131d..4ef9c524fb0 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34201.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34201.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34201",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.343",
- "lastModified": "2022-06-29T19:35:58.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.290",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34202.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34202.json
index 447b576af1d..1918404b90a 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34202.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34202.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34202",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.403",
- "lastModified": "2022-06-29T19:39:03.573",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.347",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34203.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34203.json
index 4d7770f7ffa..16ceb22f349 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34203.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34203.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34203",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.473",
- "lastModified": "2022-06-29T19:43:30.710",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.407",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34204.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34204.json
index 9625c323ded..0d48dfd2152 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34204.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34204.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34204",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.540",
- "lastModified": "2022-06-30T04:07:01.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.460",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json
index b632f3985ab..47512fdce18 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34205.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34205",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.607",
- "lastModified": "2022-06-29T22:23:51.680",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.520",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json
index dd279f83341..8d45309d121 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34206.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34206",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.677",
- "lastModified": "2022-06-30T04:09:39.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.577",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json
index 854e3fbbb64..4858b06cdf0 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34207.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34207",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.737",
- "lastModified": "2022-06-29T22:30:26.350",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json
index eafa4a97ff6..1ec0a259d77 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34208.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34208",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.797",
- "lastModified": "2022-06-30T04:10:18.830",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json
index 3574c215181..92ab275c3e2 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34209.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34209",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.857",
- "lastModified": "2022-06-29T22:28:20.000",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.747",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json
index f6d18d6c027..d569e6791e6 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34210.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34210",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.913",
- "lastModified": "2022-06-29T22:24:49.147",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.800",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json
index c535feb3e57..23f817f1916 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34211.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34211",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:17.970",
- "lastModified": "2022-06-29T22:26:32.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.857",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json
index a70fc58c7cc..0464b509c19 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34212.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34212",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:18.027",
- "lastModified": "2022-06-29T22:23:24.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json
index 13c68198e5e..2173b37f57c 100644
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34213.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34213",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-23T17:15:18.083",
- "lastModified": "2022-06-30T03:57:12.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:08.970",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-344xx/CVE-2022-34401.json b/CVE-2022/CVE-2022-344xx/CVE-2022-34401.json
index 17049a6c68b..5218269a02a 100644
--- a/CVE-2022/CVE-2022-344xx/CVE-2022-34401.json
+++ b/CVE-2022/CVE-2022-344xx/CVE-2022-34401.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-34401",
"sourceIdentifier": "security_alert@emc.com",
"published": "2023-01-18T06:15:11.493",
- "lastModified": "2023-01-25T19:29:37.517",
+ "lastModified": "2023-10-18T18:12:55.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:dell:alienware_m17_ryzen_r5_firmware:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:dell:alienware_m17_r5_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.4.3",
- "matchCriteriaId": "BE326A51-40F2-4F8E-ADAE-C7AF0957BB7A"
+ "matchCriteriaId": "1B22D1FA-F68E-41B7-BCF2-D6E7AAF8D9B8"
}
]
},
@@ -126,8 +126,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:dell:alienware_m17_ryzen_r5:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "6CC14402-0228-4FBD-95A3-E106F1A38CBB"
+ "criteria": "cpe:2.3:h:dell:alienware_m17_r5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5E8A465D-8F53-49CB-9498-D2894CEE8264"
}
]
}
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34676.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34676.json
index a2fc167c9ef..be71f4cb82e 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34676.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34676.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34676",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:09.903",
- "lastModified": "2023-10-03T15:15:37.477",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:12:25.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -206,7 +206,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json
index 70613c66585..a717242125e 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34677.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34677",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:09.983",
- "lastModified": "2023-10-03T15:15:37.563",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:13:58.477",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -323,12 +323,30 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415",
@@ -339,7 +357,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34678.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34678.json
index b470dde07af..272fb6cf750 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34678.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34678.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34678",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.073",
- "lastModified": "2023-10-03T15:15:37.663",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:15:22.587",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -276,7 +276,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34679.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34679.json
index f60b190af6c..77a1d0d4826 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34679.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34679.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34679",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.163",
- "lastModified": "2023-10-03T15:15:37.763",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:17:12.797",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -206,7 +206,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json
index 58ceb95d785..0539615050b 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34680.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34680",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.247",
- "lastModified": "2023-10-03T15:15:37.857",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:19:14.613",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -323,12 +323,30 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415",
@@ -339,7 +357,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34682.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34682.json
index 48c15e150e1..35898aefd98 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34682.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34682.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34682",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.417",
- "lastModified": "2023-10-03T15:15:37.950",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:20:33.350",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -206,7 +206,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-346xx/CVE-2022-34684.json b/CVE-2022/CVE-2022-346xx/CVE-2022-34684.json
index ab872134162..18193ddf722 100644
--- a/CVE-2022/CVE-2022-346xx/CVE-2022-34684.json
+++ b/CVE-2022/CVE-2022-346xx/CVE-2022-34684.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34684",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.583",
- "lastModified": "2023-10-03T15:15:38.040",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:20:43.180",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -262,7 +262,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34777.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34777.json
index c651bb68bb6..ab920acb107 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34777.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34777.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34777",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.543",
- "lastModified": "2022-07-08T18:00:47.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.027",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34778.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34778.json
index 8497467136b..167282d240e 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34778.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34778.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34778",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.747",
- "lastModified": "2022-07-11T13:22:56.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json
index 34911706dfe..65a4d42e239 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34779.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34779",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:09.920",
- "lastModified": "2022-07-08T17:04:47.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.163",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json
index c7643bee389..88319b69d98 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34780.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34780",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.087",
- "lastModified": "2022-07-08T17:07:45.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.223",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34781.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34781.json
index 21102d63639..b271fd1031a 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34781.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34781.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34781",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.237",
- "lastModified": "2022-07-08T17:08:20.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2773%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json
index 9a990eb997b..f34f2a6fae3 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34782.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34782",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.410",
- "lastModified": "2022-07-08T17:09:52.697",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.337",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34783.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34783.json
index b8786fcc2a2..b06d37e3643 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34783.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34783.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34783",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.577",
- "lastModified": "2022-07-08T17:10:44.263",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.400",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34784.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34784.json
index 345bd6f664a..8c3cfac1f8e 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34784.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34784.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34784",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.747",
- "lastModified": "2022-07-08T17:11:11.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.453",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json
index e631847595b..b5b016c7ff2 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34785.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34785",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:10.930",
- "lastModified": "2022-07-08T17:12:01.380",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.517",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34786.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34786.json
index 0d98da30f82..a52ecef3920 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34786.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34786.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34786",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.140",
- "lastModified": "2022-07-08T17:12:40.300",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.577",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34787.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34787.json
index 45b2adf6b80..61b27d99892 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34787.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34787.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34787",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.333",
- "lastModified": "2022-07-08T17:14:12.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34788.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34788.json
index dd3447ecc13..9c29b5a8ee9 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34788.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34788.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34788",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.507",
- "lastModified": "2022-07-08T17:14:34.570",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json
index 6f73b8d8d96..c3c845987b6 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34789.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34789",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.707",
- "lastModified": "2022-07-08T17:15:23.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.753",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34790.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34790.json
index 6c23e9db997..47439f73570 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34790.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34790.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34790",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:11.907",
- "lastModified": "2022-07-08T17:15:54.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.813",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34791.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34791.json
index 2411296f606..39042ca41d7 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34791.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34791.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34791",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.070",
- "lastModified": "2022-07-08T17:16:44.437",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.877",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json
index b5413be7891..37aca85cbc5 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34792.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34792",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.227",
- "lastModified": "2022-07-08T17:18:04.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:09.947",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json
index f36f20ece51..75bd7754906 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34793.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34793",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.383",
- "lastModified": "2022-07-08T03:47:48.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.007",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json
index cf536e17349..4824dbceb91 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34794.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34794",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.547",
- "lastModified": "2022-07-08T03:48:45.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.060",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34795.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34795.json
index ed40793b665..0c359cd562a 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34795.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34795.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34795",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.727",
- "lastModified": "2022-07-08T03:52:37.700",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34796.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34796.json
index 42b03720989..910b4a05a12 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34796.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34796.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34796",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.890",
- "lastModified": "2022-10-17T19:19:44.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.190",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -105,11 +95,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34797.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34797.json
index e206cd1beb9..acabe36f658 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34797.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34797.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34797",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.037",
- "lastModified": "2022-07-08T03:50:37.753",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.250",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34798.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34798.json
index 77a5ce7f93c..65bdbe6b590 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34798.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34798.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34798",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.220",
- "lastModified": "2022-10-21T17:32:17.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.303",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -95,11 +83,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-06-30/#SECURITY-2798%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-347xx/CVE-2022-34799.json b/CVE-2022/CVE-2022-347xx/CVE-2022-34799.json
index f09ff1d73c5..55962744538 100644
--- a/CVE-2022/CVE-2022-347xx/CVE-2022-34799.json
+++ b/CVE-2022/CVE-2022-347xx/CVE-2022-34799.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34799",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.367",
- "lastModified": "2022-07-08T03:47:12.520",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.363",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34800.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34800.json
index c454cf2700c..d64e153b8e3 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34800.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34800.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34800",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.527",
- "lastModified": "2022-07-08T03:46:43.400",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.420",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34801.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34801.json
index 34bf5348723..77d23a82ada 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34801.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34801.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34801",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.717",
- "lastModified": "2022-07-08T03:45:01.560",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.477",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-318"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34802.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34802.json
index e9f67efa370..de55e735b14 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34802.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34802.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34802",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:13.877",
- "lastModified": "2022-07-08T03:36:12.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.540",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34803.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34803.json
index 992db8bd2bb..104e1ef4e80 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34803.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34803.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34803",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.043",
- "lastModified": "2023-06-29T15:43:26.610",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.593",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34804.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34804.json
index ba18a4875f9..2d5a3374e7f 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34804.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34804.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34804",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.200",
- "lastModified": "2022-07-11T17:29:51.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.657",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-318"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34805.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34805.json
index dddbc0a9a26..8224cc28628 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34805.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34805.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34805",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.373",
- "lastModified": "2022-07-11T17:30:49.017",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.713",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34806.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34806.json
index fee883eb41b..73c0255eb2f 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34806.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34806.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34806",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.510",
- "lastModified": "2022-07-11T17:31:30.627",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34807.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34807.json
index 01fc73e0d03..7287d549dc5 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34807.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34807.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34807",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.653",
- "lastModified": "2023-06-29T15:43:30.727",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.830",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34808.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34808.json
index 01f93497756..29156134d37 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34808.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34808.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34808",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.797",
- "lastModified": "2022-07-08T18:30:50.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.883",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34809.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34809.json
index fba99677d6c..fd8a5bccddb 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34809.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34809.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34809",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:14.970",
- "lastModified": "2022-07-08T18:37:41.117",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34810.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34810.json
index 0711f181bc9..762aa29d546 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34810.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34810.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34810",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.117",
- "lastModified": "2022-07-08T18:38:06.423",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:10.993",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34811.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34811.json
index 50742a3c263..76519a94566 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34811.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34811.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34811",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.283",
- "lastModified": "2022-07-08T18:38:54.623",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.050",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34812.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34812.json
index b56317a8389..80df7c28de4 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34812.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34812.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34812",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.417",
- "lastModified": "2022-07-08T18:40:04.490",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.103",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -73,16 +73,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34813.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34813.json
index 9da02333ac2..0163db62a44 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34813.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34813.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34813",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.543",
- "lastModified": "2022-07-08T18:43:29.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.157",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34814.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34814.json
index 539aaaed246..17353acdd12 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34814.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34814.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34814",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.640",
- "lastModified": "2022-07-08T18:44:29.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.210",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34815.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34815.json
index b05a0eaf23f..c1ca2116862 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34815.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34815.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34815",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.693",
- "lastModified": "2022-07-08T18:44:50.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.267",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34816.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34816.json
index a11fff21084..9bdf9002236 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34816.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34816.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34816",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.740",
- "lastModified": "2022-07-08T18:45:20.620",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.320",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34817.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34817.json
index 9f512deca64..b8e8708811b 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34817.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34817.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34817",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.793",
- "lastModified": "2022-07-08T18:48:09.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.380",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34818.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34818.json
index f9b07fa5b34..6ac550f529f 100644
--- a/CVE-2022/CVE-2022-348xx/CVE-2022-34818.json
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34818.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-34818",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:15.843",
- "lastModified": "2022-07-08T18:49:18.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.433",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -63,18 +63,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34832.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34832.json
new file mode 100644
index 00000000000..5c21b2abdfb
--- /dev/null
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34832.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-34832",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-27T21:15:08.167",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://crashpark.weebly.com/blog/xxe-in-agilereporter-213-by-vermeg",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.vermeg.com/agile-reporter/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34833.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34833.json
new file mode 100644
index 00000000000..d95629ab2aa
--- /dev/null
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34833.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-34833",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-27T21:15:08.213",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://crashpark.weebly.com/blog/1-stored-xss-in-agilereporter-213-by-vermeg",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.vermeg.com/agile-reporter/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34834.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34834.json
new file mode 100644
index 00000000000..1e104ff6310
--- /dev/null
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34834.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-34834",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-27T21:15:08.260",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://crashpark.weebly.com/blog/2-stored-xss-in-agilereporter-213-by-vermeg",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.vermeg.com/agile-reporter/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34886.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34886.json
new file mode 100644
index 00000000000..f232cd5256a
--- /dev/null
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34886.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-34886",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T19:15:40.913",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/205041.html",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-348xx/CVE-2022-34887.json b/CVE-2022/CVE-2022-348xx/CVE-2022-34887.json
new file mode 100644
index 00000000000..2bc602b83fd
--- /dev/null
+++ b/CVE-2022/CVE-2022-348xx/CVE-2022-34887.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-34887",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T19:15:40.997",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/205041.html",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-34xx/CVE-2022-3429.json b/CVE-2022/CVE-2022-34xx/CVE-2022-3429.json
new file mode 100644
index 00000000000..631b28d837a
--- /dev/null
+++ b/CVE-2022/CVE-2022-34xx/CVE-2022-3429.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3429",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T19:15:41.080",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/205041.html",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-360xx/CVE-2022-36069.json b/CVE-2022/CVE-2022-360xx/CVE-2022-36069.json
index 5a708acb52f..46121effcf0 100644
--- a/CVE-2022/CVE-2022-360xx/CVE-2022-36069.json
+++ b/CVE-2022/CVE-2022-360xx/CVE-2022-36069.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36069",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-09-07T19:15:08.563",
- "lastModified": "2023-06-29T16:17:28.477",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.487",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -130,6 +130,10 @@
"Exploit",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/securing-developer-tools-package-managers/",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json b/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json
index 4dbd4df4a8c..a8d0fe9ffc4 100644
--- a/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json
+++ b/CVE-2022/CVE-2022-363xx/CVE-2022-36351.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36351",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:12.807",
- "lastModified": "2023-09-30T22:15:10.010",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:03:48.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -151,6 +151,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -164,19 +204,32 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-367xx/CVE-2022-36784.json b/CVE-2022/CVE-2022-367xx/CVE-2022-36784.json
index ff787c96227..183e0750468 100644
--- a/CVE-2022/CVE-2022-367xx/CVE-2022-36784.json
+++ b/CVE-2022/CVE-2022-367xx/CVE-2022-36784.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-36784",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:16.317",
- "lastModified": "2022-11-22T18:17:53.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.587",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution."
+ "value": "\nElsight \u2013 Elsight Halo \u00a0Remote Code Execution (RCE)\nElsight Halo web panel allows us to perform connection validation.\nthrough the POST request :\n/api/v1/nics/wifi/wlan0/ping\nwe can abuse DESTINATION parameter and leverage it to remote code execution.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Elsight - Elsight Halo Remote Code Execution (RCE) El panel web de Elsight Halo nos permite realizar la validaci\u00f3n de la conexi\u00f3n. a trav\u00e9s de la solicitud POST: /api/v1/nics/wifi/wlan0/ping podemos abusar del par\u00e1metro DESTINATION y aprovecharlo para la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
@@ -37,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
- "attackComplexity": "HIGH",
- "privilegesRequired": "LOW",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "NONE",
- "scope": "CHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 5.5,
- "baseSeverity": "MEDIUM"
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
},
- "exploitabilityScore": 1.3,
- "impactScore": 3.7
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
diff --git a/CVE-2022/CVE-2022-367xx/CVE-2022-36785.json b/CVE-2022/CVE-2022-367xx/CVE-2022-36785.json
index eea0de3e32b..2783ba9cdf8 100644
--- a/CVE-2022/CVE-2022-367xx/CVE-2022-36785.json
+++ b/CVE-2022/CVE-2022-367xx/CVE-2022-36785.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-36785",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:16.810",
- "lastModified": "2022-11-22T17:09:29.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.683",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "D-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure \u2013 file contains a URL with private IP at line 15 \"login.asp\" A. The window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ; \"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at *Authorization Bypass \u2013 URL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface."
+ "value": "\nD-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass.\n*Information Disclosure \u2013 \nfile contains a URL with private IP at line 15 \"login.asp\" A. The\nwindow.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ;\n\"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at \n\n*Authorization Bypass \u2013 \nURL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "D-Link G integrated Access Device4 Information Disclosure & Authorization Bypass. El archivo Information Disclosure contiene una URL con IP privada en la l\u00ednea 15 \"login.asp\" A. El window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\"; \"administrador\"? contiene el valor de nombre de usuario predeterminado \"login.asp\" B. Al acceder a la interfaz web, el formulario de inicio de sesi\u00f3n en *Authorization Bypass - URL por \"setupWizard.asp' mientras bloquea el acceso directo a la interfaz web no valida correctamente los valores de las variables de identidad del usuario ubicadas en el lado del cliente, est\u00e1 disponible para acceder sin un navegador de verificaci\u00f3n \"login_glag\" y \"login_status\" y para lea las credenciales del usuario administrador para la interfaz web."
}
],
"metrics": {
@@ -37,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
- "attackComplexity": "HIGH",
- "privilegesRequired": "LOW",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 4.6,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 1.2,
- "impactScore": 3.4
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
}
]
},
diff --git a/CVE-2022/CVE-2022-367xx/CVE-2022-36786.json b/CVE-2022/CVE-2022-367xx/CVE-2022-36786.json
index 0a80157bcd0..e2d3105b807 100644
--- a/CVE-2022/CVE-2022-367xx/CVE-2022-36786.json
+++ b/CVE-2022/CVE-2022-367xx/CVE-2022-36786.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-36786",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:17.010",
- "lastModified": "2022-11-22T17:09:35.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.770",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router."
+ "value": "DLINK - DSL-224 Post-auth RCE.\nDLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.\nIt is possible to inject a command through this interface that will run with ROOT permissions on the router.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "DLINK - DSL-224 Post-auth PCE. El router DLINK tiene una interfaz donde puede configurar servidores NTP (Protocolo de tiempo de red) a trav\u00e9s de la API jsonrpc. Es posible inyectar un comando a trav\u00e9s de esta interfaz que se ejecutar\u00e1 con permisos ROOT en el router."
}
],
"metrics": {
@@ -37,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
- "attackComplexity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 5.5,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
},
- "exploitabilityScore": 1.3,
- "impactScore": 3.7
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
}
]
},
diff --git a/CVE-2022/CVE-2022-367xx/CVE-2022-36787.json b/CVE-2022/CVE-2022-367xx/CVE-2022-36787.json
index cc13a658acf..09368a270fd 100644
--- a/CVE-2022/CVE-2022-367xx/CVE-2022-36787.json
+++ b/CVE-2022/CVE-2022-367xx/CVE-2022-36787.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-36787",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:17.140",
- "lastModified": "2022-11-22T00:43:35.240",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.870",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter \" DocNumber\" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE."
+ "value": "\nwebvendome - webvendome SQL Injection.\nSQL Injection in the Parameter \" DocNumber\"\nRequest :\nGet Request :\n/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Webvendome - Inyecci\u00f3n SQL de Webvendome. Inyecci\u00f3n SQL en el par\u00e1metro \"DocNumber\" Solicitud: Obtener solicitud: /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE."
}
],
"metrics": {
@@ -37,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
- "attackVector": "ADJACENT_NETWORK",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
+ "confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
- "availabilityImpact": "NONE",
- "baseScore": 6.3,
- "baseSeverity": "MEDIUM"
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
},
- "exploitabilityScore": 2.1,
- "impactScore": 4.2
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
@@ -66,7 +70,7 @@
]
},
{
- "source": "cna@cyber.gov.il",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,11 +99,8 @@
],
"references": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "source": "cna@cyber.gov.il"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36881.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36881.json
index d8cd4a9c5da..ae15e11d817 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36881.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36881.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36881",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.770",
- "lastModified": "2022-08-02T20:14:30.510",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:11.977",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-322"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36882.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36882.json
index 61d627eacb1..2623c1c6e5c 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36882.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36882.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36882",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.827",
- "lastModified": "2022-08-03T18:53:15.530",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.050",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36883.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36883.json
index 5738955c320..c1065561d52 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36883.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36883.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36883",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.880",
- "lastModified": "2022-08-03T19:52:29.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.103",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36884.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36884.json
index a7b2d19017c..3fd5557f666 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36884.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36884.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36884",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.933",
- "lastModified": "2023-07-21T19:17:50.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.157",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-306"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36885.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36885.json
index af19c49bf8b..cb93220cb84 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36885.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36885.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36885",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:08.980",
- "lastModified": "2022-08-03T17:27:15.757",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.217",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36886.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36886.json
index 5e0ea1af85b..18e3bcd0168 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36886.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36886.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36886",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.040",
- "lastModified": "2022-08-03T17:15:34.597",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.273",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36887.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36887.json
index 635cacc7b16..e92753a892d 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36887.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36887.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36887",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.090",
- "lastModified": "2022-08-03T17:42:56.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.327",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36888.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36888.json
index 2540ccf6c7f..10da4dcbf0b 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36888.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36888.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36888",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.143",
- "lastModified": "2022-08-03T17:07:48.307",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36889.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36889.json
index d6f56155665..b2d44c4ea86 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36889.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36889.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36889",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.197",
- "lastModified": "2022-08-03T18:05:55.617",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.447",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36890.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36890.json
index d27b6cafe43..798e2240f41 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36890.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36890.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36890",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.247",
- "lastModified": "2022-08-03T17:50:54.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.513",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36891.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36891.json
index fd07c9dd5f9..59e7002c0b3 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36891.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36891.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36891",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.300",
- "lastModified": "2022-08-03T17:54:32.180",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.570",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36892.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36892.json
index 4899ecff946..d00ad49c4af 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36892.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36892.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36892",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.353",
- "lastModified": "2022-08-03T18:02:17.790",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36893.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36893.json
index 925c731945c..2e632ba1be4 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36893.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36893.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36893",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.403",
- "lastModified": "2022-08-03T18:11:01.137",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.697",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36894.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36894.json
index b01d2062c3f..1926aaeb83b 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36894.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36894.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36894",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.453",
- "lastModified": "2022-08-03T18:16:17.893",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.757",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json
index ea00aa7722d..7e0aaa7a007 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36895.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36895",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.503",
- "lastModified": "2022-08-03T18:23:00.110",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.813",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json
index 069d59ae929..62e530766ef 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36896.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36896",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.557",
- "lastModified": "2022-08-03T18:26:13.080",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.870",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json
index 91ce1d7357c..5439b2f4c4d 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36897.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36897",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.613",
- "lastModified": "2022-08-03T18:30:16.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:12.943",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36898.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36898.json
index c8faba1c830..358a153a03a 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36898.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36898.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36898",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.667",
- "lastModified": "2022-08-03T19:09:58.670",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-368xx/CVE-2022-36899.json b/CVE-2022/CVE-2022-368xx/CVE-2022-36899.json
index fda49fd1c93..61818834b12 100644
--- a/CVE-2022/CVE-2022-368xx/CVE-2022-36899.json
+++ b/CVE-2022/CVE-2022-368xx/CVE-2022-36899.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36899",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.723",
- "lastModified": "2022-08-03T23:59:55.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36900.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36900.json
index 531370c4ce5..f8d77d9171d 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36900.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36900.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36900",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.777",
- "lastModified": "2022-08-03T23:50:44.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.123",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"operator": "AND",
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36901.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36901.json
index 7cb1a6495f8..0fc6cf71377 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36901.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36901.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36901",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.827",
- "lastModified": "2022-08-03T19:00:45.873",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.223",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-668"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36902.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36902.json
index fec7d7efac8..67cc43d9596 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36902.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36902.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36902",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.873",
- "lastModified": "2022-08-03T18:59:14.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.317",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36903.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36903.json
index 4fb43fd9ee3..08ccafce08d 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36903.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36903.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36903",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.923",
- "lastModified": "2022-08-03T18:50:36.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.377",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json
index d73e3262487..3330b86882e 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36904.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36904",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:09.973",
- "lastModified": "2022-08-03T18:33:43.520",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.437",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -88,11 +78,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2665%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36905.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36905.json
index 2d74fd6e87b..f9a465279c0 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36905.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36905.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36905",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.023",
- "lastModified": "2022-08-03T18:32:26.387",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.497",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36906.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36906.json
index 45600c32e82..dfc2744da7a 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36906.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36906.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36906",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.073",
- "lastModified": "2022-08-03T18:32:01.447",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.557",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36907.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36907.json
index 16685b80cd2..9a8c3ef53b8 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36907.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36907.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36907",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.123",
- "lastModified": "2022-08-03T18:24:57.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.617",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36908.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36908.json
index acd5a22fd0b..6bf614f0465 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36908.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36908.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36908",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.173",
- "lastModified": "2022-08-03T18:18:43.013",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.677",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36909.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36909.json
index 09bd823bab1..2aff1247162 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36909.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36909.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36909",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.227",
- "lastModified": "2022-08-03T18:01:35.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.733",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-1375%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36910.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36910.json
index 92b7c7a829a..4a76a092830 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36910.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36910.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36910",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.277",
- "lastModified": "2022-08-03T17:58:48.360",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.790",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36911.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36911.json
index f34dea92724..848a1ebdf08 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36911.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36911.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36911",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.337",
- "lastModified": "2022-08-02T20:52:57.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.843",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36912.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36912.json
index f547811a730..a3b05da22ab 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36912.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36912.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36912",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:10.667",
- "lastModified": "2022-08-03T17:56:04.720",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.897",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -88,11 +78,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36913.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36913.json
index f2a6156213e..48df4a5b64d 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36913.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36913.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36913",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.093",
- "lastModified": "2022-08-03T12:45:35.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:13.960",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2105%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36914.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36914.json
index 093a077dde8..b906c5fc947 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36914.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36914.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36914",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.530",
- "lastModified": "2022-08-04T10:01:03.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.017",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json
index c60059a975b..969f1a949f5 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36915.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36915",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:11.810",
- "lastModified": "2022-08-04T12:08:40.147",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.073",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json
index 0db76d7f8a2..aab200a8004 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36916.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36916",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.053",
- "lastModified": "2022-08-03T16:28:30.087",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.127",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json
index 97e87cbb105..e97902d26fd 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36917.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36917",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.297",
- "lastModified": "2022-08-03T16:33:43.353",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.187",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json
index 89cf1fa899d..dbf3de35c4e 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36918.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36918",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.547",
- "lastModified": "2022-08-03T18:36:02.290",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.247",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json
index a29a4e75288..73544d6fa8b 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36919.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36919",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:12.907",
- "lastModified": "2022-08-03T19:15:31.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.307",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json
index 5bf9f98e865..66f98d19712 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36920.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36920",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.320",
- "lastModified": "2022-08-03T19:23:13.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.373",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json
index 0cbab6a6b4e..09e10e29bab 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36921.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36921",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.640",
- "lastModified": "2022-08-03T19:40:17.507",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.427",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-07-27/#SECURITY-2790%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json b/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json
index 8abbc822b8e..e11f3458938 100644
--- a/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json
+++ b/CVE-2022/CVE-2022-369xx/CVE-2022-36922.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-36922",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-07-27T15:15:13.877",
- "lastModified": "2022-08-04T12:09:13.987",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.483",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3611.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3611.json
new file mode 100644
index 00000000000..67084c535cc
--- /dev/null
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3611.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3611",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T20:15:08.623",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.6,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://iknow.lenovo.com.cn/detail/205280.html",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3622.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3622.json
new file mode 100644
index 00000000000..165b00e8a90
--- /dev/null
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3622.json
@@ -0,0 +1,131 @@
+{
+ "id": "CVE-2022-3622",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.847",
+ "lastModified": "2023-10-27T18:48:23.297",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Blog2Social para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a la falta de comprobaciones de capacidad en versiones hasta la 6.9.11 incluida. Esto hace posible que los atacantes autenticados, con permisos de nivel de suscriptor y superiores, cambien algunas configuraciones de complementos que solo los administradores pueden modificar."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "6.9.11",
+ "matchCriteriaId": "7536D4D8-8089-406B-9367-A113ACB4796F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3629.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3629.json
index 1fcef0848a6..78d5917d237 100644
--- a/CVE-2022/CVE-2022-36xx/CVE-2022-3629.json
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3629.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-3629",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-10-21T06:15:09.710",
- "lastModified": "2023-02-28T19:26:14.977",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:09.070",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
@@ -87,7 +87,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -97,7 +97,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3681.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3681.json
new file mode 100644
index 00000000000..075958d8df6
--- /dev/null
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3681.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3681",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T20:15:08.707",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.\n "
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3698.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3698.json
new file mode 100644
index 00000000000..d7ac93f3e0b
--- /dev/null
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3698.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2022-3698",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-25T18:17:15.730",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to \n\n1.3.1.2\n\n and\u00a0\n\nLenovo Diagnostics versions prior to 4.45\n\n that could allow a local user with administrative access to trigger a system crash.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se inform\u00f3 una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en las versiones Lenovo HardwareScanPlugin anteriores a 1.3.1.2 y Lenovo Diagnostics anteriores a 4.45 que podr\u00eda permitir que un usuario local con acceso administrativo desencadene un bloqueo del sistema."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-102365",
+ "source": "psirt@lenovo.com"
+ },
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-36xx/CVE-2022-3699.json b/CVE-2022/CVE-2022-36xx/CVE-2022-3699.json
new file mode 100644
index 00000000000..57f4b086730
--- /dev/null
+++ b/CVE-2022/CVE-2022-36xx/CVE-2022-3699.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2022-3699",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-25T18:17:15.807",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version\u00a01.3.1.2 and\u00a0Lenovo Diagnostics prior to version 4.45\n\n\n\n that could allow a local user to execute code with elevated privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Se inform\u00f3 una vulnerabilidad de escalada de privilegios en Lenovo HardwareScanPlugin antes de la versi\u00f3n 1.3.1.2 y Lenovo Diagnostics antes de la versi\u00f3n 4.45 que podr\u00eda permitir a un usuario local ejecutar c\u00f3digo con privilegios elevados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-102365",
+ "source": "psirt@lenovo.com"
+ },
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-377xx/CVE-2022-37796.json b/CVE-2022/CVE-2022-377xx/CVE-2022-37796.json
index 6581d5d2a15..b230b37c695 100644
--- a/CVE-2022/CVE-2022-377xx/CVE-2022-37796.json
+++ b/CVE-2022/CVE-2022-377xx/CVE-2022-37796.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-37796",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-09-12T00:15:10.027",
- "lastModified": "2022-09-15T03:47:55.627",
+ "lastModified": "2023-10-18T15:57:45.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:simple_online_book_store_system_project:simple_online_book_store_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "9314352F-92B4-478A-B8F1-3C84091931C9"
+ "criteria": "cpe:2.3:a:oretnom23:simple_online_book_store_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B40E9E0E-EAC6-4992-9E9D-2B519E73E134"
}
]
}
diff --git a/CVE-2022/CVE-2022-378xx/CVE-2022-37830.json b/CVE-2022/CVE-2022-378xx/CVE-2022-37830.json
new file mode 100644
index 00000000000..215e71cfe60
--- /dev/null
+++ b/CVE-2022/CVE-2022-378xx/CVE-2022-37830.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2022-37830",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T13:15:09.140",
+ "lastModified": "2023-10-25T16:13:24.713",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS)."
+ },
+ {
+ "lang": "es",
+ "value": "Interway a.s WebJET CMS 8.6.896 es vulnerable a Cross Site Scripting (XSS)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.6,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:webjet:webjet_cms:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.6.896",
+ "matchCriteriaId": "0370E88A-BEE3-43AE-8535-7792D02EA10C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://webjet.com",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://citadelo.com/download/CVE-2022-37830.pdf",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3700.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3700.json
new file mode 100644
index 00000000000..02b930d33c5
--- /dev/null
+++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3700.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3700",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T20:15:08.777",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-367"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3701.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3701.json
new file mode 100644
index 00000000000..26e02832bce
--- /dev/null
+++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3701.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3701",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T20:15:08.857",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-367"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3702.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3702.json
new file mode 100644
index 00000000000..c246764a696
--- /dev/null
+++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3702.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2022-3702",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-27T20:15:08.927",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-367"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-94532",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3725.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3725.json
index 807a2c9f2d4..424e53d41ff 100644
--- a/CVE-2022/CVE-2022-37xx/CVE-2022-3725.json
+++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3725.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-3725",
"sourceIdentifier": "cve@gitlab.com",
"published": "2022-10-27T17:15:10.337",
- "lastModified": "2023-09-17T07:15:08.153",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:51:27.423",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "La falla en el disector del protocolo OPUS en Wireshark versi\u00f3n 3.6.0 a la versi\u00f3n 3.6.8 permite la Denegaci\u00f3n de Servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {
@@ -127,7 +131,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2022-07.html",
diff --git a/CVE-2022/CVE-2022-37xx/CVE-2022-3761.json b/CVE-2022/CVE-2022-37xx/CVE-2022-3761.json
index 2f256879f3d..4a1042533c8 100644
--- a/CVE-2022/CVE-2022-37xx/CVE-2022-3761.json
+++ b/CVE-2022/CVE-2022-37xx/CVE-2022-3761.json
@@ -2,16 +2,53 @@
"id": "CVE-2022-3761",
"sourceIdentifier": "security@openvpn.net",
"published": "2023-10-17T13:15:11.573",
- "lastModified": "2023-10-17T13:15:11.573",
- "vulnStatus": "Received",
+ "lastModified": "2023-10-24T17:34:27.393",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones de OpenVPN Connect anteriores a 3.4.0.4506 (macOS) y OpenVPN Connect anteriores a 3.4.0.3100 (Windows) permiten a atacantes intermediarios interceptar solicitudes de descarga de perfiles de configuraci\u00f3n que contienen las credenciales de los usuarios."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ },
{
"source": "security@openvpn.net",
"type": "Secondary",
@@ -23,14 +60,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:openvpn:connect:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "3.4.0.3121",
+ "matchCriteriaId": "54A4FF64-4693-4196-87F8-F25728A1D9E4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:openvpn:connect:*:*:*:*:*:macos:*:*",
+ "versionEndExcluding": "3.4.0.4506",
+ "matchCriteriaId": "70DC57A0-4862-443C-AC95-5EEED057B719"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-macos-change-log/",
- "source": "security@openvpn.net"
+ "source": "security@openvpn.net",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://openvpn.net/vpn-server-resources/openvpn-connect-for-windows-change-log/",
- "source": "security@openvpn.net"
+ "source": "security@openvpn.net",
+ "tags": [
+ "Release Notes"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json b/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json
index 10c8a3f3d78..32edcaf6616 100644
--- a/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json
+++ b/CVE-2022/CVE-2022-380xx/CVE-2022-38076.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-38076",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:13.843",
- "lastModified": "2023-09-30T22:15:10.090",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:03:18.443",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -151,6 +151,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -164,19 +204,33 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-384xx/CVE-2022-38484.json b/CVE-2022/CVE-2022-384xx/CVE-2022-38484.json
new file mode 100644
index 00000000000..c5b3d2cd4e6
--- /dev/null
+++ b/CVE-2022/CVE-2022-384xx/CVE-2022-38484.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-38484",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:14.550",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de carga de archivos arbitrarios y directory traversal en la funcionalidad de carga de archivos del men\u00fa Configuraci\u00f3n del sistema en AgeVolt Portal antes de la versi\u00f3n 0.1. Un atacante autenticado remotamente podr\u00eda aprovechar esta vulnerabilidad para cargar archivos en cualquier ubicaci\u00f3n del sistema operativo de destino con privilegios de servidor web."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://citadelo.com/download/CVE-2022-38484.pdf",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-384xx/CVE-2022-38485.json b/CVE-2022/CVE-2022-384xx/CVE-2022-38485.json
new file mode 100644
index 00000000000..99379a4bd35
--- /dev/null
+++ b/CVE-2022/CVE-2022-384xx/CVE-2022-38485.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2022-38485",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:14.600",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de directory traversal en el AgeVolt Portal anterior a la versi\u00f3n 0.1 que conduce a la divulgaci\u00f3n de informaci\u00f3n. Un atacante autenticado remoto podr\u00eda aprovechar esta vulnerabilidad para leer archivos desde cualquier ubicaci\u00f3n en el sistema operativo de destino con privilegios de servidor web."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://citadelo.com/download/CVE-2022-38485.pdf",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json
index 327b2397148..c47a4a8d6ae 100644
--- a/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json
+++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38663.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-38663",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.257",
- "lastModified": "2022-08-25T13:29:11.940",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.640",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-522"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json
index 40011c80514..b0f227c3935 100644
--- a/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json
+++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38664.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-38664",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.310",
- "lastModified": "2022-08-25T12:59:25.367",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.717",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json
index 29d5dcdb5b3..97dfd56680f 100644
--- a/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json
+++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38665.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-38665",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-08-23T17:15:15.363",
- "lastModified": "2023-07-21T19:21:35.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.773",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json b/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json
index b754089e4eb..f2b2aca68bf 100644
--- a/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json
+++ b/CVE-2022/CVE-2022-386xx/CVE-2022-38666.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-38666",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.193",
- "lastModified": "2022-11-18T21:28:44.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.833",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -66,11 +54,12 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
+ {
+ "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-38xx/CVE-2022-3844.json b/CVE-2022/CVE-2022-38xx/CVE-2022-3844.json
index d4fac9e7406..704418de6a6 100644
--- a/CVE-2022/CVE-2022-38xx/CVE-2022-3844.json
+++ b/CVE-2022/CVE-2022-38xx/CVE-2022-3844.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-3844",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-02T20:15:11.023",
- "lastModified": "2023-03-01T18:16:13.963",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:09.187",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The name of the patch is d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad fue encontrada en Webmin 2.001 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo xterm/index.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.003 puede solucionar este problema. El nombre del parche es d3d33af3c0c3fd3a889c84e287a038b7a457d811. Se recomienda actualizar el componente afectado. VDB-212862 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
@@ -83,22 +87,22 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-80"
+ "value": "CWE-79"
}
]
},
{
- "source": "nvd@nist.gov",
+ "source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-79"
+ "value": "CWE-80"
}
]
}
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39016.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39016.json
index f6dac538f0b..98aab931012 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39016.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39016.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39016",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:11.917",
- "lastModified": "2022-11-01T19:57:00.233",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.897",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload."
+ "value": "\nJavascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload."
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de Javascript en PDFtron en M-Files Hubshare anterior a 3.3.10.9 permite a atacantes autenticados realizar una apropiaci\u00f3n de cuenta mediante una carga de PDF manipulada.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39017.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39017.json
index 6abde634992..b31d9290ddc 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39017.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39017.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39017",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.017",
- "lastModified": "2022-11-01T19:47:15.327",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:14.980",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments."
+ "value": "\n\n\nImproper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La validaci\u00f3n de entrada y codificaci\u00f3n de salida inadecuadas en todos los campos de comentarios, en M-Files Hubshare anterior a 3.3.10.9, permite a atacantes autenticados introducir ataques de Cross-Site Scripting (XSS) a trav\u00e9s de comentarios especialmente manipulados.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39018.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39018.json
index d7d1093e4aa..c8e05ed8c2f 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39018.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39018.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39018",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.090",
- "lastModified": "2022-11-01T19:46:57.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.047",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL."
+ "value": "\nBroken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Los controles de acceso rotos a los datos de PDFtron en M-Files Hubshare anteriores a 3.3.11.3 permiten a atacantes no autenticados acceder a archivos PDF restringidos a trav\u00e9s de una URL conocida.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39019.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39019.json
index 38c086c3637..45e764a836e 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39019.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39019.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39019",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.173",
- "lastModified": "2023-06-27T18:44:33.693",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.110",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server."
+ "value": "\nBroken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Los controles de acceso rotos en PDFtron WebviewerUI en M-Files Hubshare anterior a 3.3.11.3 permiten a atacantes no autenticados cargar archivos maliciosos al servidor de aplicaciones.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-390xx/CVE-2022-39020.json b/CVE-2022/CVE-2022-390xx/CVE-2022-39020.json
index 989807cd1cb..5cc40c712a4 100644
--- a/CVE-2022/CVE-2022-390xx/CVE-2022-39020.json
+++ b/CVE-2022/CVE-2022-390xx/CVE-2022-39020.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39020",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.250",
- "lastModified": "2022-11-01T19:31:17.100",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.187",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting."
+ "value": "\nMultiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se encontraron varias instancias de Cross Site-Scripting XSS (stored y reflejadas) en la aplicaci\u00f3n. Por ejemplo, se descubri\u00f3 que funciones como el env\u00edo de evaluaciones de los estudiantes, la carga de archivos, las noticias, el portafolio electr\u00f3nico y la creaci\u00f3n de eventos de calendario eran vulnerables a Cross-Site Scripting.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-391xx/CVE-2022-39178.json b/CVE-2022/CVE-2022-391xx/CVE-2022-39178.json
index 59595c7be96..f49a0719beb 100644
--- a/CVE-2022/CVE-2022-391xx/CVE-2022-39178.json
+++ b/CVE-2022/CVE-2022-391xx/CVE-2022-39178.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39178",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:18.110",
- "lastModified": "2022-11-22T00:41:21.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.283",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure."
+ "value": "\nWebvendome - webvendome Internal Server IP Disclosure.\nSend GET Request to the request which is shown in the picture.\nInternal Server IP and Full path disclosure. \n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Webvendome: divulgaci\u00f3n de IP del servidor interno de Webvendome. Env\u00ede GET Request a la solicitud que se muestra en la imagen. IP del servidor interno y divulgaci\u00f3n de ruta completa."
}
],
"metrics": {
@@ -37,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
- "attackVector": "ADJACENT_NETWORK",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
- "userInteraction": "REQUIRED",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
+ "integrityImpact": "NONE",
"availabilityImpact": "NONE",
- "baseScore": 4.1,
+ "baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 1.5,
- "impactScore": 2.5
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
}
]
},
@@ -85,11 +89,8 @@
],
"references": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il",
- "tags": [
- "Technical Description"
- ]
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "source": "cna@cyber.gov.il"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-391xx/CVE-2022-39179.json b/CVE-2022/CVE-2022-391xx/CVE-2022-39179.json
index 5258a031a70..30404c2b29e 100644
--- a/CVE-2022/CVE-2022-391xx/CVE-2022-39179.json
+++ b/CVE-2022/CVE-2022-391xx/CVE-2022-39179.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39179",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:18.490",
- "lastModified": "2022-11-18T18:27:57.533",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.373",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file."
+ "value": "\nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "College Management System v1.0: ejecuci\u00f3n remota de c\u00f3digo autenticado. Un usuario administrador (la autenticaci\u00f3n se puede omitir mediante la inyecci\u00f3n SQL que mencion\u00e9 en mi otro informe) puede cargar un archivo .php que contenga c\u00f3digo malicioso a trav\u00e9s del archivo Student.php."
}
],
"metrics": {
@@ -37,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
- "userInteraction": "REQUIRED",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 1.5,
- "impactScore": 3.4
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
}
]
},
@@ -85,11 +89,8 @@
],
"references": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "source": "cna@cyber.gov.il"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-391xx/CVE-2022-39180.json b/CVE-2022/CVE-2022-391xx/CVE-2022-39180.json
index 88e822ec20c..6241bce8f70 100644
--- a/CVE-2022/CVE-2022-391xx/CVE-2022-39180.json
+++ b/CVE-2022/CVE-2022-391xx/CVE-2022-39180.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39180",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:18.857",
- "lastModified": "2022-11-18T18:28:22.090",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.467",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page."
+ "value": "\nCollege Management System v1.0 - SQL Injection (SQLi).\nBy inserting SQL commands to the username and password fields in the login.php page\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "College Management System v1.0 - Inyecci\u00f3n SQL (SQLi). Insertando comandos SQL en los campos de nombre de usuario y contrase\u00f1a en la p\u00e1gina login.php."
}
],
"metrics": {
@@ -37,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
- "userInteraction": "REQUIRED",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
},
- "exploitabilityScore": 1.5,
- "impactScore": 3.4
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
}
]
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
@@ -66,7 +70,7 @@
]
},
{
- "source": "cna@cyber.gov.il",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,11 +99,8 @@
],
"references": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "source": "cna@cyber.gov.il"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-391xx/CVE-2022-39181.json b/CVE-2022/CVE-2022-391xx/CVE-2022-39181.json
index 297900c441a..a7f0a4f4956 100644
--- a/CVE-2022/CVE-2022-391xx/CVE-2022-39181.json
+++ b/CVE-2022/CVE-2022-391xx/CVE-2022-39181.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-39181",
"sourceIdentifier": "cna@cyber.gov.il",
"published": "2022-11-17T23:15:19.187",
- "lastModified": "2022-11-23T16:12:51.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:15.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser."
+ "value": "\nGLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).\nType 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in\nthe HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a\nvulnerable web application, which is then reflected back to the victim and executed by the web browser. The most\ncommon mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby\nan attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content\nback to the victim, the content is executed by the victim's browser. \n\n"
+ },
+ {
+ "lang": "es",
+ "value": "GLPI: complemento de informes para GLPI Cross-Site-Scripting (XSS) Reflejado. Tipo 1: XSS reflejado (o no persistente): el servidor lee los datos directamente de la solicitud HTTP y los refleja en la respuesta HTTP. Los exploits XSS reflejados ocurren cuando un atacante hace que una v\u00edctima proporcione contenido peligroso a una aplicaci\u00f3n web vulnerable, que luego se refleja en la v\u00edctima y el navegador web lo ejecuta. El mecanismo m\u00e1s com\u00fan para entregar contenido malicioso es incluirlo como par\u00e1metro en una URL que se publica p\u00fablicamente o se env\u00eda por correo electr\u00f3nico directamente a la v\u00edctima. Las URL construidas de esta manera constituyen el n\u00facleo de muchos esquemas de phishing, mediante los cuales un atacante convence a una v\u00edctima para que visite una URL que hace referencia a un sitio vulnerable. Despu\u00e9s de que el sitio refleja el contenido del atacante a la v\u00edctima, el navegador de la v\u00edctima ejecuta el contenido."
}
],
"metrics": {
@@ -37,26 +41,26 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
- "attackVector": "ADJACENT_NETWORK",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "LOW",
+ "privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
- "scope": "UNCHANGED",
+ "scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 4.9,
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 1.5,
- "impactScore": 3.4
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
}
]
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cna@cyber.gov.il",
"type": "Primary",
"description": [
{
@@ -66,7 +70,7 @@
]
},
{
- "source": "cna@cyber.gov.il",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,11 +99,8 @@
],
"references": [
{
- "url": "https://www.gov.il/en/departments/faq/cve_advisories",
- "source": "cna@cyber.gov.il",
- "tags": [
- "Third Party Advisory"
- ]
+ "url": "https://www.gov.il/en/Departments/faq/cve_advisories",
+ "source": "cna@cyber.gov.il"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-391xx/CVE-2022-39189.json b/CVE-2022/CVE-2022-391xx/CVE-2022-39189.json
index 49f6a19223c..48f2b04df58 100644
--- a/CVE-2022/CVE-2022-391xx/CVE-2022-39189.json
+++ b/CVE-2022/CVE-2022-391xx/CVE-2022-39189.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-39189",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-09-02T05:15:07.693",
- "lastModified": "2023-09-12T19:41:21.317",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T00:15:11.020",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -160,6 +160,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230214-0007/",
"source": "cve@mitre.org",
diff --git a/CVE-2022/CVE-2022-39xx/CVE-2022-3979.json b/CVE-2022/CVE-2022-39xx/CVE-2022-3979.json
index fca32c05cef..8e97496b41d 100644
--- a/CVE-2022/CVE-2022-39xx/CVE-2022-3979.json
+++ b/CVE-2022/CVE-2022-39xx/CVE-2022-3979.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-3979",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-13T23:15:09.810",
- "lastModified": "2022-11-18T21:19:09.317",
+ "lastModified": "2023-10-27T12:57:43.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. Upgrading to version 1.9.34 is able to address this issue. The name of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability."
+ "value": "A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad fue encontrada en NagVis hasta 1.9.33 y clasificada como problem\u00e1tica. Este problema afecta la funci\u00f3n checkAuthCookie del archivo compartido/server/core/classes/CoreLogonMultisite.php. La manipulaci\u00f3n del argumento hash conduce a una conversi\u00f3n de tipo incorrecta. El ataque puede iniciarse de forma remota. La actualizaci\u00f3n a la versi\u00f3n 1.9.34 puede solucionar este problema. El nombre del parche es 7574fd8a2903282c2e0d1feef5c4876763db21d5. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-213557."
}
],
"metrics": {
@@ -17,27 +21,29 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
- "attackComplexity": "LOW",
+ "attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 9.8,
- "baseSeverity": "CRITICAL"
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 3.9,
+ "exploitabilityScore": 2.2,
"impactScore": 5.9
- },
+ }
+ ],
+ "cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
- "version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@@ -52,11 +58,36 @@
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
+ "accessVector": "NETWORK",
+ "accessComplexity": "HIGH",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL",
+ "baseScore": 5.1
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 4.9,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
]
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +95,16 @@
"value": "CWE-704"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-704"
+ }
+ ]
}
],
"configurations": [
@@ -101,12 +142,27 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://vuldb.com/?ctiid.213557",
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://vuldb.com/?id.213557",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/checkmk-rce-chain-2/",
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40287.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40287.json
index cfa051a0e8f..e882ca204a4 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40287.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40287.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40287",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.730",
- "lastModified": "2022-11-03T02:13:51.290",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.037",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account."
+ "value": "\nThe application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality,\u00a0leading to privilege escalation or a compromise of a targeted account.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que la aplicaci\u00f3n era vulnerable a una vulnerabilidad de Stored Cross-Site Scripting (XSS) autenticadas en la funcionalidad de mensajer\u00eda, lo que provocaba una escalada de privilegios o el compromiso de una cuenta espec\u00edfica.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40288.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40288.json
index 29a279b4a41..28e6580884a 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40288.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40288.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40288",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.790",
- "lastModified": "2022-11-03T02:18:55.250",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.100",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile."
+ "value": "\nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a Stored Cross-Site Scripting (XSS) autenticado en los campos de datos del perfil de usuario, que podr\u00eda aprovecharse para escalar privilegios y comprometer cualquier cuenta que vea su perfil de usuario.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40289.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40289.json
index d1a7aef7e01..d4b0faa5690 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40289.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40289.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40289",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.850",
- "lastModified": "2022-11-03T15:14:36.490",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.163",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files."
+ "value": "\nThe application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a un Stored Cross-Site Scripting (XSS) autenticado en la funcionalidad de carga y descarga, que podr\u00eda aprovecharse para escalar privilegios o comprometer cualquier cuenta a la que puedan obligar a observar los archivos de destino.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40290.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40290.json
index 9013adb791d..82c49c65373 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40290.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40290.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40290",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.910",
- "lastModified": "2022-11-03T02:33:32.550",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.220",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users."
+ "value": "\nThe application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a una vulnerabilidad de Cross-Site Scripting (XSS) Reflejado no autenticadas en la funcionalidad de generaci\u00f3n de c\u00f3digos de barras, lo que permit\u00eda a los atacantes generar un enlace inseguro que podr\u00eda comprometer a los usuarios.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40291.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40291.json
index 3204c483a7c..97a6ee0a62f 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40291.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40291.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40291",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:12.967",
- "lastModified": "2022-11-03T02:28:09.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.277",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts."
+ "value": "\nThe application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a ataques de Cross-Site Request Forgery (CSRF), lo que permit\u00eda a un atacante obligar a los usuarios a enviar solicitudes maliciosas al sitio para eliminar su cuenta o, en circunstancias excepcionales, secuestrar su cuenta y crear otras cuentas de administrador.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40292.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40292.json
index ce678646fbb..98a1a9bc7e7 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40292.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40292.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40292",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:13.030",
- "lastModified": "2022-11-03T02:35:32.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.330",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system."
+ "value": "\nThe application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n permit\u00eda la Enumeraci\u00f3n de Usuarios No Autenticados interactuando con un endpoint no seguro para recuperar informaci\u00f3n sobre cada cuenta dentro del sistema."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40293.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40293.json
index eb3e403c0eb..be082f6df3a 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40293.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40293.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40293",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:13.100",
- "lastModified": "2022-11-04T02:15:30.763",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to a session fixation that could be used hijack accounts."
+ "value": "\nThe application was vulnerable to a session fixation that could be used hijack accounts.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a una fijaci\u00f3n de sesi\u00f3n que podr\u00eda usarse para secuestrar cuentas.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40294.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40294.json
index 4b52b31f7c7..074c77cb4a0 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40294.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40294.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40294",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:13.167",
- "lastModified": "2022-11-03T02:50:13.277",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.443",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers."
+ "value": "\nThe application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se identific\u00f3 que la aplicaci\u00f3n ten\u00eda una inyecci\u00f3n CSV en la funcionalidad de exportaci\u00f3n de datos, lo que permit\u00eda incrustar c\u00f3digo malicioso en los datos exportados y luego activarlos en los visores de datos exportados."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40295.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40295.json
index f64279efe5b..e032f7ed148 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40295.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40295.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40295",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:13.227",
- "lastModified": "2022-11-03T02:38:05.933",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.503",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks."
+ "value": "\nThe application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a una divulgaci\u00f3n de informaci\u00f3n autenticada, lo que permit\u00eda a los administradores ver contrase\u00f1as de usuario sin vector de inicializaci\u00f3n, lo que podr\u00eda comprometer las contrase\u00f1as en texto plano a trav\u00e9s de ataques fuera de l\u00ednea.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-402xx/CVE-2022-40296.json b/CVE-2022/CVE-2022-402xx/CVE-2022-40296.json
index ca8bfa5b348..538490b5d32 100644
--- a/CVE-2022/CVE-2022-402xx/CVE-2022-40296.json
+++ b/CVE-2022/CVE-2022-402xx/CVE-2022-40296.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40296",
"sourceIdentifier": "vdp@themissinglink.com.au",
"published": "2022-10-31T21:15:13.293",
- "lastModified": "2022-11-03T02:46:38.293",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.567",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems."
+ "value": "\nThe application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La aplicaci\u00f3n era vulnerable a ataques de Server-Side Request Forgery (SSRF), lo que permit\u00eda que el servidor de backend interactuara con endpoints inesperados, incluidos potencialmente servicios internos y locales, lo que provocaba ataques en otros sistemas posteriores.\n"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-407xx/CVE-2022-40752.json b/CVE-2022/CVE-2022-407xx/CVE-2022-40752.json
index 3d0d941f01c..681fa74df29 100644
--- a/CVE-2022/CVE-2022-407xx/CVE-2022-40752.json
+++ b/CVE-2022/CVE-2022-407xx/CVE-2022-40752.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-40752",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2022-11-16T23:15:10.223",
- "lastModified": "2022-11-20T13:23:30.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T18:15:09.630",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID: 236687."
+ "value": "\nIBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. IBM X-Force ID:\u00a0 236687."
+ },
+ {
+ "lang": "es",
+ "value": "IBM InfoSphere DataStage 11.7 es vulnerable a una vulnerabilidad de inyecci\u00f3n de comandos debido a una neutralizaci\u00f3n inadecuada de elementos especiales. ID de IBM X-Force: 236687."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json b/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json
index a31b64d9038..63d68dfcf9c 100644
--- a/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json
+++ b/CVE-2022/CVE-2022-409xx/CVE-2022-40964.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-40964",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:14.603",
- "lastModified": "2023-09-30T22:15:10.177",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T18:00:10.380",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -161,6 +161,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -174,19 +214,32 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-40xx/CVE-2022-4065.json b/CVE-2022/CVE-2022-40xx/CVE-2022-4065.json
index 2307debf15f..4e8ef564f79 100644
--- a/CVE-2022/CVE-2022-40xx/CVE-2022-4065.json
+++ b/CVE-2022/CVE-2022-40xx/CVE-2022-4065.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-4065",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-11-19T19:15:10.433",
- "lastModified": "2023-04-29T07:15:07.957",
+ "lastModified": "2023-10-20T15:15:09.280",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The name of the patch is 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027."
+ "value": "A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to version 7.5.1 and 7.7.1 is able to address this issue. The patch is named 9150736cd2c123a6a3b60e6193630859f9f0422b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-214027."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una vulnerabilidad en cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. Ha sido declarado cr\u00edtico. La funci\u00f3n testngXmlExistsInJar del archivo testng-core/src/main/java/org/testng/JarFileUtils.java del componente XML File Parser es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce al Path Traversal. El ataque se puede lanzar de forma remota. La actualizaci\u00f3n a las versiones 7.5.1 y 7.7.1 puede solucionar este problema. El nombre del parche es 9150736cd2c123a6a3b60e6193630859f9f0422b. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-214027."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41015.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41015.json
index 0b3601a6113..3b969bf3ae2 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41015.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41015.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-41015",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-26T22:15:20.793",
- "lastModified": "2023-02-03T17:19:26.433",
+ "lastModified": "2023-10-18T17:45:20.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:siretta:quartz-gold_router_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B5DBA27-12B6-428F-8FD6-029FD9BEBCCF"
+ "criteria": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCF01A7B-4B0B-4548-B9EA-EF781F7C1593"
}
]
},
@@ -99,8 +99,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:siretta:quartz-gold_router:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "20F58BD8-49AF-4CA6-AEAB-713D82E06E85"
+ "criteria": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64BC55F4-B069-4F99-B41D-BF1476A83ED4"
}
]
}
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41016.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41016.json
index b3be74d6aea..ee2827660b4 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41016.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41016.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-41016",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-26T22:15:20.997",
- "lastModified": "2023-02-03T17:19:36.410",
+ "lastModified": "2023-10-18T17:44:19.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:siretta:quartz-gold_router_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B5DBA27-12B6-428F-8FD6-029FD9BEBCCF"
+ "criteria": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCF01A7B-4B0B-4548-B9EA-EF781F7C1593"
}
]
},
@@ -99,8 +99,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:siretta:quartz-gold_router:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "20F58BD8-49AF-4CA6-AEAB-713D82E06E85"
+ "criteria": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64BC55F4-B069-4F99-B41D-BF1476A83ED4"
}
]
}
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41017.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41017.json
index ac89f6eb1a9..efa4be803b5 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41017.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41017.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-41017",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-26T22:15:21.243",
- "lastModified": "2023-02-03T17:19:45.663",
+ "lastModified": "2023-10-18T17:43:54.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:siretta:quartz-gold_router_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B5DBA27-12B6-428F-8FD6-029FD9BEBCCF"
+ "criteria": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCF01A7B-4B0B-4548-B9EA-EF781F7C1593"
}
]
},
@@ -99,8 +99,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:siretta:quartz-gold_router:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "20F58BD8-49AF-4CA6-AEAB-713D82E06E85"
+ "criteria": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64BC55F4-B069-4F99-B41D-BF1476A83ED4"
}
]
}
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41018.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41018.json
index 2a7c8fe5f99..1e48f08d4e6 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41018.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41018.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-41018",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-26T22:15:21.480",
- "lastModified": "2023-02-03T17:20:35.167",
+ "lastModified": "2023-10-18T17:43:40.620",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:siretta:quartz-gold_router_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B5DBA27-12B6-428F-8FD6-029FD9BEBCCF"
+ "criteria": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCF01A7B-4B0B-4548-B9EA-EF781F7C1593"
}
]
},
@@ -99,8 +99,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:siretta:quartz-gold_router:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "20F58BD8-49AF-4CA6-AEAB-713D82E06E85"
+ "criteria": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64BC55F4-B069-4F99-B41D-BF1476A83ED4"
}
]
}
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41019.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41019.json
index 82c3f66e56b..892aa9abf23 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41019.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41019.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-41019",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-01-26T22:15:21.707",
- "lastModified": "2023-02-06T17:29:40.217",
+ "lastModified": "2023-10-18T17:43:03.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -88,8 +88,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:siretta:quartz-gold_router_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
- "matchCriteriaId": "9B5DBA27-12B6-428F-8FD6-029FD9BEBCCF"
+ "criteria": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCF01A7B-4B0B-4548-B9EA-EF781F7C1593"
}
]
},
@@ -99,8 +99,8 @@
"cpeMatch": [
{
"vulnerable": false,
- "criteria": "cpe:2.3:h:siretta:quartz-gold_router:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "20F58BD8-49AF-4CA6-AEAB-713D82E06E85"
+ "criteria": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "64BC55F4-B069-4F99-B41D-BF1476A83ED4"
}
]
}
diff --git a/CVE-2022/CVE-2022-410xx/CVE-2022-41064.json b/CVE-2022/CVE-2022-410xx/CVE-2022-41064.json
index cf3eed184ce..370ed9070ba 100644
--- a/CVE-2022/CVE-2022-410xx/CVE-2022-41064.json
+++ b/CVE-2022/CVE-2022-410xx/CVE-2022-41064.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-41064",
"sourceIdentifier": "secure@microsoft.com",
"published": "2022-11-09T22:15:20.917",
- "lastModified": "2023-07-11T17:15:11.940",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:01:23.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": ".NET Framework Information Disclosure Vulnerability"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de .NET Framework"
}
],
"metrics": {
@@ -594,11 +598,6 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:microsoft:.net_framework:6.7.2:*:*:*:*:*:*:*",
- "matchCriteriaId": "5D781D99-5255-4D1A-81B7-49705EA27297"
}
]
},
@@ -690,7 +689,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41224.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41224.json
index c8aa13618ae..7d786707513 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41224.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41224.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41224",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:09.710",
- "lastModified": "2022-09-22T15:17:10.737",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.623",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41225.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41225.json
index df7f12ed17d..52eb5c24c8f 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41225.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41225.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41225",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:09.917",
- "lastModified": "2022-09-22T15:16:42.557",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.700",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41226.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41226.json
index a2528394a15..8b15ab44c15 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41226.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41226.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41226",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:09.977",
- "lastModified": "2022-09-22T15:14:12.330",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.753",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41227.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41227.json
index d54e3c7f0d9..c5658641d39 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41227.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41227.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41227",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.037",
- "lastModified": "2022-09-22T15:10:52.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.813",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-352"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41228.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41228.json
index 5df26d809c9..5e0fbe56314 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41228.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41228.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41228",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.097",
- "lastModified": "2022-09-22T15:10:00.310",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.867",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41229.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41229.json
index 6bef63fcc65..758ab16cf82 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41229.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41229.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41229",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.157",
- "lastModified": "2022-09-22T15:09:23.483",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:16.917",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41230.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41230.json
index 9d0343964d7..d83370370d0 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41230.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41230.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41230",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.217",
- "lastModified": "2023-10-10T22:15:11.177",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T18:17:16.970",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -39,19 +39,9 @@
]
},
"weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- },
{
"source": "nvd@nist.gov",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41231.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41231.json
index 265994d713e..d6960611d7d 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41231.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41231.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41231",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.273",
- "lastModified": "2022-09-22T15:07:26.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.027",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41232.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41232.json
index 364a53b5729..5abe4425ef9 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41232.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41232.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41232",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.330",
- "lastModified": "2022-09-22T15:06:54.917",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.083",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41233.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41233.json
index d99ef1059bc..89c72a90b84 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41233.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41233.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41233",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.387",
- "lastModified": "2022-09-22T15:48:10.057",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.133",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41234.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41234.json
index ae923b052f2..7f8761a7c59 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41234.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41234.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41234",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.443",
- "lastModified": "2022-09-22T16:09:56.880",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.190",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41235.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41235.json
index fb3023ba34d..94a36d8df67 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41235.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41235.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41235",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.500",
- "lastModified": "2022-11-29T13:42:46.253",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.243",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41236.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41236.json
index 719108e01d2..59661b426c0 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41236.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41236.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41236",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.560",
- "lastModified": "2022-09-22T16:08:19.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.303",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41237.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41237.json
index b21bedafa4f..187672c0bb3 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41237.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41237.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41237",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.617",
- "lastModified": "2022-09-22T16:07:31.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.363",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-502"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41238.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41238.json
index ed2cbff0b11..8ae7a5c53f0 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41238.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41238.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41238",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.677",
- "lastModified": "2022-09-22T16:06:46.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.417",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41239.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41239.json
index c59278d8ece..b72d09d0e36 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41239.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41239.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41239",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.733",
- "lastModified": "2022-09-22T16:06:12.513",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.477",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41240.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41240.json
index 56cdac6a968..f9fc3e49a29 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41240.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41240.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41240",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.790",
- "lastModified": "2022-09-22T16:05:49.277",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.527",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41241.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41241.json
index d71cbe36ad0..cbfcf666568 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41241.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41241.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41241",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.847",
- "lastModified": "2022-09-22T16:05:23.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.590",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41242.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41242.json
index 9164fd0de3d..1d66eb1ee98 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41242.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41242.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41242",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.907",
- "lastModified": "2022-09-22T15:54:59.590",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.647",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41243.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41243.json
index bbf0e21adb0..3eccd6cfb01 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41243.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41243.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41243",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:10.967",
- "lastModified": "2022-09-22T15:53:19.883",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.697",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-297"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41244.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41244.json
index e8cf6554eca..718bb4c7800 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41244.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41244.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41244",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.033",
- "lastModified": "2022-09-22T15:52:30.243",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.753",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-297"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41245.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41245.json
index c3403f77805..0923e3ef2d9 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41245.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41245.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41245",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.090",
- "lastModified": "2022-09-22T15:51:15.087",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.807",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41246.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41246.json
index 8855da66037..452459ab805 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41246.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41246.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41246",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.153",
- "lastModified": "2022-09-22T15:49:17.330",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.863",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41247.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41247.json
index 884d5ff285e..8d5528e8767 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41247.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41247.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41247",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.213",
- "lastModified": "2022-09-22T16:15:43.103",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.917",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41248.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41248.json
index b2225c332dd..4c76cc8be9d 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41248.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41248.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41248",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.277",
- "lastModified": "2022-09-22T18:36:36.107",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:17.977",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-549"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41249.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41249.json
index 3694d990a2c..2d85b1924b8 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41249.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41249.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41249",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.333",
- "lastModified": "2022-09-22T18:37:49.953",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.037",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41250.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41250.json
index 4cca3105809..a5ce3982209 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41250.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41250.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41250",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.390",
- "lastModified": "2022-09-22T18:38:52.950",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.093",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41251.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41251.json
index 0aa0a74f647..919a0e6891c 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41251.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41251.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41251",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.450",
- "lastModified": "2022-09-22T18:40:08.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.153",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41252.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41252.json
index 27b9266354a..61e75f0934e 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41252.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41252.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41252",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.507",
- "lastModified": "2022-09-22T18:41:18.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.213",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41253.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41253.json
index 93c3f10e294..2576e0faeb5 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41253.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41253.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41253",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.563",
- "lastModified": "2022-09-22T18:43:28.500",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.280",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41254.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41254.json
index 15931866626..e0c55de34f9 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41254.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41254.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41254",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.623",
- "lastModified": "2022-09-22T18:44:58.547",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.337",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-412xx/CVE-2022-41255.json b/CVE-2022/CVE-2022-412xx/CVE-2022-41255.json
index 54b3e6f8e60..2f748209dd9 100644
--- a/CVE-2022/CVE-2022-412xx/CVE-2022-41255.json
+++ b/CVE-2022/CVE-2022-412xx/CVE-2022-41255.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-41255",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-09-21T16:15:11.683",
- "lastModified": "2023-06-27T14:39:25.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.393",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-417xx/CVE-2022-41775.json b/CVE-2022/CVE-2022-417xx/CVE-2022-41775.json
index cfad334628e..159cefaab50 100644
--- a/CVE-2022/CVE-2022-417xx/CVE-2022-41775.json
+++ b/CVE-2022/CVE-2022-417xx/CVE-2022-41775.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-41775",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-17T23:15:22.497",
- "lastModified": "2022-11-18T18:50:46.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T00:15:08.653",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ "value": "SQL Injection in \n\n\n\n\n\n\n\nHandler_CFG.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n SQL en Handler_CFG.ashx en versiones de Delta Electronics DIAEnergie anteriores a la v1.9.02.001 permite a un atacante inyectar consultas SQL a trav\u00e9s de la red"
}
],
"metrics": {
@@ -57,7 +61,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-421xx/CVE-2022-42150.json b/CVE-2022/CVE-2022-421xx/CVE-2022-42150.json
new file mode 100644
index 00000000000..123ab99f746
--- /dev/null
+++ b/CVE-2022/CVE-2022-421xx/CVE-2022-42150.json
@@ -0,0 +1,120 @@
+{
+ "id": "CVE-2022-42150",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T20:15:08.710",
+ "lastModified": "2023-10-26T14:36:29.843",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape."
+ },
+ {
+ "lang": "es",
+ "value": "TinyLab linux-lab v1.1-rc1 y cloud-labv0.8-rc2, v1.1-rc1 son vulnerables a permisos inseguros. La configuraci\u00f3n predeterminada podr\u00eda provocar el escape del contenedor."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 10.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tinylab:cloud_lab:0.8:rc2:*:*:*:*:*:*",
+ "matchCriteriaId": "97511A97-0470-42FA-8D7A-132508A64C39"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tinylab:cloud_lab:1.1:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "4F4C8B86-BDC7-4766-ADEC-E7A365E832AC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tinylab:linux_lab:1.1:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "170D3DC8-E719-4B58-92B0-82B5D0A219A2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/eBPF-Research/eBPF-Attack/blob/main/PoC.md#attack-requirements",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://github.com/tinyclub/cloud-lab/blob/d19ff92713685a7fb84b423dea6a184b25c378c9/configs/common/seccomp-profiles-default.json",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://github.com/tinyclub/linux-lab/issues/14",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Issue Tracking"
+ ]
+ },
+ {
+ "url": "https://hackmd.io/@UR9gnr32QymtmtZHnZceOw/ry428EZGo",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.usenix.org/conference/usenixsecurity23/presentation/he",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-421xx/CVE-2022-42187.json b/CVE-2022/CVE-2022-421xx/CVE-2022-42187.json
index 7f91dd1fa64..a40f0540f0a 100644
--- a/CVE-2022/CVE-2022-421xx/CVE-2022-42187.json
+++ b/CVE-2022/CVE-2022-421xx/CVE-2022-42187.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-42187",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-11-17T04:15:10.950",
- "lastModified": "2022-11-17T23:24:14.183",
+ "lastModified": "2023-10-18T16:05:51.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php."
+ },
+ {
+ "lang": "es",
+ "value": "Hustoj 22.09.22 tiene una vulnerabilidad XSS en /admin/problem_judge.php."
}
],
"metrics": {
@@ -41,7 +45,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-77"
+ "value": "CWE-79"
}
]
}
@@ -55,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:hustoj_project:hustoj:22.09.22:*:*:*:*:*:*:*",
- "matchCriteriaId": "5A5323AB-0CEA-4392-96EF-CE1681ECB9AA"
+ "criteria": "cpe:2.3:a:hustoj:hustoj:22.09.22:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F9D317C-8136-4514-8E07-250E38E47B48"
}
]
}
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42254.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42254.json
index 8f1f892c287..ef4817084d6 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42254.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42254.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42254",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.657",
- "lastModified": "2023-10-03T15:15:38.143",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:21:04.743",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -269,7 +269,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42255.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42255.json
index 6d38037a5d1..eb7bc0d7077 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42255.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42255.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42255",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.753",
- "lastModified": "2023-10-03T15:15:38.243",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:21:45.383",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -206,7 +206,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42256.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42256.json
index c0bee598402..7c8e2aefb3d 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42256.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42256.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42256",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.830",
- "lastModified": "2023-10-03T15:15:38.330",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:24:02.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -206,7 +206,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json
index 68124bd97d4..0e35c39977e 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42257.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42257",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.897",
- "lastModified": "2023-10-03T15:15:38.417",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:34:36.963",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -323,12 +323,30 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415",
@@ -339,7 +357,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json
index c96b1a0d41c..578dca8eaae 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42258.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42258",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:10.963",
- "lastModified": "2023-10-03T15:15:38.520",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:34:16.413",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -323,12 +323,30 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415",
@@ -339,7 +357,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json
index 7bbab51ed7a..dbe85a28ae8 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42259.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42259",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.030",
- "lastModified": "2023-10-03T15:15:38.620",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:33:55.463",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -323,12 +323,30 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00010.html",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5415",
@@ -339,7 +357,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42260.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42260.json
index 63cf5ebb168..647f05f6356 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42260.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42260.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42260",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.097",
- "lastModified": "2023-10-03T15:15:38.717",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:33:32.770",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -300,7 +300,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42261.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42261.json
index f2927b3e1db..985034436d9 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42261.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42261.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42261",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.167",
- "lastModified": "2023-10-03T15:15:38.813",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:33:15.580",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -272,7 +272,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42263.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42263.json
index f070a7c37f1..2bd5a119974 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42263.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42263.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42263",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.360",
- "lastModified": "2023-10-03T15:15:38.907",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:30:40.070",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -307,7 +307,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42264.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42264.json
index 1632e03d536..e3326ea4994 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42264.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42264.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42264",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.443",
- "lastModified": "2023-10-03T15:15:39.003",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:29:04.023",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -307,7 +307,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-422xx/CVE-2022-42265.json b/CVE-2022/CVE-2022-422xx/CVE-2022-42265.json
index e2e40c950aa..12cfb8de326 100644
--- a/CVE-2022/CVE-2022-422xx/CVE-2022-42265.json
+++ b/CVE-2022/CVE-2022-422xx/CVE-2022-42265.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42265",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2022-12-30T23:15:11.513",
- "lastModified": "2023-10-03T15:15:39.107",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:24:24.970",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -137,7 +137,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-423xx/CVE-2022-42344.json b/CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
index 1ad55772772..a3aabc2b760 100644
--- a/CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
+++ b/CVE-2022/CVE-2022-423xx/CVE-2022-42344.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-42344",
"sourceIdentifier": "psirt@adobe.com",
"published": "2022-10-20T17:15:10.723",
- "lastModified": "2023-07-06T14:37:45.133",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.470",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation."
+ "value": "Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Incorrect Authorization vulnerability. An authenticated attacker can exploit this vulnerability to achieve information exposure and privilege escalation."
},
{
"lang": "es",
@@ -40,22 +40,22 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-639"
+ "value": "CWE-863"
}
]
},
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-639"
}
]
}
diff --git a/CVE-2022/CVE-2022-424xx/CVE-2022-42451.json b/CVE-2022/CVE-2022-424xx/CVE-2022-42451.json
index adda1d45b56..026f1c17040 100644
--- a/CVE-2022/CVE-2022-424xx/CVE-2022-42451.json
+++ b/CVE-2022/CVE-2022-424xx/CVE-2022-42451.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-42451",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T06:15:09.387",
- "lastModified": "2023-10-11T12:54:12.883",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-23T15:02:36.410",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,43 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:bigfix_patch_management:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1055",
+ "matchCriteriaId": "B601BA92-3530-4204-A30D-A9FB1C0F3709"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108007",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4269.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4269.json
index da44e4f0eea..05029cd9d7c 100644
--- a/CVE-2022/CVE-2022-42xx/CVE-2022-4269.json
+++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4269.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-4269",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-12-05T16:15:10.283",
- "lastModified": "2023-09-29T22:15:10.673",
+ "lastModified": "2023-10-20T00:15:11.157",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -37,7 +37,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
@@ -64,6 +64,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/",
"source": "secalert@redhat.com"
diff --git a/CVE-2022/CVE-2022-42xx/CVE-2022-4290.json b/CVE-2022/CVE-2022-42xx/CVE-2022-4290.json
new file mode 100644
index 00000000000..cdef52768e7
--- /dev/null
+++ b/CVE-2022/CVE-2022-42xx/CVE-2022-4290.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2022-4290",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.917",
+ "lastModified": "2023-10-27T18:47:25.887",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Cyr to Lat para WordPress es vulnerable a la inyecci\u00f3n SQL autenticada a trav\u00e9s de la funci\u00f3n 'ctl_sanitize_title' en versiones hasta la 3.5 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Potencialmente, esto permite a los usuarios autenticados tener la capacidad de agregar o modificar t\u00e9rminos o etiquetas para agregar consultas SQL adicionales a consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos. Un parche parcial estuvo disponible en la versi\u00f3n 3.6 y el problema se solucion\u00f3 completamente en la versi\u00f3n 3.7."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cyr_to_lat_project:cyr_to_lat:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.7",
+ "matchCriteriaId": "6781C5A9-3F42-4AB7-ADF1-32763A6908E2"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/cyr3lat/trunk/cyr-to-lat.php?rev=1117224#L69",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43401.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43401.json
index 1b9b697699a..72327171b17 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43401.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43401.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43401",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.127",
- "lastModified": "2022-10-31T17:37:20.617",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.590",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,12 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Patch",
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43402.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43402.json
index cec570d9f9c..559bf8f839d 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43402.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43402.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43402",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.197",
- "lastModified": "2023-01-30T19:18:41.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.667",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43403.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43403.json
index 4f505572749..eca8ff813ce 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43403.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43403.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-43403",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.253",
- "lastModified": "2023-03-01T01:15:10.390",
+ "lastModified": "2023-10-25T18:17:18.727",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.secpod.com/blog/oracle-releases-critical-security-updates-january-2023-patch-now/",
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43404.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43404.json
index b5e2f0eccd1..900db4e4066 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43404.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43404.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43404",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.313",
- "lastModified": "2022-10-21T15:10:37.667",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.797",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43405.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43405.json
index 3092eca92a6..6faf326ff50 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43405.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43405.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43405",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.370",
- "lastModified": "2022-10-21T19:01:30.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.860",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
@@ -88,11 +78,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43406.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43406.json
index d7b94f0c3f7..0a12f3938b7 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43406.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43406.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43406",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.427",
- "lastModified": "2022-10-24T14:58:44.497",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.920",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2824%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43407.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43407.json
index eada9213a94..e671acb1465 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43407.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43407.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43407",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.483",
- "lastModified": "2022-10-21T17:40:00.763",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:18.987",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-838"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43408.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43408.json
index f7b6dd98160..3da89c9b996 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43408.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43408.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43408",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.543",
- "lastModified": "2022-10-21T18:52:20.570",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.043",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-838"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43409.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43409.json
index df307da371a..5b36dd75480 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43409.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43409.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43409",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.600",
- "lastModified": "2022-10-21T17:20:57.013",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.110",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43410.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43410.json
index ffd6e4c64ae..f20bb63b5b7 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43410.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43410.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43410",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.660",
- "lastModified": "2023-07-06T14:42:01.913",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.167",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-200"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43411.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43411.json
index e089d799039..34f78cb0d33 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43411.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43411.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43411",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.717",
- "lastModified": "2022-10-20T18:42:04.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.227",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43412.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43412.json
index cd58480c3ee..e96d57ed945 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43412.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43412.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43412",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.773",
- "lastModified": "2022-10-20T19:21:55.893",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.290",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-203"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-208"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43413.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43413.json
index 7f9a6f7ab00..7d2c96d2b21 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43413.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43413.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43413",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.830",
- "lastModified": "2022-10-21T03:42:04.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.343",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43414.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43414.json
index ff16e521430..a1697b838a1 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43414.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43414.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43414",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.887",
- "lastModified": "2022-10-21T03:14:55.993",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.397",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43415.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43415.json
index 62891856f09..b8d9d840a30 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43415.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43415.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43415",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:10.940",
- "lastModified": "2022-10-21T03:15:24.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.457",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-611"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43416.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43416.json
index ad86bae0081..49ca73db0aa 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43416.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43416.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43416",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.000",
- "lastModified": "2022-10-21T03:16:02.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.517",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43417.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43417.json
index 6bbdcc587f9..4f8d9c8b54d 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43417.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43417.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43417",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.057",
- "lastModified": "2022-10-21T03:17:10.943",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.583",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43418.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43418.json
index fee9e6388d3..70e72b44ce3 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43418.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43418.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43418",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.110",
- "lastModified": "2022-10-21T03:18:00.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.690",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -78,11 +66,8 @@
]
},
{
- "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2845%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43419.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43419.json
index 086fa0cb742..2ba1d32438e 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43419.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43419.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43419",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.167",
- "lastModified": "2022-10-21T03:40:42.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.750",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43420.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43420.json
index e6f15fd285a..6344fc28935 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43420.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43420.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43420",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.223",
- "lastModified": "2022-10-21T03:41:04.363",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.810",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43421.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43421.json
index 21e61cf6146..59d161e03a6 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43421.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43421.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43421",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.280",
- "lastModified": "2022-10-21T03:41:30.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.867",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43422.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43422.json
index cf8d6566631..079619bc600 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43422.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43422.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43422",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.333",
- "lastModified": "2022-10-21T03:41:44.060",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.923",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43423.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43423.json
index e8f6575cd3c..80b0b701238 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43423.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43423.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43423",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.387",
- "lastModified": "2022-10-20T18:28:11.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:19.980",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-noinfo"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43424.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43424.json
index 172442bf91b..508438bcb0f 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43424.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43424.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43424",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.440",
- "lastModified": "2022-10-22T02:07:38.443",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.057",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"operator": "AND",
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43425.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43425.json
index 4e1c84a94d8..ab10dd4252e 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43425.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43425.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43425",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.500",
- "lastModified": "2022-10-22T02:05:18.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.140",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43426.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43426.json
index 56b8c9a4043..384d3624dfc 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43426.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43426.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43426",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.553",
- "lastModified": "2022-10-22T02:32:45.807",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.197",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-549"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43427.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43427.json
index 48cd1c1f0b8..658c598d124 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43427.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43427.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43427",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.613",
- "lastModified": "2022-10-22T02:11:03.823",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.257",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43428.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43428.json
index c237f683f7e..b28489094f6 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43428.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43428.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43428",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.673",
- "lastModified": "2023-01-31T20:15:47.190",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.313",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"operator": "AND",
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43429.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43429.json
index 3c53db7ddd9..0e944203588 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43429.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43429.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43429",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.730",
- "lastModified": "2022-10-22T02:24:38.983",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.383",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"operator": "AND",
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43430.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43430.json
index 0259880f760..36c8e26e858 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43430.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43430.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43430",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.787",
- "lastModified": "2022-10-22T02:19:13.387",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.473",
+ "vulnStatus": "Undergoing Analysis",
"evaluatorComment": "\n\n",
"descriptions": [
{
@@ -39,18 +39,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43431.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43431.json
index 78cd31e4355..174dae1626b 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43431.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43431.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43431",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.847",
- "lastModified": "2022-10-22T02:25:42.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.547",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43432.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43432.json
index cec20aabcd9..67cd870f23d 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43432.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43432.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43432",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.897",
- "lastModified": "2022-10-23T02:06:36.153",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.617",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43433.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43433.json
index c3b2a9a282e..a347ce6d787 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43433.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43433.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43433",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:11.953",
- "lastModified": "2022-10-23T02:07:02.157",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.677",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43434.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43434.json
index 08e8ef8e72a..2c1c3c6411c 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43434.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43434.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43434",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:12.010",
- "lastModified": "2022-10-24T13:56:31.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.733",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -38,18 +38,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43435.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43435.json
index 6cd3efad49b..a863eb27bda 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43435.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43435.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43435",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-10-19T16:15:12.070",
- "lastModified": "2022-10-24T13:57:21.417",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.787",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -48,16 +48,6 @@
"value": "NVD-CWE-Other"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43447.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43447.json
index 0c4bf89b721..7a3fd90bfae 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43447.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43447.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-43447",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-17T23:15:24.017",
- "lastModified": "2022-11-18T18:50:31.493",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T00:15:08.747",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\nAM_EBillAnalysis.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n SQL en AM_EBillAnalysis.aspx en versiones de Delta Electronics DIAEnergie anteriores a v1.9.02.001 permite a un atacante inyectar consultas SQL a trav\u00e9s de la red"
}
],
"metrics": {
@@ -57,7 +61,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43452.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43452.json
index fdc32317666..00807a975b0 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43452.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43452.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-43452",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-17T23:15:24.117",
- "lastModified": "2022-11-18T18:33:47.847",
+ "lastModified": "2023-10-27T20:31:36.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\n\n\nFtyInfoSetting.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n SQL en FtyInfoSetting.aspx en las versiones de Delta Electronics DIAEnergie anteriores a v1.9.02.001 permite a un atacante inyectar consultas SQL a trav\u00e9s de la red"
}
],
"metrics": {
@@ -56,7 +60,7 @@
},
"weaknesses": [
{
- "source": "ics-cert@hq.dhs.gov",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +68,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2022/CVE-2022-434xx/CVE-2022-43457.json b/CVE-2022/CVE-2022-434xx/CVE-2022-43457.json
index 8487393e811..d62155dd3a1 100644
--- a/CVE-2022/CVE-2022-434xx/CVE-2022-43457.json
+++ b/CVE-2022/CVE-2022-434xx/CVE-2022-43457.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-43457",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-17T23:15:24.203",
- "lastModified": "2022-11-18T18:34:29.523",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T00:15:08.893",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\nHandlerPage_KID.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n SQL en HandlerPage_KID.ashx en versiones de Delta Electronics DIAEnergie anteriores a la v1.9.02.001 permite a un atacante inyectar consultas SQL a trav\u00e9s de la red"
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43506.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43506.json
index dc17c384c70..6e2fb31f698 100644
--- a/CVE-2022/CVE-2022-435xx/CVE-2022-43506.json
+++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43506.json
@@ -2,12 +2,16 @@
"id": "CVE-2022-43506",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2022-11-17T23:15:24.303",
- "lastModified": "2022-11-18T19:17:28.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T00:15:08.967",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
+ "value": "SQL Injection in \n\n\n\nHandlerTag_KID.ashx\n\n\n\nin Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n SQL en HandlerTag_KID.ashx en versiones de Delta Electronics DIAEnergie anteriores a v1.9.02.001 permite a un atacante inyectar consultas SQL a trav\u00e9s de la red"
}
],
"metrics": {
@@ -57,7 +61,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43551.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43551.json
index 057b37da8c5..9de8df2603b 100644
--- a/CVE-2022/CVE-2022-435xx/CVE-2022-43551.json
+++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43551.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43551",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-23T15:15:15.777",
- "lastModified": "2023-10-11T11:15:09.723",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:57:25.710",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -88,6 +88,41 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -109,11 +144,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43552.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43552.json
index 70c215f1c2a..21912d6c0e6 100644
--- a/CVE-2022/CVE-2022-435xx/CVE-2022-43552.json
+++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43552.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43552",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:10.950",
- "lastModified": "2023-10-11T11:15:10.070",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:57:21.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -72,12 +72,33 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "13.0",
+ "versionEndExcluding": "13.3",
+ "matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Mar/17",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://hackerone.com/reports/1764858",
@@ -90,7 +111,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230214-0002/",
@@ -101,7 +125,10 @@
},
{
"url": "https://support.apple.com/kb/HT213670",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-435xx/CVE-2022-43557.json b/CVE-2022/CVE-2022-435xx/CVE-2022-43557.json
index 153d71c5a47..9e94839c72e 100644
--- a/CVE-2022/CVE-2022-435xx/CVE-2022-43557.json
+++ b/CVE-2022/CVE-2022-435xx/CVE-2022-43557.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-43557",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2022-12-05T22:15:11.157",
- "lastModified": "2022-12-09T00:32:15.427",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T21:15:08.310",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump."
+ "value": "The BD BodyGuard\u2122 infusion pumps specified allow for access through the RS-232\u00a0(serial) port interface. If exploited, threat actors with physical access, specialized equipment and\u00a0knowledge may be able to configure or disable the pump. No electronic protected health information\u00a0(ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the\u00a0pump."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43722.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43722.json
index adb1a0b0392..3810d8da907 100644
--- a/CVE-2022/CVE-2022-437xx/CVE-2022-43722.json
+++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43722.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-43722",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:24.070",
- "lastModified": "2023-10-13T16:45:10.723",
+ "lastModified": "2023-10-17T19:05:34.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -61,7 +61,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0",
+ "matchCriteriaId": "8FD90B1C-FD0B-4EA2-9226-3849F7ECFC2F"
+ }
+ ]
}
]
}
diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43723.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43723.json
index e12cc32fd63..66a69f63861 100644
--- a/CVE-2022/CVE-2022-437xx/CVE-2022-43723.json
+++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43723.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-43723",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:24.250",
- "lastModified": "2023-10-13T16:45:10.723",
+ "lastModified": "2023-10-17T19:05:26.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -61,7 +61,16 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0",
+ "versionEndExcluding": "8.06",
+ "matchCriteriaId": "21250DFA-9054-4988-BB37-E77789AD4F20"
+ }
+ ]
}
]
}
diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43724.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43724.json
index 8bb120143d2..3473b9f3c12 100644
--- a/CVE-2022/CVE-2022-437xx/CVE-2022-43724.json
+++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43724.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-43724",
"sourceIdentifier": "productcert@siemens.com",
"published": "2022-12-13T16:15:24.327",
- "lastModified": "2023-10-13T16:45:10.723",
+ "lastModified": "2023-10-17T19:01:36.840",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -61,7 +61,15 @@
"nodes": [
{
"operator": "OR",
- "negate": false
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0",
+ "matchCriteriaId": "8FD90B1C-FD0B-4EA2-9226-3849F7ECFC2F"
+ }
+ ]
}
]
}
diff --git a/CVE-2022/CVE-2022-437xx/CVE-2022-43740.json b/CVE-2022/CVE-2022-437xx/CVE-2022-43740.json
index 452922b510e..22d5fd19bde 100644
--- a/CVE-2022/CVE-2022-437xx/CVE-2022-43740.json
+++ b/CVE-2022/CVE-2022-437xx/CVE-2022-43740.json
@@ -2,16 +2,40 @@
"id": "CVE-2022-43740",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T16:15:10.503",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:38:34.560",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921."
+ },
+ {
+ "lang": "es",
+ "value": "El proveedor OIDC de IBM Security Verify Access podr\u00eda permitir que un usuario remoto provoque una Denegaci\u00f3n de Servicio (DoS) debido al consumo incontrolado de recursos. ID de IBM X-Force: 238921."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_access_oidc_provider:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0F8CF0EE-40BC-421E-8458-57699FDE9C2E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238921",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7028513",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43868.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43868.json
index 3f01b6dee37..5c9194b696d 100644
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43868.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43868.json
@@ -2,16 +2,40 @@
"id": "CVE-2022-43868",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T16:15:10.580",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:42:37.737",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Access OIDC Provider podr\u00eda revelar informaci\u00f3n de directorio que podr\u00eda ayudar a los atacantes en futuros ataques contra el sistema. ID de IBM X-Force: 239445."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_access_oidc_provider:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0F8CF0EE-40BC-421E-8458-57699FDE9C2E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239445",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7028513",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43889.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43889.json
index a727da1b522..2d7d16c6ff6 100644
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43889.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43889.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43889",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.427",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:04:04.597",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,56 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240452",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43891.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43891.json
index e287950ba35..b605595e3e2 100644
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43891.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43891.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43891",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T03:15:09.520",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:02:44.460",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-209"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240454",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43892.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43892.json
index 2e39894b402..f8bf4988b90 100644
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43892.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43892.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43892",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T03:15:09.603",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:08:05.683",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240455",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43893.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43893.json
index e3f3d138b9e..8f28763e853 100644
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43893.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43893.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-43893",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T02:15:10.507",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T18:03:11.993",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,57 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_privilege_on-premises:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "11.5",
+ "matchCriteriaId": "CEE9CBED-455C-4B83-A735-76EE4C7E331A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240534",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047202",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json
index ba157a14eb7..44ba6253cb1 100644
--- a/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json
+++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44570.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-44570",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.090",
- "lastModified": "2023-06-23T18:30:05.373",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T19:15:08.540",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -104,6 +104,10 @@
"Patch",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json
index 62ae06e33e0..f11f091812d 100644
--- a/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json
+++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44571.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-44571",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.153",
- "lastModified": "2023-02-17T18:51:41.527",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T19:15:08.620",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -104,6 +104,10 @@
"Patch",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json b/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json
index d344c0cb964..e952c65ee50 100644
--- a/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json
+++ b/CVE-2022/CVE-2022-445xx/CVE-2022-44572.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-44572",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.220",
- "lastModified": "2023-02-17T18:55:23.453",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T19:15:08.690",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -96,6 +96,10 @@
"Permissions Required",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-446xx/CVE-2022-44617.json b/CVE-2022/CVE-2022-446xx/CVE-2022-44617.json
index 5d8b6cf2cdd..9f83c111250 100644
--- a/CVE-2022/CVE-2022-446xx/CVE-2022-44617.json
+++ b/CVE-2022/CVE-2022-446xx/CVE-2022-44617.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-44617",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-06T23:15:09.787",
- "lastModified": "2023-06-20T14:15:09.837",
+ "lastModified": "2023-10-17T15:55:36.773",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -69,9 +69,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:libxpm_project:libxpm:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.15",
- "matchCriteriaId": "934FFD94-DF18-451C-BB87-0360AACC094D"
+ "matchCriteriaId": "D98D97AA-EDDE-48F7-B4DE-E51BFB5A72D3"
}
]
}
diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44757.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44757.json
index cad29d143c8..2e6a5232479 100644
--- a/CVE-2022/CVE-2022-447xx/CVE-2022-44757.json
+++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44757.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-44757",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:09.237",
- "lastModified": "2023-10-11T12:54:12.883",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-23T14:50:59.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,43 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.0.3",
+ "matchCriteriaId": "2F53F59E-AF8B-4EEA-AB79-E6B1DD6EEFBF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-447xx/CVE-2022-44758.json b/CVE-2022/CVE-2022-447xx/CVE-2022-44758.json
index 09bba6264e1..dd8703bb1d0 100644
--- a/CVE-2022/CVE-2022-447xx/CVE-2022-44758.json
+++ b/CVE-2022/CVE-2022-447xx/CVE-2022-44758.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-44758",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:09.477",
- "lastModified": "2023-10-11T12:54:12.883",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-23T14:50:38.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,43 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:bigfix_insights_for_vulnerability_remediation:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.0.3",
+ "matchCriteriaId": "2F53F59E-AF8B-4EEA-AB79-E6B1DD6EEFBF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108005",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45379.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45379.json
index e08e162b48d..7e7f6a4ecf6 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45379.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45379.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45379",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.390",
- "lastModified": "2022-11-18T20:26:54.673",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.847",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-326"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-328"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2564",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45380.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45380.json
index e7de8a673a0..7c586bfbc74 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45380.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45380.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45380",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.480",
- "lastModified": "2022-11-18T20:21:06.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.903",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2888",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45381.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45381.json
index dce1f343fb8..5d1688e6f66 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45381.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45381.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45381",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.567",
- "lastModified": "2022-11-29T14:19:32.183",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:20.960",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-22"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2949",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45382.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45382.json
index 3a2e4bdabe4..500854fb9bd 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45382.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45382.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45382",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.647",
- "lastModified": "2022-11-18T19:53:43.850",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.023",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2946",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45383.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45383.json
index 4f51451f767..6ccbba24a04 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45383.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45383.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45383",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.730",
- "lastModified": "2022-11-21T14:42:21.510",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.077",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-863"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-863"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2804",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45384.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45384.json
index 8bd7d871cca..197c392fd48 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45384.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45384.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45384",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.817",
- "lastModified": "2022-11-18T17:04:54.273",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.143",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2094",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45385.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45385.json
index d5836ddb31f..525498f9406 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45385.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45385.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45385",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.897",
- "lastModified": "2022-11-18T15:48:26.607",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.197",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2843",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45386.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45386.json
index a943e612c08..de32f26c0bc 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45386.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45386.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45386",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:11.977",
- "lastModified": "2022-11-18T15:36:30.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.257",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-766",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45387.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45387.json
index 64d7d71cbbf..c1b7ccff837 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45387.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45387.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45387",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.063",
- "lastModified": "2022-11-17T23:22:53.070",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.317",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2802",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45388.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45388.json
index e364ed23cbe..1b55c754181 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45388.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45388.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45388",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.150",
- "lastModified": "2022-11-18T04:53:18.843",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.370",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-22"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2842",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45389.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45389.json
index b3b848b93d1..04dea1095af 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45389.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45389.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45389",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.267",
- "lastModified": "2022-11-18T04:52:49.173",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.430",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2853",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45390.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45390.json
index 5938c1417a8..21c0447e0d3 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45390.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45390.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45390",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.430",
- "lastModified": "2022-11-18T04:50:05.733",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.487",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2857",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45391.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45391.json
index 74add08d960..6fa4504e094 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45391.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45391.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45391",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.623",
- "lastModified": "2022-11-18T04:49:53.970",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.540",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-295"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -66,11 +54,12 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
+ {
+ "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45392.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45392.json
index 7d21c71d007..ddbd308badd 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45392.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45392.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45392",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:12.797",
- "lastModified": "2023-07-07T19:06:43.127",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.610",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-522"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-256"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2912",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45393.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45393.json
index 626a254e60b..26b02e4684a 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45393.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45393.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45393",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:13.000",
- "lastModified": "2022-11-18T04:53:02.310",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.673",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45394.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45394.json
index 25c401dd863..6ac8ccfd425 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45394.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45394.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45394",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:13.423",
- "lastModified": "2022-11-18T04:54:10.683",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.730",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
@@ -75,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2920",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45395.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45395.json
index 56c75d1f3ff..29dbf296beb 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45395.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45395.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45395",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:13.657",
- "lastModified": "2022-11-20T03:02:59.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.790",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2921",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45396.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45396.json
index 74856d0283d..83b38272ccf 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45396.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45396.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45396",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:13.947",
- "lastModified": "2022-11-20T03:08:19.407",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.847",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2927",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45397.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45397.json
index daff65f7ff4..5f3c12e2897 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45397.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45397.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45397",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:14.190",
- "lastModified": "2022-11-20T03:08:42.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.903",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2937",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45398.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45398.json
index cc40f61a9f2..b99bd2df973 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45398.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45398.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45398",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:14.423",
- "lastModified": "2022-11-18T04:55:44.387",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:21.967",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-453xx/CVE-2022-45399.json b/CVE-2022/CVE-2022-453xx/CVE-2022-45399.json
index 4ac4f365e60..8e31f0b6773 100644
--- a/CVE-2022/CVE-2022-453xx/CVE-2022-45399.json
+++ b/CVE-2022/CVE-2022-453xx/CVE-2022-45399.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45399",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:14.617",
- "lastModified": "2022-11-18T04:56:24.400",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.047",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2938",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45400.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45400.json
index 4afe5c489fd..f09ecc8b14c 100644
--- a/CVE-2022/CVE-2022-454xx/CVE-2022-45400.json
+++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45400.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45400",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:14.803",
- "lastModified": "2022-11-20T03:07:36.333",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.117",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-611"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2941",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45401.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45401.json
index 3eb34c5968a..8359fe635f0 100644
--- a/CVE-2022/CVE-2022-454xx/CVE-2022-45401.json
+++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45401.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-45401",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-11-15T20:15:15.343",
- "lastModified": "2022-11-18T04:48:47.850",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.180",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
@@ -65,6 +53,10 @@
}
],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4",
+ "source": "jenkinsci-cert@googlegroups.com"
+ },
{
"url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2947",
"source": "jenkinsci-cert@googlegroups.com",
diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45436.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45436.json
index 2cea39da818..5e3b506f786 100644
--- a/CVE-2022/CVE-2022-454xx/CVE-2022-45436.json
+++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45436.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-45436",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-02-15T04:15:10.613",
- "lastModified": "2023-02-23T18:21:48.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T12:15:08.737",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.\n\n"
}
],
"metrics": {
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "cve-coordination@incibe.es",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -94,6 +94,10 @@
}
],
"references": [
+ {
+ "url": "https://gist.github.com/damodarnaik/ac07a179972cd4d508f246e9bc5500e7",
+ "source": "cve-coordination@incibe.es"
+ },
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es",
diff --git a/CVE-2022/CVE-2022-454xx/CVE-2022-45437.json b/CVE-2022/CVE-2022-454xx/CVE-2022-45437.json
index 51f0cce613e..c00bd0a07d0 100644
--- a/CVE-2022/CVE-2022-454xx/CVE-2022-45437.json
+++ b/CVE-2022/CVE-2022-454xx/CVE-2022-45437.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-45437",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-02-15T04:15:10.893",
- "lastModified": "2023-02-23T18:22:45.303",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T12:15:08.917",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information."
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.\n\n"
}
],
"metrics": {
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "cve-coordination@incibe.es",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -94,6 +94,10 @@
}
],
"references": [
+ {
+ "url": "https://gist.github.com/damodarnaik/06180e8a5aa237b38740486b3e398011",
+ "source": "cve-coordination@incibe.es"
+ },
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es",
diff --git a/CVE-2022/CVE-2022-45xx/CVE-2022-4531.json b/CVE-2022/CVE-2022-45xx/CVE-2022-4531.json
new file mode 100644
index 00000000000..9c8ccc3cd92
--- /dev/null
+++ b/CVE-2022/CVE-2022-45xx/CVE-2022-4531.json
@@ -0,0 +1,15 @@
+{
+ "id": "CVE-2022-4531",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T03:15:08.537",
+ "lastModified": "2023-10-20T03:15:08.537",
+ "vulnStatus": "Rejected",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "** REJECT ** Not a valid vulnerability."
+ }
+ ],
+ "metrics": {},
+ "references": []
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-462xx/CVE-2022-46285.json b/CVE-2022/CVE-2022-462xx/CVE-2022-46285.json
index 9cedcae541d..a9f0c1d5ebc 100644
--- a/CVE-2022/CVE-2022-462xx/CVE-2022-46285.json
+++ b/CVE-2022/CVE-2022-462xx/CVE-2022-46285.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-46285",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-07T19:15:09.147",
- "lastModified": "2023-10-04T00:15:11.413",
+ "lastModified": "2023-10-17T15:55:36.773",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -37,7 +37,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
@@ -55,9 +55,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:libxpm_project:libxpm:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.15",
- "matchCriteriaId": "934FFD94-DF18-451C-BB87-0360AACC094D"
+ "matchCriteriaId": "D98D97AA-EDDE-48F7-B4DE-E51BFB5A72D3"
}
]
}
diff --git a/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json b/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json
index c3a67f64969..fcb07738925 100644
--- a/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json
+++ b/CVE-2022/CVE-2022-463xx/CVE-2022-46329.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-46329",
"sourceIdentifier": "secure@intel.com",
"published": "2023-08-11T03:15:16.540",
- "lastModified": "2023-09-30T22:15:10.257",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:59:50.840",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -106,6 +106,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -119,19 +159,32 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00043.html",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K24OJT4AVMNND7LBTC2ZDDTE6DJHAKB4/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/",
- "source": "secure@intel.com"
+ "source": "secure@intel.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46836.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46836.json
index ddb57967d82..872806da7e6 100644
--- a/CVE-2022/CVE-2022-468xx/CVE-2022-46836.json
+++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46836.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-46836",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-02-20T17:15:12.153",
- "lastModified": "2023-03-02T18:16:41.797",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.277",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -610,6 +610,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/",
+ "source": "security@checkmk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-469xx/CVE-2022-46945.json b/CVE-2022/CVE-2022-469xx/CVE-2022-46945.json
index 917e03d4f97..9f20b7f8047 100644
--- a/CVE-2022/CVE-2022-469xx/CVE-2022-46945.json
+++ b/CVE-2022/CVE-2022-469xx/CVE-2022-46945.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-46945",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-26T15:15:09.393",
- "lastModified": "2023-06-01T14:02:24.270",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T22:15:09.117",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -99,6 +99,10 @@
"Patch",
"Product"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/checkmk-rce-chain-3/",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47002.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47002.json
index b5b245be495..31880037b52 100644
--- a/CVE-2022/CVE-2022-470xx/CVE-2022-47002.json
+++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47002.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-47002",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-01T14:15:08.873",
- "lastModified": "2023-03-06T20:15:09.607",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T18:17:22.390",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -101,15 +101,11 @@
]
},
{
- "url": "https://hoyahaxa.blogspot.com/2023/01/preliminary-security-advisory.html",
- "source": "cve@mitre.org",
- "tags": [
- "Patch",
- "Third Party Advisory"
- ]
+ "url": "https://www.hoyahaxa.com/2023/01/preliminary-security-advisory.html",
+ "source": "cve@mitre.org"
},
{
- "url": "https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html",
+ "url": "https://www.hoyahaxa.com/2023/03/authentication-bypass-mura-masa.html",
"source": "cve@mitre.org"
}
]
diff --git a/CVE-2022/CVE-2022-473xx/CVE-2022-47372.json b/CVE-2022/CVE-2022-473xx/CVE-2022-47372.json
index 87e2f6181c7..c44070f4fb9 100644
--- a/CVE-2022/CVE-2022-473xx/CVE-2022-47372.json
+++ b/CVE-2022/CVE-2022-473xx/CVE-2022-47372.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-47372",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-02-15T04:15:10.987",
- "lastModified": "2023-02-23T19:29:45.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T12:15:08.997",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload."
+ "value": "Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.\n\n"
}
],
"metrics": {
@@ -56,22 +56,22 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-79"
+ "value": "CWE-352"
}
]
},
{
- "source": "cve-coordination@incibe.es",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-352"
+ "value": "CWE-79"
}
]
}
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "https://gist.github.com/damodarnaik/576c39162fce7da458d2f41f1cbe99e8",
+ "source": "cve-coordination@incibe.es"
+ },
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es",
diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47583.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47583.json
new file mode 100644
index 00000000000..999f26604e5
--- /dev/null
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47583.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2022-47583",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T16:15:08.833",
+ "lastModified": "2023-10-25T19:46:29.443",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal."
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de caracteres de terminal en Mintty anterior a 3.6.3 permite la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de salida sin escape al terminal."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:mintty_project:mintty:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "3.6.3",
+ "matchCriteriaId": "D53E5A23-C161-4360-A154-6259698F80B9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://dgl.cx/2023/09/ansi-terminal-security#mintty",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit"
+ ]
+ },
+ {
+ "url": "https://github.com/mintty/mintty/releases/tag/3.6.3",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-479xx/CVE-2022-47909.json b/CVE-2022/CVE-2022-479xx/CVE-2022-47909.json
index f48c06e2a40..eea8221dd4a 100644
--- a/CVE-2022/CVE-2022-479xx/CVE-2022-47909.json
+++ b/CVE-2022/CVE-2022-479xx/CVE-2022-47909.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-47909",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-02-20T17:15:12.230",
- "lastModified": "2023-06-23T13:12:17.483",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.470",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost."
+ "value": "Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of\u00a0Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost."
}
],
"metrics": {
@@ -625,6 +625,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/",
+ "source": "security@checkmk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-47xx/CVE-2022-4712.json b/CVE-2022/CVE-2022-47xx/CVE-2022-4712.json
new file mode 100644
index 00000000000..9475bc6b7fc
--- /dev/null
+++ b/CVE-2022/CVE-2022-47xx/CVE-2022-4712.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2022-4712",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:14.993",
+ "lastModified": "2023-10-26T17:29:13.440",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento WP Cerber Security para WordPress es vulnerable a Cross-Site Scripting (XSS) almacenados a trav\u00e9s del par\u00e1metro de registro al iniciar sesi\u00f3n en el sitio en versiones hasta la 9.1 incluida. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cerber:wp_cerber_security\\,_anti-spam_\\&_malware_scan:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "9.2",
+ "matchCriteriaId": "AF84A1A7-10E3-4A50-A2F7-82A3EED15F27"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-cerber/trunk/admin/cerber-dashboard.php?rev=2721561#L1338",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-480xx/CVE-2022-48064.json b/CVE-2022/CVE-2022-480xx/CVE-2022-48064.json
index 14836293cc7..038d4684c57 100644
--- a/CVE-2022/CVE-2022-480xx/CVE-2022-48064.json
+++ b/CVE-2022/CVE-2022-480xx/CVE-2022-48064.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-48064",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:30.937",
- "lastModified": "2023-10-13T03:15:09.493",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:24:09.337",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-400"
+ "value": "CWE-770"
}
]
}
@@ -62,20 +62,64 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0008/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=29922",
diff --git a/CVE-2022/CVE-2022-480xx/CVE-2022-48065.json b/CVE-2022/CVE-2022-480xx/CVE-2022-48065.json
index f105756e736..c6220f1c904 100644
--- a/CVE-2022/CVE-2022-480xx/CVE-2022-48065.json
+++ b/CVE-2022/CVE-2022-480xx/CVE-2022-48065.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-48065",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:31.013",
- "lastModified": "2023-10-06T15:15:13.433",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-23T05:15:07.710",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -65,6 +65,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0008/",
"source": "cve@mitre.org"
diff --git a/CVE-2022/CVE-2022-481xx/CVE-2022-48118.json b/CVE-2022/CVE-2022-481xx/CVE-2022-48118.json
index e612f41771a..f8be39f467e 100644
--- a/CVE-2022/CVE-2022-481xx/CVE-2022-48118.json
+++ b/CVE-2022/CVE-2022-481xx/CVE-2022-48118.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-48118",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-27T20:15:14.867",
- "lastModified": "2023-02-04T01:51:48.413",
+ "lastModified": "2023-10-25T15:00:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
+ "criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"
}
]
}
diff --git a/CVE-2022/CVE-2022-483xx/CVE-2022-48321.json b/CVE-2022/CVE-2022-483xx/CVE-2022-48321.json
index 9dab6af2776..f547e5ed6e5 100644
--- a/CVE-2022/CVE-2022-483xx/CVE-2022-48321.json
+++ b/CVE-2022/CVE-2022-483xx/CVE-2022-48321.json
@@ -2,8 +2,8 @@
"id": "CVE-2022-48321",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-02-20T17:15:12.607",
- "lastModified": "2023-03-02T18:35:12.083",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:22.573",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -201,6 +201,10 @@
"Mitigation",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/",
+ "source": "security@checkmk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48565.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48565.json
index 8221df69b2b..4755e234178 100644
--- a/CVE-2022/CVE-2022-485xx/CVE-2022-48565.json
+++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48565.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-48565",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:32.007",
- "lastModified": "2023-10-11T23:15:10.210",
+ "lastModified": "2023-10-21T03:15:08.423",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -122,6 +122,14 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0007/",
"source": "cve@mitre.org"
diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json
index b23e6385b72..07891650ce2 100644
--- a/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json
+++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json
@@ -2,19 +2,80 @@
"id": "CVE-2022-48612",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T00:15:10.350",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T16:22:05.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de Universal Cross Site Scripting (UXSS) en ClassLink OneClick Extension hasta 10.7 permite a atacantes remotos inyectar JavaScript en cualquier p\u00e1gina web, porque una expresi\u00f3n regular (que valida si una URL est\u00e1 controlada por ClassLink) no est\u00e1 presente en todos los lugares aplicables."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:classlink:oneclick:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "10.7",
+ "matchCriteriaId": "2A6FA3A4-8DFC-4337-8DCA-147E4BDF5CEC"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://blog.zerdle.net/classlink/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4859.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4859.json
index 1ebfa0c7341..bfa0797f9c9 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4859.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4859.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4859",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:09.513",
- "lastModified": "2023-01-06T20:30:45.270",
+ "lastModified": "2023-10-29T03:08:37.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The name of the patch is 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055."
+ "value": "A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument firstName/lastName leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.34 is able to address this issue. The patch is named 9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217055."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -117,23 +127,21 @@
"url": "https://github.com/jogetworkflow/jw-community/commit/9a77f508a2bf8cf661d588f37a4cc29ecaea4fc8",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/jogetworkflow/jw-community/releases/tag/7.0.34",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.217055",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4860.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4860.json
index c9f97ae3e81..e89c3cef8b8 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4860.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4860.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4860",
"sourceIdentifier": "cna@vuldb.com",
"published": "2022-12-30T12:15:09.583",
- "lastModified": "2023-01-06T18:56:35.230",
+ "lastModified": "2023-10-29T03:03:11.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The name of the patch is 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059."
+ "value": "A vulnerability was found in KBase Metrics. It has been classified as critical. This affects the function upload_user_data of the file source/daily_cron_jobs/methods_upload_user_stats.py. The manipulation leads to sql injection. The patch is named 959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217059."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
@@ -116,23 +126,21 @@
"url": "https://github.com/kbase/metrics/commit/959dfb6b05991e30b0fa972a1ecdcaae8e1dae6d",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/kbase/metrics/pull/77",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.217059",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4869.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4869.json
index 4579a90d76a..ebdd206b895 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4869.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4869.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4869",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T09:15:08.753",
- "lastModified": "2023-01-11T17:06:05.117",
+ "lastModified": "2023-10-29T02:58:52.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The name of the patch is 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -126,23 +126,20 @@
"url": "https://github.com/evolution-events/Artaxerxes/commit/022111407d34815c16c6eada2de69ca34084dc0d",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.217438",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.217438",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
"Third Party Advisory"
]
}
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4871.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4871.json
index 597a3482b16..fa6aaa110e3 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4871.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4871.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4871",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-03T12:15:10.660",
- "lastModified": "2023-01-09T21:09:17.993",
+ "lastModified": "2023-10-29T02:59:32.857",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The name of the patch is dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account"
+ "value": "A vulnerability classified as problematic was found in ummmmm nflpick-em.com up to 2.2.x. This vulnerability affects the function _Load_Users of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The patch is identified as dd77a35942f527ea0beef5e0ec62b92e8b93211e. It is recommended to apply a patch to fix this issue. VDB-217270 is the identifier assigned to this vulnerability. NOTE: JSON entrypoint is only accessible via an admin account"
}
],
"metrics": {
@@ -126,16 +126,14 @@
"url": "https://github.com/ummmmm/nflpick-em.com/commit/dd77a35942f527ea0beef5e0ec62b92e8b93211e",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.217270",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory",
- "VDB Entry"
+ "Permissions Required"
]
},
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4875.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4875.json
index 61660b06a74..bad970a8fbf 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4875.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4875.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4875",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T22:15:09.093",
- "lastModified": "2023-01-11T01:50:28.687",
+ "lastModified": "2023-10-29T02:59:26.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability has been found in fossology and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument sql/VarValue leads to cross site scripting. The attack can be initiated remotely. The patch is identified as 8e0eba001662c7eb35f045b70dd458a4643b4553. It is recommended to apply a patch to fix this issue. VDB-217426 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,23 +126,21 @@
"url": "https://github.com/fossology/fossology/commit/8e0eba001662c7eb35f045b70dd458a4643b4553",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/fossology/fossology/pull/2356",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.217426",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4876.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4876.json
index d9aae2e9f70..3f41144d172 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4876.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4876.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4876",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-04T23:15:20.037",
- "lastModified": "2023-01-30T16:37:16.607",
+ "lastModified": "2023-10-29T02:59:15.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The name of the patch is 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427."
+ "value": "A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classified as problematic. This issue affects some unknown processing of the file includes/DefaultSettings.php. The manipulation of the argument HTTP_X_FORWARDED_HOST leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.96.rc2 is able to address this issue. The patch is named 13b8812ebc8c9fa034eed91ab35ba8423a528c0b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217427."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -121,39 +131,34 @@
"url": "https://github.com/kaltura/mwEmbed/commit/13b8812ebc8c9fa034eed91ab35ba8423a528c0b",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/kaltura/mwEmbed/pull/4266",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/kaltura/mwEmbed/releases/tag/v2.96.rc2",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.217427",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.217427",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
"Third Party Advisory"
]
}
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4879.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4879.json
index 398bf9921b6..de0528894a3 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4879.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4879.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4879",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-06T11:15:09.557",
- "lastModified": "2023-01-12T15:48:49.473",
+ "lastModified": "2023-10-29T02:58:47.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The name of the patch is 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555."
+ "value": "A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The patch is named 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555."
}
],
"metrics": {
@@ -126,38 +126,34 @@
"url": "https://github.com/FAForever/fa/commit/6880971bd3d73d942384aff62d53058c206ce644",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/FAForever/fa/pull/4398",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/FAForever/fa/releases/tag/3747",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.217555",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.217555",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
"Third Party Advisory"
]
}
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4880.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4880.json
index 593cb3f354e..d1bf54ac31d 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4880.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4880.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4880",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-07T13:15:09.700",
- "lastModified": "2023-01-12T18:54:47.407",
+ "lastModified": "2023-10-29T02:57:50.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The name of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability."
+ "value": "A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The identifier of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-22"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
}
],
"configurations": [
@@ -116,32 +126,28 @@
"url": "https://github.com/stakira/OpenUtau/commit/849a0a6912aac8b1c28cc32aa1132a3140caff4a",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/stakira/OpenUtau/pull/544",
"source": "cna@vuldb.com",
"tags": [
- "Exploit",
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/stakira/OpenUtau/releases/tag/build%2F0.0.991",
"source": "cna@vuldb.com",
"tags": [
- "Release Notes",
- "Third Party Advisory"
+ "Release Notes"
]
},
{
"url": "https://vuldb.com/?ctiid.217617",
"source": "cna@vuldb.com",
"tags": [
- "Third Party Advisory"
+ "Permissions Required"
]
},
{
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4881.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4881.json
index be020769e22..ff71845fca1 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4881.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4881.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4881",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-08T13:15:10.047",
- "lastModified": "2023-01-12T20:10:12.480",
+ "lastModified": "2023-10-29T02:57:33.730",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The patch is identified as 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -116,34 +126,28 @@
"url": "https://github.com/CapsAdmin/pac3/commit/8fc9e12dfa21d757be6eb4194c763e848b299ac0",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://github.com/CapsAdmin/pac3/pull/1210",
"source": "cna@vuldb.com",
"tags": [
- "Patch",
- "Third Party Advisory"
+ "Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.217646",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
- "Third Party Advisory",
- "VDB Entry"
+ "Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.217646",
"source": "cna@vuldb.com",
"tags": [
- "Permissions Required",
- "Third Party Advisory",
- "VDB Entry"
+ "Permissions Required"
]
}
]
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4882.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4882.json
index 94df2f25862..e70b9fbfc65 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4882.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4882.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4882",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-09T09:15:10.140",
- "lastModified": "2023-01-13T13:22:20.230",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.090",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664."
+ "value": "A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4883.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4883.json
index 89f48f73d74..3945c33f423 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4883.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4883.json
@@ -2,7 +2,7 @@
"id": "CVE-2022-4883",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-02-07T19:15:09.223",
- "lastModified": "2023-06-20T14:15:10.027",
+ "lastModified": "2023-10-17T15:55:36.773",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -37,7 +37,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
- "type": "Secondary",
+ "type": "Primary",
"description": [
{
"lang": "en",
@@ -55,9 +55,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:libxpm_project:libxpm:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.5.15",
- "matchCriteriaId": "934FFD94-DF18-451C-BB87-0360AACC094D"
+ "matchCriteriaId": "D98D97AA-EDDE-48F7-B4DE-E51BFB5A72D3"
}
]
}
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4885.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4885.json
index 7cdd2509e9d..b038e796fae 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4885.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4885.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4885",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-11T18:15:09.227",
- "lastModified": "2023-01-18T19:12:09.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.160",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020."
+ "value": "A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4886.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4886.json
new file mode 100644
index 00000000000..9359ed13698
--- /dev/null
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4886.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2022-4886",
+ "sourceIdentifier": "jordan@liggitt.net",
+ "published": "2023-10-25T20:15:09.790",
+ "lastModified": "2023-10-25T21:15:09.930",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.\n"
+ },
+ {
+ "lang": "es",
+ "value": "La sanitizaci\u00f3n del par\u00e1metro `path` de Ingress-nginx se puede omitir con la directiva `log_format`."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "jordan@liggitt.net",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "jordan@liggitt.net",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/25/5",
+ "source": "jordan@liggitt.net"
+ },
+ {
+ "url": "https://github.com/kubernetes/ingress-nginx/issues/10570",
+ "source": "jordan@liggitt.net"
+ },
+ {
+ "url": "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI",
+ "source": "jordan@liggitt.net"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4889.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4889.json
index 16d169d4141..1c82765fdee 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4889.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4889.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4889",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-15T08:15:08.210",
- "lastModified": "2023-01-24T16:33:12.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.237",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The name of the patch is 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. It is recommended to apply a patch to fix this issue. The identifier VDB-218377 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to sql injection. The identifier of the patch is 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. It is recommended to apply a patch to fix this issue. The identifier VDB-218377 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4890.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4890.json
index 91da8ee80b8..fbc97dbc866 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4890.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4890.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4890",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-16T13:15:10.137",
- "lastModified": "2023-01-24T16:19:48.380",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.310",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The name of the patch is b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387."
+ "value": "A vulnerability, which was classified as critical, has been found in abhilash1985 PredictApp. This issue affects some unknown processing of the file config/initializers/new_framework_defaults_7_0.rb of the component Cookie Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The patch is named b067372f3ee26fe1b657121f0f41883ff4461a06. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218387."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-48xx/CVE-2022-4892.json b/CVE-2022/CVE-2022-48xx/CVE-2022-4892.json
index 66189e2e356..6d069c6fb43 100644
--- a/CVE-2022/CVE-2022-48xx/CVE-2022-4892.json
+++ b/CVE-2022/CVE-2022-48xx/CVE-2022-4892.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4892",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-19T08:15:13.163",
- "lastModified": "2023-01-25T20:56:15.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.387",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895."
+ "value": "A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json
index 5675d773846..e30106f0929 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4903.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4903",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-10T15:15:11.717",
- "lastModified": "2023-02-16T21:25:34.397",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.470",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4905.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4905.json
index 636fee1171c..c8893884d0c 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4905.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4905.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4905",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-13T21:15:13.710",
- "lastModified": "2023-02-23T15:29:00.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.550",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in UDX Stateless Media Plugin 3.1.1. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The name of the patch is 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The patch is identified as 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4927.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4927.json
index b36a9f39ad4..dc948e0988f 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4927.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4927.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4927",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-05T20:15:08.873",
- "lastModified": "2023-06-23T17:18:06.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.630",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287."
+ "value": "A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4928.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4928.json
index 2793671afd0..25541205765 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4928.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4928.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4928",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T01:15:09.993",
- "lastModified": "2023-03-13T17:15:32.620",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.710",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability."
+ "value": "A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The identifier of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4929.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4929.json
index 3525a88a56e..b6636df32f8 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4929.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4929.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4929",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T03:15:08.440",
- "lastModified": "2023-03-13T17:14:45.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The patch is identified as fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4930.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4930.json
index ef45d0d7d00..2f616167876 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4930.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4930.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4930",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-06T16:15:09.593",
- "lastModified": "2023-03-13T18:33:32.357",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.863",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The name of the patch is 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319."
+ "value": "A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The patch is named 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4933.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4933.json
index 16b612acf9b..b766791b5a6 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4933.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4933.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4933",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T05:15:12.050",
- "lastModified": "2023-03-24T19:05:48.167",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:10.947",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The patch is identified as ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4942.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4942.json
index 84d196bc484..2b6edc02f5f 100644
--- a/CVE-2022/CVE-2022-49xx/CVE-2022-4942.json
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4942.json
@@ -2,12 +2,12 @@
"id": "CVE-2022-4942",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-20T06:15:07.440",
- "lastModified": "2023-04-29T02:52:40.117",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.020",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The name of the patch is 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4943.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4943.json
new file mode 100644
index 00000000000..cc0f2205f1c
--- /dev/null
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4943.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2022-4943",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:11.983",
+ "lastModified": "2023-10-26T17:26:13.140",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Google Authenticator de miniOrange para WordPress es vulnerable a la omisi\u00f3n de autorizaci\u00f3n debido a una falta de verificaci\u00f3n de capacidad al cambiar la configuraci\u00f3n del complemento en versiones hasta la 5.6.5 incluida. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del complemento."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:miniorange:google_authenticator:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "5.6.5",
+ "matchCriteriaId": "FA5D80D0-7543-49BC-8D9F-9C33C26EF1EE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2842228%40miniorange-2-factor-authentication%2Ftrunk&old=2815645%40miniorange-2-factor-authentication%2Ftrunk&sfp_email=&sfph_mail=",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4954.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4954.json
new file mode 100644
index 00000000000..93c0ac17f9e
--- /dev/null
+++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4954.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2022-4954",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T07:15:15.103",
+ "lastModified": "2023-10-26T17:28:59.520",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Waiting: One-click countdowns para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s del nombre Countdown en versiones hasta la 0.6.2 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:plugin:waiting:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "0.6.2",
+ "matchCriteriaId": "E719F69E-20BF-46D4-A862-E84F6CA72723"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/waiting/trunk/waiting.php?rev=2826039",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Product"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0003.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0003.json
index ff4fe44c580..796c2b60e28 100644
--- a/CVE-2023/CVE-2023-00xx/CVE-2023-0003.json
+++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0003.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0003",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-02-08T18:15:11.777",
- "lastModified": "2023-07-21T19:21:55.237",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T05:15:24.807",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -156,6 +156,14 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
+ "source": "psirt@paloaltonetworks.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
+ "source": "psirt@paloaltonetworks.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMEELCREWMRT6NS7HWXLA6XFLLMO36HE/",
"source": "psirt@paloaltonetworks.com",
@@ -163,6 +171,10 @@
"Mailing List"
]
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
+ "source": "psirt@paloaltonetworks.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEJWL67XR67JAGEL2ZK22NA3BRKNMZNY/",
"source": "psirt@paloaltonetworks.com",
@@ -184,6 +196,10 @@
"Mailing List"
]
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
+ "source": "psirt@paloaltonetworks.com"
+ },
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0003",
"source": "psirt@paloaltonetworks.com",
diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0004.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0004.json
index 94956750f13..5c12c47237a 100644
--- a/CVE-2023/CVE-2023-00xx/CVE-2023-0004.json
+++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0004.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0004",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-04-12T17:15:07.043",
- "lastModified": "2023-04-21T16:13:00.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T05:15:25.050",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -124,6 +124,22 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
+ "source": "psirt@paloaltonetworks.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
+ "source": "psirt@paloaltonetworks.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
+ "source": "psirt@paloaltonetworks.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
+ "source": "psirt@paloaltonetworks.com"
+ },
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0004",
"source": "psirt@paloaltonetworks.com",
diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0052.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0052.json
index 2399ed70cf2..ea7c0587308 100644
--- a/CVE-2023/CVE-2023-00xx/CVE-2023-0052.json
+++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0052.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0052",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-01-20T22:15:10.417",
- "lastModified": "2023-02-02T14:21:46.400",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T00:15:09.050",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands."
+ "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.\n\n"
}
],
"metrics": {
@@ -57,7 +57,7 @@
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
- "type": "Primary",
+ "type": "Secondary",
"description": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0053.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0053.json
index 28de37e222a..c7ac180a758 100644
--- a/CVE-2023/CVE-2023-00xx/CVE-2023-0053.json
+++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0053.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0053",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-03-02T01:15:11.590",
- "lastModified": "2023-03-10T04:58:43.923",
+ "lastModified": "2023-10-27T20:32:10.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system."
+ "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n"
}
],
"metrics": {
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "ics-cert@hq.dhs.gov",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +64,16 @@
"value": "CWE-319"
}
]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
}
],
"configurations": [
@@ -208,7 +218,6 @@
]
},
{
- "operator": "AND",
"nodes": [
{
"operator": "OR",
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0180.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0180.json
index f7bef1f49a6..fd03054ed2b 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0180.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0180.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0180",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:07.160",
- "lastModified": "2023-10-03T15:15:39.200",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:26:49.570",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -145,7 +145,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0181.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0181.json
index b82dba71c3c..b0160c259d0 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0181.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0181.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0181",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:07.713",
- "lastModified": "2023-10-03T15:15:39.300",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:27:14.150",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -150,7 +150,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0183.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0183.json
index fb35d58fd3a..3b32a1f7cd5 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0183.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0183.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0183",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:07.867",
- "lastModified": "2023-10-03T15:15:39.383",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:27:32.010",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -145,7 +145,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0184.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0184.json
index 283f89b1ce3..5d562c88b13 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0184.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0184.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0184",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-22T03:15:08.817",
- "lastModified": "2023-10-03T15:15:39.463",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:05:59.697",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -329,7 +329,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0185.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0185.json
index c192596c37c..f4f4cb1e221 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0185.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0185.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0185",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:07.927",
- "lastModified": "2023-10-03T15:15:39.583",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:28:05.460",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -140,7 +140,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0187.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0187.json
index 9e54e49a950..8195ff2266e 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0187.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0187.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0187",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.053",
- "lastModified": "2023-10-03T15:15:39.667",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:15:44.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0188.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0188.json
index 3d26c18158a..31f9c9f64a6 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0188.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0188.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0188",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.110",
- "lastModified": "2023-10-03T15:15:39.743",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:16:24.017",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -150,7 +150,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0189.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0189.json
index 54f7803000d..e13fd0f93d7 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0189.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0189.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0189",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.163",
- "lastModified": "2023-10-03T15:15:39.823",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:20:17.937",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0190.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0190.json
index 91be0d7cb8f..42e30c4c340 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0190.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0190.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0190",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-22T03:15:08.897",
- "lastModified": "2023-10-03T15:15:39.907",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:06:03.947",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -182,7 +182,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0191.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0191.json
index f0af3b292e4..1be09c8d693 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0191.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0191.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0191",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.240",
- "lastModified": "2023-10-03T15:15:39.990",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:04:16.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -150,7 +150,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0194.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0194.json
index 8fb66505595..f4603903bda 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0194.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0194.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0194",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.367",
- "lastModified": "2023-10-03T15:15:40.077",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:05:28.927",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -135,7 +135,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0195.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0195.json
index 9f85ddcac26..73de28eb779 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0195.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0195.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0195",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.440",
- "lastModified": "2023-10-03T15:15:40.170",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:05:34.450",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-01xx/CVE-2023-0198.json b/CVE-2023/CVE-2023-01xx/CVE-2023-0198.json
index 9b8af4e16e7..81dd3b44237 100644
--- a/CVE-2023/CVE-2023-01xx/CVE-2023-0198.json
+++ b/CVE-2023/CVE-2023-01xx/CVE-2023-0198.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0198",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2023-04-01T05:15:08.557",
- "lastModified": "2023-10-03T15:15:40.257",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:05:38.477",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -145,7 +145,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-02",
- "source": "psirt@nvidia.com"
+ "source": "psirt@nvidia.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-03xx/CVE-2023-0377.json b/CVE-2023/CVE-2023-03xx/CVE-2023-0377.json
index 503bf13321b..947a329a9af 100644
--- a/CVE-2023/CVE-2023-03xx/CVE-2023-0377.json
+++ b/CVE-2023/CVE-2023-03xx/CVE-2023-0377.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-0377",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-03-06T14:15:10.663",
- "lastModified": "2023-03-13T18:16:02.967",
+ "lastModified": "2023-10-26T20:00:45.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -65,9 +65,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:scriptless_social_sharing_project:scriptless_social_sharing:*:*:*:*:*:wordpress:*:*",
+ "criteria": "cpe:2.3:a:robincornett:scriptless_social_sharing:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.2",
- "matchCriteriaId": "8F2C498D-2056-4138-B82A-C646ED0955FA"
+ "matchCriteriaId": "A68EA896-CBC6-42B6-881E-5B0CD183E2CD"
}
]
}
diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0527.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0527.json
index 34fd90ce213..1929764a0a9 100644
--- a/CVE-2023/CVE-2023-05xx/CVE-2023-0527.json
+++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0527.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0527",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-27T11:15:12.240",
- "lastModified": "2023-06-01T17:15:09.777",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:15:09.010",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -111,10 +111,6 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/172667/Online-Security-Guards-Hiring-System-1.0-Cross-Site-Scripting.html",
- "source": "cna@vuldb.com"
- },
{
"url": "https://github.com/ctflearner/Vulnerability/blob/main/Online-Security-guard-POC.md",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-05xx/CVE-2023-0549.json b/CVE-2023/CVE-2023-05xx/CVE-2023-0549.json
index 87a5c59fa5c..762fd5d4dcc 100644
--- a/CVE-2023/CVE-2023-05xx/CVE-2023-0549.json
+++ b/CVE-2023/CVE-2023-05xx/CVE-2023-0549.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0549",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-27T19:15:10.457",
- "lastModified": "2023-02-06T19:30:52.323",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T20:15:09.170",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0641.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0641.json
index a2f583c04fe..b4903499f8e 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0641.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0641.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0641",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-02T09:15:08.953",
- "lastModified": "2023-02-08T21:08:52.640",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T21:15:08.633",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability."
+ "value": "A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0650.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0650.json
index f22300670c3..9f2b32df416 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0650.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0650.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0650",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-02T15:17:42.503",
- "lastModified": "2023-02-09T20:03:12.647",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T21:15:08.890",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability."
+ "value": "A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The identifier of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
index 91a5f5198bc..c90e6fb016a 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0666.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0666",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.000",
- "lastModified": "2023-09-17T07:15:08.307",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:53:33.607",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -77,6 +77,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -90,7 +105,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@takeonme.org"
+ "source": "cve@takeonme.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0666.html",
@@ -101,7 +119,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@takeonme.org"
+ "source": "cve@takeonme.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
index 10f72fedea5..80cdb38ebff 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0667.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0667",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.117",
- "lastModified": "2023-09-17T07:15:08.420",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:55:29.700",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -67,12 +67,6 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
- "versionEndExcluding": "3.6.14",
- "matchCriteriaId": "39738E11-AD14-4332-BC9F-0FF028EF6EC2"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
@@ -96,7 +90,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@takeonme.org"
+ "source": "cve@takeonme.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0667.html",
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
index 83c59098a7b..9dcbaed7498 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0668.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0668",
"sourceIdentifier": "cve@takeonme.org",
"published": "2023-06-07T03:15:09.193",
- "lastModified": "2023-09-17T07:15:08.517",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:56:32.827",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -84,6 +84,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -97,7 +112,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@takeonme.org"
+ "source": "cve@takeonme.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://takeonme.org/cves/CVE-2023-0668.html",
@@ -108,7 +126,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@takeonme.org"
+ "source": "cve@takeonme.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html",
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0673.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0673.json
index d7261256ff2..fd89334a601 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0673.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0673.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0673",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-04T08:15:08.147",
- "lastModified": "2023-02-12T04:49:33.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T21:15:09.000",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195."
+ "value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The associated identifier of this vulnerability is VDB-220195."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json
index ca6420d907b..692ff3921c6 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0679.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0679",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T13:15:09.377",
- "lastModified": "2023-02-13T17:31:48.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T21:15:09.090",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220."
+ "value": "A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json
index d1b5258b8ab..39eb64615c9 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0686.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0686",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-06T20:15:14.367",
- "lastModified": "2023-02-14T17:06:57.460",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T21:15:09.167",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability."
+ "value": "A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The identifier VDB-220245 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0696.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0696.json
index 117463c539c..8db018aef39 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0696.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0696.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0696",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.300",
- "lastModified": "2023-09-30T11:15:10.407",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:57:37.487",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -81,7 +81,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0697.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0697.json
index 9918b12ea62..b6d54371614 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0697.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0697.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0697",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.360",
- "lastModified": "2023-09-30T11:15:10.483",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:55:45.593",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -94,7 +94,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json
index 5ff3e4cc34a..9cc3da33171 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0698.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0698",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.417",
- "lastModified": "2023-09-30T11:15:10.553",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:57:33.757",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -81,11 +81,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1693",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-06xx/CVE-2023-0699.json b/CVE-2023/CVE-2023-06xx/CVE-2023-0699.json
index b9e6d78cb24..e975ea02c4b 100644
--- a/CVE-2023/CVE-2023-06xx/CVE-2023-0699.json
+++ b/CVE-2023/CVE-2023-06xx/CVE-2023-0699.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0699",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.470",
- "lastModified": "2023-09-30T11:15:10.623",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:57:19.977",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0700.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0700.json
index 12fae938bb1..5ba4631c717 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0700.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0700.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0700",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.523",
- "lastModified": "2023-09-30T11:15:10.683",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:57:15.477",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0701.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0701.json
index d5da3cccdf7..d7d992786f3 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0701.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0701.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0701",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.577",
- "lastModified": "2023-09-30T11:15:10.737",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:57:05.993",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0702.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0702.json
index be17aaaf417..dacad516818 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0702.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0702.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0702",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.630",
- "lastModified": "2023-09-30T11:15:10.793",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:56:59.957",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0703.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0703.json
index 62bf2f0985d..0c64effc741 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0703.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0703.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0703",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.683",
- "lastModified": "2023-09-30T11:15:10.850",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:56:53.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0704.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0704.json
index 99b4ddacb12..63586444ef5 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0704.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0704.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0704",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.733",
- "lastModified": "2023-09-30T11:15:10.907",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:56:31.580",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0705.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0705.json
index 668c8307ed6..b2f37fb9f46 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0705.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0705.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0705",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-07T21:15:09.787",
- "lastModified": "2023-09-30T11:15:10.967",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:58:13.187",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json
index 242a0ab97f5..3e4e806c27a 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0748.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0748",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-02-08T15:15:13.467",
- "lastModified": "2023-10-10T08:15:10.033",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:09:55.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "security@huntr.dev",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +64,16 @@
"value": "CWE-601"
}
]
+ },
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
}
],
"configurations": [
@@ -87,7 +97,10 @@
"references": [
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4575/commits/c2cfa17e9619046b43987627b8429541d2834109",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/1a0403b6-9ec9-4587-b559-b1afba798c86",
diff --git a/CVE-2023/CVE-2023-07xx/CVE-2023-0785.json b/CVE-2023/CVE-2023-07xx/CVE-2023-0785.json
index 91a39bbbe93..a42f0f29c4c 100644
--- a/CVE-2023/CVE-2023-07xx/CVE-2023-0785.json
+++ b/CVE-2023/CVE-2023-07xx/CVE-2023-0785.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0785",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-12T08:15:10.310",
- "lastModified": "2023-02-21T21:29:21.757",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T22:15:09.230",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability."
+ "value": "A vulnerability classified as problematic was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file check_availability.php. The manipulation of the argument username leads to exposure of sensitive information through data queries. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-220645 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0808.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0808.json
index 63e18fb296e..b965721f4ea 100644
--- a/CVE-2023/CVE-2023-08xx/CVE-2023-0808.json
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0808.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0808",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-13T12:15:11.467",
- "lastModified": "2023-02-23T05:09:56.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T22:15:09.747",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json
index bad89de0480..677ef7317cb 100644
--- a/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0879.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0879",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-02-17T02:15:10.680",
- "lastModified": "2023-10-10T08:15:10.137",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:09:37.217",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
"references": [
{
"url": "https://github.com/btcpayserver/btcpayserver/pull/4635/commits/f2f3b245c4d8980d8e54e4708c796df82332c3d7",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/9464e3c6-961d-4e23-8b3d-07cbb31de541",
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0887.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0887.json
index 440b98f460f..ae1eb96291f 100644
--- a/CVE-2023/CVE-2023-08xx/CVE-2023-0887.json
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0887.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0887",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-17T09:15:15.007",
- "lastModified": "2023-03-07T15:39:30.880",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T22:15:09.913",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351."
+ "value": "A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The associated identifier of this vulnerability is VDB-221351."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-08xx/CVE-2023-0897.json b/CVE-2023/CVE-2023-08xx/CVE-2023-0897.json
new file mode 100644
index 00000000000..e84296fe90f
--- /dev/null
+++ b/CVE-2023/CVE-2023-08xx/CVE-2023-0897.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-0897",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-26T20:15:08.417",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nSielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Sielco PolyEco1000 es afectada por una vulnerabilidad de secuestro de sesi\u00f3n debido a que la cookie es vulnerable a un ataque de fuerza bruta, falta de SSL y la sesi\u00f3n es visible en las solicitudes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-384"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-07",
+ "source": "ics-cert@hq.dhs.gov"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0903.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0903.json
index 0e5846bb3fa..d509b6ce8c8 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0903.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0903.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0903",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-18T08:15:42.240",
- "lastModified": "2023-03-01T17:09:50.750",
+ "lastModified": "2023-10-25T12:55:04.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452."
+ "value": "A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452."
}
],
"metrics": {
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -91,6 +91,16 @@
"value": "CWE-89"
}
]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
}
],
"configurations": [
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json
index 34eab5e87c7..fda418c06ef 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0919.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0919",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-02-19T15:15:10.433",
- "lastModified": "2023-10-10T08:15:10.243",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-27T14:57:54.647",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
"references": [
{
"url": "https://github.com/Kareadita/Kavita/pull/1748/commits/6648b79e1b2f92449d5816d0722b7a3d72f259d5",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/3c514923-473f-4c50-ae0d-d002a41fe70f",
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0927.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0927.json
index db184fe25b9..dbd708c75a1 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0927.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0927.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0927",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.010",
- "lastModified": "2023-09-30T11:15:11.030",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:58:09.573",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -94,7 +94,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0928.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0928.json
index 3ca905b35b1..4d1c87d4578 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0928.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0928.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0928",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.070",
- "lastModified": "2023-09-30T11:15:11.107",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:58:05.803",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0929.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0929.json
index 52a4147cd74..f4356fd4eb4 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0929.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0929.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0929",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.123",
- "lastModified": "2023-09-30T11:15:11.180",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:40:15.977",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0930.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0930.json
index a095d67f91a..e54f47d12a7 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0930.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0930.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0930",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.177",
- "lastModified": "2023-09-30T11:15:11.237",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:31:01.733",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0931.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0931.json
index 0769a4eb752..26449e80ebe 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0931.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0931.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0931",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.230",
- "lastModified": "2023-09-30T11:15:11.297",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:31:06.507",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0932.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0932.json
index 6f598143cec..4e14ceae91e 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0932.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0932.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0932",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.280",
- "lastModified": "2023-09-30T11:15:11.433",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:31:10.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -94,7 +94,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0933.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0933.json
index a5c8a4a453f..855daf66996 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0933.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0933.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0933",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.343",
- "lastModified": "2023-09-30T11:15:11.487",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:33:30.673",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0941.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0941.json
index 2e7d8639d04..9ae1ff837e1 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0941.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0941.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-0941",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-02-22T20:15:12.410",
- "lastModified": "2023-09-30T11:15:11.543",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:33:35.087",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,7 +82,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-09xx/CVE-2023-0964.json b/CVE-2023/CVE-2023-09xx/CVE-2023-0964.json
index 96b80ffa805..bd3c3b9922b 100644
--- a/CVE-2023/CVE-2023-09xx/CVE-2023-0964.json
+++ b/CVE-2023/CVE-2023-09xx/CVE-2023-0964.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-0964",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-22T19:15:11.450",
- "lastModified": "2023-03-02T17:22:01.890",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T22:15:10.263",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. VDB-221634 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Affected is an unknown function of the file admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. VDB-221634 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1003.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1003.json
index b3ea417cd7d..c395750520b 100644
--- a/CVE-2023/CVE-2023-10xx/CVE-2023-1003.json
+++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1003.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1003",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-07T20:15:09.010",
- "lastModified": "2023-03-23T17:17:23.310",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T22:15:10.407",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736."
+ "value": "A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1004.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1004.json
index ad65db37632..6f294fc7da4 100644
--- a/CVE-2023/CVE-2023-10xx/CVE-2023-1004.json
+++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1004.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1004",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-24T08:15:11.337",
- "lastModified": "2023-03-03T16:43:11.650",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T23:15:08.393",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability."
+ "value": "A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1108.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1108.json
index 6ba4553329a..a92ea202f74 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1108.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1108.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1108",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T15:15:08.293",
- "lastModified": "2023-09-20T20:16:37.027",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.137",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -381,6 +381,10 @@
"tags": [
"Issue Tracking"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231020-0002/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1112.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1112.json
index 380d9faa479..8159eb3331f 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1112.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1112.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1112",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-01T10:15:09.700",
- "lastModified": "2023-03-09T14:36:53.873",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T08:15:08.217",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072."
+ "value": "A vulnerability was found in Drag and Drop Multiple File Upload Contact Form 7 5.0.6.1 on WordPress. It has been classified as critical. Affected is an unknown function of the file admin-ajax.php. The manipulation of the argument upload_name leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222072."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1161.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1161.json
index fa68befcd09..98b4dd3f8ec 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1161.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1161.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-1161",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-03-06T21:15:10.990",
- "lastModified": "2023-09-17T07:15:08.607",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:23:56.467",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del disector ISO 15765 e ISO 10681 en Wireshark 4.0.0 a 4.0.3 y 3.6.0 a 3.6.11 permite la denegaci\u00f3n de servicio mediante la inyecci\u00f3n de paquetes o un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -110,15 +134,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-08.html",
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1164.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1164.json
index cab80be7f99..0fea875362b 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1164.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1164.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1164",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-03T07:15:09.370",
- "lastModified": "2023-03-10T19:03:05.207",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T08:15:08.463",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260."
+ "value": "A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json
index 0c515c8df08..ccf9a222f0e 100644
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1177.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1177",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-03-24T15:15:10.193",
- "lastModified": "2023-10-10T08:15:10.367",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:30:10.547",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -56,8 +56,18 @@
},
"weaknesses": [
{
- "source": "security@huntr.dev",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -87,7 +97,10 @@
"references": [
{
"url": "https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28",
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json
index 37254d4bbdd..5f3d42edc85 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1206.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-1206",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:09.747",
- "lastModified": "2023-09-29T22:15:10.777",
+ "lastModified": "2023-10-20T00:15:11.257",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -118,6 +118,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230929-0006/",
"source": "secalert@redhat.com"
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json
index 8418219f889..be962ea5a6b 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1259.json
@@ -2,19 +2,43 @@
"id": "CVE-2023-1259",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-14T12:15:09.897",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T13:33:28.457",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Hotjar para WordPress es vulnerable a Cross-Site Scripting (XSS) Almacenado a trav\u00e9s de hotjar_site_id en versiones hasta la 1.0.15 incluida debido a una sanitizaci\u00f3n de entrada y un escape de la salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {
"cvssMetricV31": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
@@ -36,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@wordfence.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -44,16 +68,50 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hotjar:hotjar:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "1.0.15",
+ "matchCriteriaId": "191AB952-5D4B-447B-AB93-8E271F84E3EF"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/hotjar/tags/1.0.14/includes/class-hotjar.php#L40",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
index 81aeb53b56f..9ce0bbf7ab4 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1260.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1260",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-24T01:15:42.707",
- "lastModified": "2023-09-26T16:21:06.823",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.233",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -160,6 +160,10 @@
"Issue Tracking",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231020-0010/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1277.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1277.json
index 4eeb69092b4..d4f6babf095 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1277.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1277.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1277",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-08T19:15:10.760",
- "lastModified": "2023-03-14T19:29:08.297",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T08:15:08.663",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600."
+ "value": "A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json
index b30f3313d1c..baed2e48f3b 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1283.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1283",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-03-08T22:15:09.683",
- "lastModified": "2023-10-10T08:15:10.477",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:30:23.583",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
"references": [
{
"url": "https://github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8",
diff --git a/CVE-2023/CVE-2023-12xx/CVE-2023-1293.json b/CVE-2023/CVE-2023-12xx/CVE-2023-1293.json
index a1e40e1b76f..a8d6b52808f 100644
--- a/CVE-2023/CVE-2023-12xx/CVE-2023-1293.json
+++ b/CVE-2023/CVE-2023-12xx/CVE-2023-1293.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-09T15:15:09.403",
- "lastModified": "2023-03-15T18:35:48.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T08:15:08.773",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647."
+ "value": "A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1352.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1352.json
index f69468fcea4..55a7e712e51 100644
--- a/CVE-2023/CVE-2023-13xx/CVE-2023-1352.json
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1352.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1352",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-11T18:15:43.603",
- "lastModified": "2023-03-15T17:37:12.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T09:15:08.570",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851."
+ "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1356.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1356.json
new file mode 100644
index 00000000000..1cf59875698
--- /dev/null
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1356.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-1356",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:22.873",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Reflected cross-site scripting in the StudentSearch component in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows hijacking of a user\u2019s browsing session by attackers who have convinced the said user to click on a malicious link."
+ },
+ {
+ "lang": "es",
+ "value": "Cross-Site Scripting (XSS) Reflejado en el componente StudentSearch en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permiten el secuestro de la sesi\u00f3n de navegaci\u00f3n de un usuario por parte de atacantes que han convencido a dicho usuario de hacer clic en un enlace malicioso."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356",
+ "source": "vdp@themissinglink.com.au"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json
index 84fa8acc24d..7458239fd05 100644
--- a/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json
+++ b/CVE-2023/CVE-2023-13xx/CVE-2023-1380.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1380",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-03-27T21:15:10.623",
- "lastModified": "2023-08-19T18:15:21.967",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:11.347",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -339,6 +339,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "secalert@redhat.com"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1448.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1448.json
index e207e7c68e9..42fe95b5514 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1448.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1448.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1448",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-17T07:15:12.093",
- "lastModified": "2023-05-27T04:15:24.037",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-21T09:15:09.937",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -143,10 +143,6 @@
"Third Party Advisory",
"VDB Entry"
]
- },
- {
- "url": "https://www.debian.org/security/2023/dsa-5411",
- "source": "cna@vuldb.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1449.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1449.json
index d2b026cf7bf..be960d6bf27 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1449.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1449.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1449",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-17T07:15:12.347",
- "lastModified": "2023-05-27T04:15:24.177",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-21T09:15:10.137",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -144,10 +144,6 @@
"Third Party Advisory",
"VDB Entry"
]
- },
- {
- "url": "https://www.debian.org/security/2023/dsa-5411",
- "source": "cna@vuldb.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1452.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1452.json
index 843af7a276b..70df333f8d9 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1452.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1452.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1452",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-17T07:15:12.947",
- "lastModified": "2023-05-27T04:15:24.287",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-21T10:15:08.863",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -144,10 +144,6 @@
"Third Party Advisory",
"VDB Entry"
]
- },
- {
- "url": "https://www.debian.org/security/2023/dsa-5411",
- "source": "cna@vuldb.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1455.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1455.json
index 74cd73ff0f7..0ce28a25fc5 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1455.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1455.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1455",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-17T07:15:13.767",
- "lastModified": "2023-03-23T14:48:08.043",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.127",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300."
+ "value": "A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-14xx/CVE-2023-1495.json b/CVE-2023/CVE-2023-14xx/CVE-2023-1495.json
index ac3f13f4486..78049a87ca8 100644
--- a/CVE-2023/CVE-2023-14xx/CVE-2023-1495.json
+++ b/CVE-2023/CVE-2023-14xx/CVE-2023-1495.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1495",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-19T00:15:12.677",
- "lastModified": "2023-03-23T14:04:04.467",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.367",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability."
+ "value": "A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1502.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1502.json
index f31fb50c5ca..b7700325e77 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1502.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1502.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1502",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T09:15:12.103",
- "lastModified": "2023-03-23T13:36:08.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.477",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1503.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1503.json
index 0e326a417d7..a1659db1cf9 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1503.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1503.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1503",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T09:15:12.267",
- "lastModified": "2023-03-23T13:36:16.783",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.543",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407."
+ "value": "A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1504.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1504.json
index add20f04906..c84a40cc590 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1504.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1504.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1504",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T09:15:12.410",
- "lastModified": "2023-03-23T13:40:29.107",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.607",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408."
+ "value": "A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1505.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1505.json
index fc18a2a6067..a18b6d4cda3 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1505.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1505.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1505",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T09:15:12.540",
- "lastModified": "2023-03-23T13:40:37.387",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.677",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1506.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1506.json
index 7c149009b72..c3ec5a28c3c 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1506.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1506.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-1506",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-20T10:15:11.543",
- "lastModified": "2023-03-23T13:40:56.973",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T10:15:09.743",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1528.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1528.json
index 640de980f31..04df2b01f96 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1528.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1528.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1528",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.297",
- "lastModified": "2023-09-30T11:15:11.603",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:33:42.933",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -62,6 +62,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,19 +107,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1529.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1529.json
index b2f503ae6b9..8474ac890ba 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1529.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1529.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1529",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.357",
- "lastModified": "2023-09-30T11:15:11.693",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:43:13.867",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-119"
+ "value": "CWE-787"
}
]
}
@@ -62,6 +62,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,19 +107,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1530.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1530.json
index 6a72a4b5242..65035891689 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1530.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1530.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1530",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.413",
- "lastModified": "2023-09-30T11:15:11.753",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:46:04.377",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -62,6 +62,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,19 +107,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1531.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1531.json
index 7b430354952..890d7041358 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1531.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1531.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1531",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.527",
- "lastModified": "2023-09-30T11:15:11.817",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:47:03.977",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -62,6 +62,46 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:chromium:chromium:112.0.5592.0:*:*:*:*:*:x64:*",
+ "matchCriteriaId": "3FEF925E-AEE4-445A-90D4-3C10E218EB9A"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,23 +122,38 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1724",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1532.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1532.json
index dfd339bee6a..08a8be1db88 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1532.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1532.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1532",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.613",
- "lastModified": "2023-09-30T11:15:11.897",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:47:08.577",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -62,12 +62,41 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171959/Chrome-media-mojom-VideoFrame-Missing-Validation.html",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html",
@@ -86,19 +115,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1533.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1533.json
index 45109131ef8..6b5cb9bb2bc 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1533.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1533.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1533",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.690",
- "lastModified": "2023-09-30T11:15:11.970",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:47:12.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -62,6 +62,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,19 +107,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-15xx/CVE-2023-1534.json b/CVE-2023/CVE-2023-15xx/CVE-2023-1534.json
index 328df435478..12deb9bb757 100644
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1534.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1534.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1534",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-03-21T21:15:12.747",
- "lastModified": "2023-09-30T11:15:12.150",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:48:37.073",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-416"
+ "value": "CWE-125"
}
]
}
@@ -62,16 +62,49 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/171961/Chrome-GL_ShaderBinary-Untrusted-Process-Exposure.html",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://packetstormsecurity.com/files/171965/Chrome-SpvGetMappedSamplerName-Out-Of-Bounds-String-Copy.html",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html",
@@ -90,19 +123,31 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1638.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1638.json
index 68a94c809ce..e2694026e24 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1638.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1638.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1638",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T21:15:06.817",
- "lastModified": "2023-03-31T00:11:02.010",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.577",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned32",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1638",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224018",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1639.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1639.json
index 7dde479b77a..8b85129e2f4 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1639.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1639.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1639",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T21:15:06.887",
- "lastModified": "2023-03-31T00:12:48.603",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.710",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned33",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1639",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224019",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1640.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1640.json
index 8ca223f7cc9..9343e07d156 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1640.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1640.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1640",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T22:15:06.893",
- "lastModified": "2023-03-30T16:30:57.850",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.780",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned34",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1640",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224020",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1641.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1641.json
index dcf4bdbe890..9b871c49cfe 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1641.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1641.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1641",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T22:15:06.960",
- "lastModified": "2023-03-30T16:34:40.600",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.850",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned35",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1641",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224021",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1642.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1642.json
index 941da587a93..c8dbfba460d 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1642.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1642.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1642",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T22:15:07.017",
- "lastModified": "2023-03-30T17:09:39.937",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.920",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned36",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1642",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224022",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1643.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1643.json
index 8952e8a7180..c030247adc4 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1643.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1643.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1643",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T22:15:07.077",
- "lastModified": "2023-03-30T17:18:34.817",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:08.987",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned37",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1643",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224023",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1644.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1644.json
index 6cfd8b8bcf4..0a4bac2319b 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1644.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1644.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1644",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T23:15:07.807",
- "lastModified": "2023-03-30T15:56:38.213",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:09.057",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned40",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1644",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224024",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1645.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1645.json
index 005882c8fb3..a962825cdd4 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1645.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1645.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1645",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T23:15:07.880",
- "lastModified": "2023-03-30T16:20:10.103",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:09.167",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -131,11 +131,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned41",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1645",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224025",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1646.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1646.json
index 29a7a66c1bc..8ab5dce9e1a 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1646.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1646.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1646",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-03-26T23:15:07.940",
- "lastModified": "2023-03-30T16:22:10.323",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T14:15:09.337",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -130,11 +130,8 @@
]
},
{
- "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/unassigned42",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-1646",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.224026",
diff --git a/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json b/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json
index 9cfe3b0d8e3..1da02968a3e 100644
--- a/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json
+++ b/CVE-2023/CVE-2023-16xx/CVE-2023-1647.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1647",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-03-27T01:15:07.223",
- "lastModified": "2023-10-10T08:15:10.580",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:29:34.070",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -97,7 +97,10 @@
"references": [
{
"url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6",
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1810.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1810.json
index b865c8b80a0..0007622d95f 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1810.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1810.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1810",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.317",
- "lastModified": "2023-09-30T11:15:12.207",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:49:28.777",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1811.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1811.json
index 7a79da159e0..7a1412525ab 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1811.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1811.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1811",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.363",
- "lastModified": "2023-09-30T11:15:12.280",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:49:33.660",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1812.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1812.json
index 08cb3d92913..e47f6de0fe0 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1812.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1812.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1812",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.400",
- "lastModified": "2023-09-30T11:15:12.333",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:29:48.640",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-119"
+ "value": "CWE-787"
}
]
}
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1813.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1813.json
index 0c7bb9be489..43bc9230a3e 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1813.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1813.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1813",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.440",
- "lastModified": "2023-09-30T11:15:12.390",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:29:52.570",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1814.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1814.json
index 16cc2753735..2b5bd3996ae 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1814.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1814.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1814",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.477",
- "lastModified": "2023-09-30T11:15:12.450",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:30:13.407",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "NVD-CWE-noinfo"
}
]
}
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1815.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1815.json
index f738ccb47dc..7ebcee4d6e1 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1815.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1815.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1815",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.517",
- "lastModified": "2023-09-30T11:15:12.510",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:30:16.747",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1816.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1816.json
index 677aafbc8b1..015a8178eec 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1816.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1816.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1816",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.553",
- "lastModified": "2023-09-30T11:15:12.570",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:30:20.167",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1817.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1817.json
index 0f8adadaa9f..97926b87629 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1817.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1817.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1817",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.587",
- "lastModified": "2023-09-30T11:15:12.633",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:30:55.957",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1818.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1818.json
index 44faea83291..35f1c007b69 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1818.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1818.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1818",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.623",
- "lastModified": "2023-09-30T11:15:12.697",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:30:59.503",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1819.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1819.json
index 03a01f7a63c..2ecce10dd24 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1819.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1819.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1819",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.663",
- "lastModified": "2023-09-30T11:15:12.757",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:35.727",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1820.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1820.json
index 797b3ad8588..3bcf7318258 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1820.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1820.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1820",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.697",
- "lastModified": "2023-09-30T11:15:12.817",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:40.307",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1821.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1821.json
index 8ec927c7fab..cb59ae74fa3 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1821.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1821.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1821",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.733",
- "lastModified": "2023-09-30T11:15:12.873",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:44.550",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1822.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1822.json
index aad5220d168..8aa902771aa 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1822.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1822.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1822",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.770",
- "lastModified": "2023-09-30T11:15:12.953",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:48.813",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1823.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1823.json
index 2ed3e5b17e9..7168872913a 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1823.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1823.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1823",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.810",
- "lastModified": "2023-09-30T11:15:13.017",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:53.323",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -77,6 +82,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,20 +121,29 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FG3CRADL7IL5IHK4NCHG4LAYLKHFXETX/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO3QZY4UQFP4XNF43ILMVVOABMB7KAQ5/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5386",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1826.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1826.json
index 2fcf4e066fb..dd7b7e1213f 100644
--- a/CVE-2023/CVE-2023-18xx/CVE-2023-1826.json
+++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1826.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-1826",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-04T09:15:07.977",
- "lastModified": "2023-10-04T15:07:27.313",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T18:07:21.960",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -123,7 +123,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/171790/Online-Computer-And-Laptop-Store-1.0-Shell-Upload.html",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.224841",
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1943.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1943.json
index 2d7a7709acf..7777d28b90e 100644
--- a/CVE-2023/CVE-2023-19xx/CVE-2023-1943.json
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1943.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-1943",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2023-10-12T00:15:10.067",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:55:16.960",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Escalada de privilegios en kOps utilizando el proveedor GCE/GCP en modo Gossip."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "jordan@liggitt.net",
"type": "Secondary",
@@ -46,14 +80,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:kubernetes:operations:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.25.4",
+ "matchCriteriaId": "5488C983-38DD-4787-9956-C68D528D5ED1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:kubernetes:operations:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.26.0",
+ "versionEndExcluding": "1.26.2",
+ "matchCriteriaId": "763C648A-9C2F-4697-AC4A-5897EDA1966E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/kubernetes/kops/issues/15539",
- "source": "jordan@liggitt.net"
+ "source": "jordan@liggitt.net",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/yrCE1x89oaU",
- "source": "jordan@liggitt.net"
+ "source": "jordan@liggitt.net",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1992.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1992.json
index 700b40789ae..ad449613c45 100644
--- a/CVE-2023/CVE-2023-19xx/CVE-2023-1992.json
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1992.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-1992",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-04-12T21:15:15.147",
- "lastModified": "2023-09-17T07:15:08.717",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:23:48.543",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del disector RPCoRDMA en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegaci\u00f3n de servicio mediante la inyecci\u00f3n de paquetes o un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,51 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,27 +161,46 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-09.html",
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1993.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1993.json
index 757bed6255a..fcc9508db0d 100644
--- a/CVE-2023/CVE-2023-19xx/CVE-2023-1993.json
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1993.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-1993",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-04-12T21:15:16.183",
- "lastModified": "2023-09-17T07:15:08.827",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:23:43.390",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El bucle grande del disector LISP en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {
@@ -90,6 +94,51 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,27 +161,46 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-10.html",
diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1994.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1994.json
index 3420e5f7e47..aa9d70251d3 100644
--- a/CVE-2023/CVE-2023-19xx/CVE-2023-1994.json
+++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1994.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-1994",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-04-12T22:15:13.987",
- "lastModified": "2023-09-17T07:15:08.937",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:07:43.257",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del disector GQUIC en Wireshark 4.0.0 a 4.0.4 y 3.6.0 a 3.6.12 permite la denegaci\u00f3n de servicio mediante la inyecci\u00f3n de paquetes o un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,51 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -111,27 +160,46 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-11.html",
diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20135.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20135.json
index a8c6daa7033..f83fa0de712 100644
--- a/CVE-2023/CVE-2023-201xx/CVE-2023-20135.json
+++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20135.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-20135",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.253",
- "lastModified": "2023-09-19T14:35:29.487",
+ "lastModified": "2023-10-26T13:45:10.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -79,17 +79,17 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.5.2",
"versionEndExcluding": "7.6",
- "matchCriteriaId": "1D0FA627-590F-4E92-880A-6E006CF63D71"
+ "matchCriteriaId": "93148C76-2970-48D4-942A-D67B68352EA9"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.7",
"versionEndExcluding": "7.10.1",
- "matchCriteriaId": "2DD39E73-3E40-4716-8ABB-2CF8D58AF25B"
+ "matchCriteriaId": "75317BEF-7612-49E8-A4B2-9C90AADE3BB0"
}
]
}
diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20190.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20190.json
index 54682b4173b..bf2308ee957 100644
--- a/CVE-2023/CVE-2023-201xx/CVE-2023-20190.json
+++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20190.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-20190",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.357",
- "lastModified": "2023-09-19T15:45:04.047",
+ "lastModified": "2023-10-25T20:42:54.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -11,7 +11,7 @@
},
{
"lang": "es",
- "value": "Una vulnerabilidad en la caracter\u00edstica de compresi\u00f3n de la cl\u00e1sica lista de control de acceso (ACL) del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado evite la protecci\u00f3n que ofrece una ACL configurada en un dispositivo afectado. Esta vulnerabilidad se debe a una codificaci\u00f3n incorrecta del rango de direcciones de destino en el m\u00f3dulo de compresi\u00f3n de una ACL que se aplica a una interfaz de un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico a trav\u00e9s del dispositivo afectado que la ACL configurada deber\u00eda denegar. Una explotaci\u00f3n existosa exitoso podr\u00eda permitir al atacante eludir las protecciones ACL configuradas en el dispositivo afectado, permiti\u00e9ndole acceder a redes confiables que el dispositivo podr\u00eda estar protegiendo. Existen soluciones que abordan esta vulnerabilidad. Este aviso es parte de la publicaci\u00f3n de septiembre de 2023 del paquete de avisos de seguridad del software Cisco IOS XR."
+ "value": "Una vulnerabilidad en la caracter\u00edstica de compresi\u00f3n de la cl\u00e1sica lista de control de acceso (ACL) del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado evite la protecci\u00f3n que ofrece una ACL configurada en un dispositivo afectado. Esta vulnerabilidad se debe a una codificaci\u00f3n incorrecta del rango de direcciones de destino en el m\u00f3dulo de compresi\u00f3n de una ACL que se aplica a una interfaz de un dispositivo afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando tr\u00e1fico a trav\u00e9s del dispositivo afectado que la ACL configurada deber\u00eda denegar. Una explotaci\u00f3n existosa exitoso podr\u00eda permitir al atacante eludir las protecciones ACL configuradas en el dispositivo afectado, permiti\u00e9ndole acceder a redes confiables que el dispositivo podr\u00eda estar protegiendo. Existen workarounds que abordan esta vulnerabilidad. Este aviso es parte de la publicaci\u00f3n de septiembre de 2023 del paquete de avisos de seguridad del software Cisco IOS XR."
}
],
"metrics": {
@@ -79,28 +79,28 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.5",
- "matchCriteriaId": "5C9E87A2-289F-413D-AC06-6162141FB1F4"
+ "matchCriteriaId": "2149246C-67F1-442E-82B3-A2FD61096A3C"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.5",
"versionEndExcluding": "7.5.4",
- "matchCriteriaId": "94EC85D1-7AE9-4F89-82EC-5FC227044BEA"
+ "matchCriteriaId": "ED7F47DA-4B58-47D2-B913-82A5C415818B"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.6",
"versionEndExcluding": "7.8.2",
- "matchCriteriaId": "E1244647-6336-41CB-8F2D-665FB76F44D6"
+ "matchCriteriaId": "0130B9F9-A333-4C3A-A92B-139CE276F6EA"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:7.9:*:*:*:*:*:*:*",
- "matchCriteriaId": "66AEB63B-0A8B-40E7-966C-B7EE01F70E2A"
+ "criteria": "cpe:2.3:o:cisco:ios_xr:7.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD280E00-7BAC-4160-926A-09D87719585F"
}
]
}
diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20191.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20191.json
index 1005465a0f6..0f3595351a1 100644
--- a/CVE-2023/CVE-2023-201xx/CVE-2023-20191.json
+++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20191.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-20191",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-13T17:15:09.440",
- "lastModified": "2023-09-19T15:50:22.317",
+ "lastModified": "2023-10-25T20:42:54.000",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -11,7 +11,7 @@
},
{
"lang": "es",
- "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en las interfaces MPLS en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a la compatibilidad incompleta con esta caracter\u00edstica. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n existosa podr\u00eda permitir al atacante eludir una ACL en el dispositivo afectado. Existen soluciones que abordan esta vulnerabilidad. Este aviso es parte de la publicaci\u00f3n de septiembre de 2023 del paquete de avisos de seguridad del software Cisco IOS XR."
+ "value": "Una vulnerabilidad en el procesamiento de la lista de control de acceso (ACL) en las interfaces MPLS en la direcci\u00f3n de ingreso del software Cisco IOS XR podr\u00eda permitir que un atacante remoto no autenticado omita una ACL configurada. Esta vulnerabilidad se debe a la compatibilidad incompleta con esta caracter\u00edstica. Un atacante podr\u00eda aprovechar esta vulnerabilidad intentando enviar tr\u00e1fico a trav\u00e9s de un dispositivo afectado. Una explotaci\u00f3n existosa podr\u00eda permitir al atacante eludir una ACL en el dispositivo afectado. Existen workarounds que abordan esta vulnerabilidad. Este aviso es parte de la publicaci\u00f3n de septiembre de 2023 del paquete de avisos de seguridad del software Cisco IOS XR."
}
],
"metrics": {
@@ -79,21 +79,21 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.7.21",
- "matchCriteriaId": "A1278815-CDE6-471B-A51F-3E0066D5A5EE"
+ "matchCriteriaId": "0F752BFA-5ADB-4331-8997-B51611C07F57"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:*:*:*:*:*:*:*:*",
+ "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.8",
"versionEndExcluding": "7.9.2",
- "matchCriteriaId": "5770983C-0EB9-4AC7-91FB-BF9AA4A9AE52"
+ "matchCriteriaId": "CCE5AC34-B919-44FC-928C-13CD466C9EDA"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:h:cisco:ios_xr:7.10:*:*:*:*:*:*:*",
- "matchCriteriaId": "F12D609A-06F4-44BE-9455-F28C1ECB4DE8"
+ "criteria": "cpe:2.3:o:cisco:ios_xr:7.10:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15136625-5385-4B82-AC99-B71D3608BBF3"
}
]
}
diff --git a/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json b/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
index a1a265519b3..cf4d5534e98 100644
--- a/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
+++ b/CVE-2023/CVE-2023-201xx/CVE-2023-20198.json
@@ -2,16 +2,44 @@
"id": "CVE-2023-20198",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-16T16:15:10.023",
- "lastModified": "2023-10-16T22:15:11.833",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-25T18:17:22.940",
+ "vulnStatus": "Undergoing Analysis",
+ "cisaExploitAdd": "2023-10-16",
+ "cisaActionDue": "2023-10-20",
+ "cisaRequiredAction": "Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.",
+ "cisaVulnerabilityName": "Cisco IOS XE Web UI Privilege Escalation Vulnerability",
"descriptions": [
{
"lang": "en",
"value": "Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\r\n\r For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory\u00a0\r\n\r Cisco will provide updates on the status of this investigation and when a software patch is available."
+ },
+ {
+ "lang": "es",
+ "value": "Cisco tiene conocimiento de la explotaci\u00f3n activa de una vulnerabilidad previamente desconocida en la funci\u00f3n de interfaz de usuario web del software Cisco IOS XE cuando se expone a Internet o a redes que no son de confianza. Esta vulnerabilidad permite a un atacante remoto no autenticado crear una cuenta en un sistema afectado con acceso de nivel de privilegio 15. Luego, el atacante puede usar esa cuenta para hacerse con el control del sistema afectado. Para conocer los pasos para cerrar el vector de ataque de esta vulnerabilidad, consulte la secci\u00f3n Recomendaciones de este aviso. Cisco proporcionar\u00e1 actualizaciones sobre el estado de esta investigaci\u00f3n y cu\u00e1ndo estar\u00e1 disponible un parche de software."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 10.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.0
+ },
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@@ -34,18 +62,63 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "17.9.4a",
+ "matchCriteriaId": "57A434FD-E06D-4D3D-B394-DFBC46FF6420"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/",
- "source": "ykramarz@cisco.com"
+ "source": "ykramarz@cisco.com",
+ "tags": [
+ "Press/Media Coverage",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
+ "source": "ykramarz@cisco.com",
+ "tags": [
+ "Mitigation",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.cisa.gov/guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities",
"source": "ykramarz@cisco.com"
},
{
"url": "https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit",
- "source": "ykramarz@cisco.com"
+ "source": "ykramarz@cisco.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20259.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20259.json
index a503c43cf20..ddd85aec16a 100644
--- a/CVE-2023/CVE-2023-202xx/CVE-2023-20259.json
+++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20259.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-20259",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-10-04T17:15:09.990",
- "lastModified": "2023-10-04T18:14:55.483",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T16:13:08.310",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad en un endpoint de la API de m\u00faltiples productos de Comunicaciones Unificadas de Cisco podr\u00eda permitir que un atacante remoto no autenticado provoque una alta utilizaci\u00f3n de la CPU, lo que podr\u00eda afectar el acceso a la interfaz de administraci\u00f3n basada en web y causar retrasos en el procesamiento de llamadas. Esta API no se utiliza para la administraci\u00f3n de dispositivos y es poco probable que se utilice en las operaciones normales del dispositivo. Esta vulnerabilidad se debe a una autenticaci\u00f3n de API incorrecta y a una validaci\u00f3n incompleta de la solicitud. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a una API espec\u00edfica en el dispositivo. Un exploit exitoso podr\u00eda permitir que el atacante cause una condici\u00f3n de denegaci\u00f3n de servicio (DoS) debido a una alta utilizaci\u00f3n de la CPU, lo que podr\u00eda afectar negativamente al tr\u00e1fico de usuarios y al acceso de administraci\u00f3n. Cuando el ataque cese, el dispositivo se recuperar\u00e1 sin intervenci\u00f3n manual."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@@ -34,10 +58,82 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:emergency_responder:14su3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF848485-44D0-4354-852A-8E859E050A07"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:prime_collaboration_deployment:14su3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9399AD59-4F8E-4B8E-AF9B-F2785993DBC8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "397E6105-7508-4DEB-AD6D-1E702E31C875"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.5\\(1\\)su7:*:*:*:session_management:*:*:*",
+ "matchCriteriaId": "94FFAF94-86EC-468C-A7F9-D85D3DE86A85"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager:14su3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D4FFC030-F8FD-486F-83C5-4C8F2932CE5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager:14su3:*:*:*:session_management:*:*:*",
+ "matchCriteriaId": "EB4AF502-94FF-4CCF-B99F-A4AEDE032128"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:12.5\\(1\\)su7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0B6DA5E-39BB-40B5-8BB6-30E77F89DE79"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_\\&_presence_service:14su3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4CD16AB0-3BB8-4ECF-B0F8-B7AE8B41BF87"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:unity_connection:14su3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "181866CE-6279-4422-8EF8-7A12DB5B21F6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF",
- "source": "ykramarz@cisco.com"
+ "source": "ykramarz@cisco.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20261.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20261.json
new file mode 100644
index 00000000000..92821a5839b
--- /dev/null
+++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20261.json
@@ -0,0 +1,589 @@
+{
+ "id": "CVE-2023-20261",
+ "sourceIdentifier": "ykramarz@cisco.com",
+ "published": "2023-10-18T17:15:08.467",
+ "lastModified": "2023-10-25T01:24:28.263",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system.\r\n\r This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad en la interfaz de usuario web de Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto autenticado recupere archivos arbitrarios de un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los par\u00e1metros que se env\u00edan a la interfaz de usuario web. Un atacante podr\u00eda aprovechar esta vulnerabilidad iniciando sesi\u00f3n en Cisco Catalyst SD-WAN Manager y emitiendo solicitudes manipuladas mediante la interfaz de usuario web. Un exploit exitoso podr\u00eda permitir al atacante obtener archivos arbitrarios del sistema de archivos Linux subyacente de un sistema afectado. Para aprovechar esta vulnerabilidad, el atacante debe ser un usuario autenticado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
+ {
+ "source": "ykramarz@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A0D5F32C-BFC1-49CC-BE96-920FCBE567B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F621202C-3851-4D7E-BFA2-DABB08E73DB6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "38132BE5-528B-472E-9249-B226C0DE1C80"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "37C817B2-DDB9-4CAF-96C9-776482A8597D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC5D29FD-0917-4C1F-AE75-2D63F5C9C58D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1E3090C4-15E6-4746-B0D2-27665AB91B08"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:17.2.10:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04E924CC-3161-436D-93F0-066F76172F55"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.2.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7ED059CD-AD0A-4748-8390-8CDCF4C4D1CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6990E97D-30E9-42A9-AE6A-CC597DF75B0B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15B60BA4-EA02-4D0D-82C3-1B08016EF5AE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E9DC51F7-72D4-4593-8DDE-8AA3955BB826"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B047A011-1C27-4D86-99C1-BFCDC7F04A9B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DADEA8FB-3298-4534-B65E-81060E3DB45A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F4C6DF1F-4995-4486-8F90-9EFD6417ABA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6D249954-93E0-4124-B9BA-84B9F34D7CB1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7F20EBE-DFDF-4996-93D1-28EE776BC777"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DF09CAB-CA1B-428E-9A0B-AADACE9201A0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.3.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D99ED480-C206-48DD-9DF3-FC60D91B98A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DC515B6-27A3-4723-9792-2BA42EF63E44"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEC0BBDA-FAE5-4AF7-81C8-83041A58E8E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A066E28-31B0-46C7-ABB8-F5D1F3A303C9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C8F536CC-29D6-401E-92C5-964FDBDCCE65"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9139593A-9414-488D-AA3A-5560C643587D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07BFB47E-F456-4782-98D7-68D02500FDD3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "57F0D358-54BE-4A47-8B76-D23B5CCC4BE2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.302:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33BEBE47-AF47-4994-871D-5969270EE5AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:18.4.303:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A27094E7-E6F3-47CA-A90A-86FEA2F1BE33"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6D6D47A0-43A2-4F9F-830B-B2FB79E779A5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "87E7B932-950A-4573-832F-8477FABA5929"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1711A70-5931-4C1F-B522-46AD2E5D7C51"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE41B8AE-8F1E-4116-BDDC-65B913AD448E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7EC80219-C760-4CA8-B360-7B6545F502C2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DA93E21E-4D61-4CA5-ACF2-50C2A4F2C62C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F9E425CF-5773-4C17-B284-588DDCE8DE43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.097:*:*:*:*:*:*:*",
+ "matchCriteriaId": "34886EDF-1C10-4F57-A82D-FF1AF668E2C1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.099:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1D7B3B10-6936-4352-9EE7-561BB1918769"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.2.929:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1EB69F8B-67CB-4296-893A-7A35B155EBEA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:19.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "491BD04C-85BE-4766-9965-59744D2639CE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "545F75A3-451C-4993-98AE-51C23EF49927"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BB0DD6B-6C4D-4FF4-97AB-815A4566320F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D144CB1-0AD1-4C8A-A709-52C26965675F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1038B545-CD2F-4338-AFE0-35D7ED6D20BB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.1.12:*:*:*:*:*:*:*",
+ "matchCriteriaId": "482DC851-7E33-4487-8219-6675091FD7C7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BAFBFE36-6913-4122-A537-F2AA1562FE69"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16DB9C4B-F828-482B-90BB-6633B2CD3393"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.2.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19F4011C-DB20-4866-8BE6-F539677E4C48"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A693E125-8027-4482-AF78-5A4342D61274"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E8292733-EC96-4B99-8E56-7236D5320109"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCE6E7CD-856D-410E-A061-8CD9F0EA4791"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "039687D4-7A7C-464D-8011-FD66E651C297"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.4.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C6475000-D552-4118-8C91-F999D4A67A4A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.4.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6FDBE88C-F71A-49FF-A6E6-9318BAEC4D2B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1598FA0A-1EAB-4588-9DD0-9F8F0C821189"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.5.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7E44EDDB-3809-4192-BC7C-1D6B23B9F580"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97411227-9FCA-41AB-AB10-44525AC2D7E9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "95B4A27A-B281-4850-9790-ADB31FC37C69"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.7.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB09AD3E-07B1-4DE7-BA75-882D3CA47ACB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.7.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE0784F3-A3C2-486F-AE4A-8A5733D5B0E8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.3.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D2A6AD-E35E-4284-91E8-AA4FAFA790D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "08D7BAEC-18A0-4BA3-BA5A-3149A2656806"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AB8B95FD-A5B2-4EF9-AE89-05A6417DDD33"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.1.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "231EA8DA-4BD6-4ECD-B4BE-6C8AA286E3F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "434DD059-F5DF-487F-A3FF-A417ABF950EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.2.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2A148EC-9137-4FE4-B363-9FEEE954D606"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.2.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9EE297A8-4E64-48ED-AA3A-4BA798C4DA11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.4.2.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DC362BA-6A95-485C-8B49-AA12898E6FFF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.5.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AF5A260-FB47-4C5C-AF74-7AB8B71F429E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.5.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8E5922B-DDD5-4A8A-A725-BBFB09D19AE0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.5.1.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "94FE6BDD-1E18-455D-8237-06969516D04F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4683477E-D6BB-4369-AFC2-782FD8F3F28B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2AA663C-B4CB-4804-A0A3-34673266D9D4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.1.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "672F8B07-AC0A-429D-A9CF-5A95EB495A24"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DE2B3AF-B15C-460E-B5E7-787AD499E1DD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.2.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8A584DA-1488-466D-AF16-95C254179ABC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.2.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D93607A-99AE-4DC1-9314-5425C2A335FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F5F1CA43-C924-4419-91DB-F24D450CF630"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.0.45:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D9DC5F95-2B2C-4539-ADB2-AA73031A4128"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.0.46:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE54844-715B-4492-B9A0-DA1D0A5981CB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.0.47:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4366495B-9D70-416A-A033-1379C24A690A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "310EAB40-8AEE-4E1E-BF0B-05F6F04E0B48"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "329E2793-6824-48E9-8878-5D17E4B97358"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4628A095-15DD-4307-ADAE-08C10D9008C2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.3.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "41084A4F-B8DA-4D33-820D-0992CD03C1ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "50D93C58-0ABF-4D57-99CB-95AB4805CD9C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.4.0.21:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40D45591-93DC-4EF0-9E0A-2F7F270E2403"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9AD78F8C-B1D3-49ED-8017-2E906C332D82"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.4.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F7EBF7D1-0C77-4F95-84FD-56EFD7524463"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4790622C-6D8A-4D2B-9E9E-6AC60AA4FB1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "685C7CB4-9536-4112-B08D-25B7C026521F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1.7:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E84754C7-6517-4E68-A1FB-A49E9B1AB001"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "41E6E2A7-B36F-4722-A1F9-42D377548F96"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1.10:*:*:*:*:*:*:*",
+ "matchCriteriaId": "47CEC7FB-2AFD-4520-B0D2-BC453CFED93F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1.11:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A4878A80-9403-44EA-95E8-B5A550867DFE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.1.13:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD6C1648-7F63-47C3-A3C0-989E575DD20C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "55B99428-019F-4AE8-AEE6-91E52AE62AD8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.2.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6DC1BC44-F0A7-4C51-88FE-014BBFEDCFD7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.2.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "48A5780D-610E-4EED-A80D-4D17C2360CA0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6F38AB7-00C9-4AFF-B254-9EE5CE29C21B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.6.5.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7768FC87-5FEC-445B-9BA7-7EB80AF6346D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe",
+ "source": "ykramarz@cisco.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20273.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20273.json
new file mode 100644
index 00000000000..81110aeeb85
--- /dev/null
+++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20273.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-20273",
+ "sourceIdentifier": "ykramarz@cisco.com",
+ "published": "2023-10-25T18:17:23.017",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "cisaExploitAdd": "2023-10-23",
+ "cisaActionDue": "2023-10-27",
+ "cisaRequiredAction": "Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.",
+ "cisaVulnerabilityName": "Cisco IOS XE Web UI Command Injection Vulnerability",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad en la funci\u00f3n de interfaz de usuario web del software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado inyecte comandos con privilegios de root. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando datos manipulados a la interfaz de usuario web. Un exploit exitoso podr\u00eda permitir al atacante inyectar comandos al sistema operativo subyacente con privilegios de root."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "ykramarz@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z",
+ "source": "ykramarz@cisco.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
index ade21881a43..cd270cdc19c 100644
--- a/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
+++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20588.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-20588",
"sourceIdentifier": "psirt@amd.com",
"published": "2023-08-08T18:15:11.653",
- "lastModified": "2023-10-12T03:15:09.277",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:11.817",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -990,6 +990,10 @@
"url": "http://xenbits.xen.org/xsa/advisory-439.html",
"source": "psirt@amd.com"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "psirt@amd.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX/",
"source": "psirt@amd.com"
diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20598.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20598.json
new file mode 100644
index 00000000000..d5c7924203b
--- /dev/null
+++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20598.json
@@ -0,0 +1,669 @@
+{
+ "id": "CVE-2023-20598",
+ "sourceIdentifier": "psirt@amd.com",
+ "published": "2023-10-17T14:15:09.813",
+ "lastModified": "2023-10-28T03:31:07.843",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nAn improper privilege management in the AMD Radeon\u2122\u00a0Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una gesti\u00f3n de privilegios inadecuada en el controlador de gr\u00e1ficos AMD Radeon\u2122 puede permitir que un atacante autenticado cree una solicitud IOCTL para obtener control de E/S sobre puertos de hardware o direcciones f\u00edsicas arbitrarias, lo que resulta en una posible ejecuci\u00f3n de c\u00f3digo arbitrario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
+ "versionEndExcluding": "23.9.2",
+ "matchCriteriaId": "7162DB91-6B5C-4575-A8D0-B83B34908BE5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C9995FBE-D440-45BA-86B5-1CFADF5BEE2B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5300_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6289D311-1997-47E7-B8D9-75C27CD0B9D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5300m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "02AA337B-595F-4859-A82A-DEC7BB346773"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C7F0F81-2896-4E79-AC16-EA6AA9EBE7B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5500_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F08BE928-65AA-4E21-A8F0-D013C8FFB693"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5500m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1952152-A184-4FC9-B1CC-008B8238B5ED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B3B2BEAF-AA1F-414D-A3DF-348B1033CAC8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5600_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D51EA58C-3684-4567-A213-9351F2E521B9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5600m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0026781-F1DA-4533-870E-BCA14CFC7005"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "27B8E08F-2DAC-41CF-9105-D9A4FDDEE19A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5700_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9BB84A38-F651-44CB-93EF-502F1A197FBA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_5700m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4CEDC946-3685-4533-8D97-BDBDFB7AACBA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C66880A-FB33-477D-93FD-C280A4547D66"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2CD3F898-5AB1-4E60-A086-ADCF33820154"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "863770A0-3A7F-43E3-98E5-77E42827FA6B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC1F7CD2-7D13-48A9-A7CC-3547A1D241DB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4FED1D5-F31A-44C9-9101-D70486CC6FC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEB12B48-ABF8-4FFB-BD4E-6413C34D477B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E2D1C027-56B1-4EA7-842B-09B300B17808"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C24DE61-4036-42BF-A08F-67C234706703"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "03D9040F-1D1D-49E5-A60E-4393F5D76B60"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A76A792F-7026-4F29-9A00-3A2EAB2DE5FC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33DAF63F-C468-438C-97C3-B6CE8BD12858"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A82D4745-ACAB-4FC2-A63D-3B0FEA208BED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD80D674-1DD4-44E0-8C38-8341A7F392B1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "10DD7029-9299-4901-A3D1-84D6102471B9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F73C59A-CDE2-4203-921F-1831D4ACFD2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C980129B-D717-47F7-A6C1-5EB64FB1BF9A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B76C585C-FCC8-456D-A63C-7A769AF5EB07"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC0C52E8-26B1-4F77-B9D3-D08BFF72DAFB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6750_gre_10gb:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2BB37AAC-3957-4840-B47E-ED678F0B6044"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6750_gre_12gb:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA1DA067-DE94-4663-91CD-A70CC386D45A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9466279D-0582-464E-AFCC-20872CC99B56"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12EF0B24-689D-4BE8-98D5-D88A84D5E473"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B58299A7-7CA4-4EF8-81DC-9A41AA84FB2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F14D5A16-F7BE-427A-98AB-2E120DB756DC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BFC4A007-BEFD-4BF0-A176-7ECD6150041C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B658454-C160-4EBA-9F7A-E2B9FDEA8A1E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "838BCF03-8959-4B8F-96B2-416B880F33DE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7600m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04102F65-DAA8-4E0A-88EF-44BAA8B4AAA7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7600m_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33D5FFA6-9D23-4C95-B23D-F50EB60369CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7600s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A82AB49-3ABB-4DE4-91DB-4AF8E1F3196E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7700_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "730BD289-75E3-4365-A0C1-D0AD1498F3C2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "92A2E6B9-ADFB-4790-917B-9679CFE280E3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7800_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "334FD5E4-BA45-42BA-B1EC-0DC1E1F44018"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7900_gre:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6B0E69-D944-48CF-A3F3-EA350C1451AF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7900_xt:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4EDBF76B-3C2E-4421-800B-54CE6A997439"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7900_xtx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72B69860-0C6F-40AD-8696-6150365D908F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_rx_7900m:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9BFE5253-2401-4EE4-90E7-9459F2A93CF1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
+ "versionEndExcluding": "23.q4",
+ "matchCriteriaId": "2841E9B4-728C-4201-AAF1-3250A1DC08F3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w5500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "27D5FA49-D783-4DA5-AAED-F3BE3B4DA16D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E39052CC-CC5F-4782-9CCE-2F5C8342AD79"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "85E68F7E-0A57-498A-9DB9-3D36045D671E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1DB91262-2EF4-4F0D-8B61-0012BD25E7A8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3083C065-5A2C-4B2D-9C1F-5793BA3C0A52"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7557738A-5D93-4117-8FF2-9A27CD0E6BC5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w7500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1ED51D4C-2C19-4C3B-814C-3F88AF25870C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w7600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "233155D5-D0D9-4EC3-B7F7-2CB3F30E48A8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w7800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "98B858C0-0490-4D50-BC1E-FFB5A54E5DBC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:radeon_pro_w7900:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CFF5CD86-64D3-4F02-9971-AC50E8052986"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
+ "versionEndExcluding": "23.9.2",
+ "matchCriteriaId": "7162DB91-6B5C-4575-A8D0-B83B34908BE5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
+ "versionEndExcluding": "23.q4",
+ "matchCriteriaId": "2841E9B4-728C-4201-AAF1-3250A1DC08F3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_3_7320u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "48F04B9F-8C65-476B-B5D8-18CC96E3B712"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "495E436C-B0EE-4B72-AB49-332F4752C140"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1C4FDE72-050C-4A72-A4F4-9C1D5273CADD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7D260012-5D8F-4B36-8B88-82DB0291EE9D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B34AD7A-1C4A-4A4B-87EA-B7BE207F2E67"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "025E494E-953E-426E-BE89-6F2360A3AAC4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1232B034-1214-4F9A-823D-DC76D5C5956B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7520u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0870FBE4-92B4-4717-88B0-EC1094268034"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE36D471-57BF-4385-A825-029F7313E4DB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "082BE536-F29C-4A73-B030-A19DD3A448B3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7540u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36699723-8BD8-4D9F-B5E1-DE7ACF9A6D57"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6740A06F-4512-427D-9CB9-A4A6DB046BA3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C05D51F-469D-487D-9FC8-E1AD699A6F74"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BBC1EFF4-FED3-4583-84D3-E7BFC1FE53B8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7640u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9BC5E111-A7AA-4A45-A2E3-47013F9135D4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_7645hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EB5D5B25-F32A-493E-BD54-57098981E15A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7640hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E3657C6-1047-4CA9-8D44-C7143F7D877D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7645:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2787C72-42D5-42B0-BE5B-E548B319BCF4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "09B085FF-EAEA-42BC-BA60-3AA9B76141B9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "760F20CC-9034-462C-A25E-C009E2218C38"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_6800u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1D2CBCEA-AB4F-444C-9CCD-A976003F796C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76121981-8DC2-4779-833E-4B15CFCF7FC3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "225E8405-04FF-4885-92C8-8581ACC66E06"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E5A8E7A-3430-41B9-8B3C-D9D462A2CEC2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9171F4-F05E-4183-91BB-8DAD0A5EB0D2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D50E8EA-ECB2-463D-BA51-D13CF5A02266"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7745hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "69289284-2ED2-4D8B-8AE2-B835AAF31EAD"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CA6CD984-A8C7-4B23-8FF9-896C503EBA37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2D0429F-F186-4F78-9AE0-574E3A39926D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_7840u:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E6C9E9BB-CD95-4D1E-914C-B705C1B0D8B2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00DEBFA8-6007-4EAE-AD11-6D477ADE4E63"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8480A7E0-882C-4B03-ADBC-697304B0B7C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_6900hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DA29FE4D-C9A2-46FB-8EC5-3067F56ED080"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_6900hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "528D6AB3-01D9-41F1-90A7-FF5ADF66D4CC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B21FB338-F944-40F9-8F0C-99B471AAD51E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3674D656-9623-4B39-AADE-158FE70FF29F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7845hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD27234D-ACFC-4144-8980-2B706822C579"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5602B902-9FDB-4946-BE4C-236262285F2F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AA666DF3-C5F3-4127-A8EE-B784DD41F642"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "86CAA682-9666-4929-B1AC-D9DB3109DB1A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7940h:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5A7E6806-A7AC-4C96-960B-B8934CEA2439"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7945hx:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "74DD4A40-B712-4B54-9CC7-0BFD79E917BA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7945hx3d:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82CCEE11-392D-4486-A6AD-CB64FB8B7081"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD6C7D37-C94B-4301-8C0A-5A00B3569D6E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F05C8669-6348-4A1B-B1D4-D22022E1F67E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "018A02C9-2A5C-43E2-8CCD-4D03C119C22B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B3DE32CA-168F-4812-AEAE-D771EB01E15D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6009",
+ "source": "psirt@amd.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json
index 3b4eb44e8d2..42c2c982406 100644
--- a/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json
+++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20900.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-20900",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-31T10:15:08.247",
- "lastModified": "2023-10-13T22:15:09.960",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-27T12:15:08.507",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -168,6 +168,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/27/1",
+ "source": "security@vmware.com"
+ },
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html",
"source": "security@vmware.com"
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
index 895e78487a4..bf457947823 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2002.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2002",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T17:15:14.113",
- "lastModified": "2023-08-19T18:15:25.257",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:12.393",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -79,6 +79,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "secalert@redhat.com"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5480",
"source": "secalert@redhat.com"
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json
index 0364366d811..3bea702cc1a 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2007.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2007",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-24T23:15:18.877",
- "lastModified": "2023-08-19T18:15:40.893",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:12.483",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -86,6 +86,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "secalert@redhat.com"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5480",
"source": "secalert@redhat.com"
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2033.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2033.json
index 1eb5120c6df..f5d666326ed 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2033.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2033.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2033",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-14T19:15:09.453",
- "lastModified": "2023-09-30T11:15:13.787",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:51:57.363",
+ "vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-04-17",
"cisaActionDue": "2023-05-08",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -81,6 +81,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,31 +126,52 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5390",
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2091.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2091.json
index 805055a6b4f..c83aa47a5b4 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2091.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2091.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2091",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T09:15:07.683",
- "lastModified": "2023-04-24T17:25:24.283",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T15:15:08.277",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099."
+ "value": "A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099."
}
],
"metrics": {
@@ -39,20 +39,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
- "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 5.3,
- "baseSeverity": "MEDIUM"
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
- "impactScore": 3.4
+ "impactScore": 5.9
}
],
"cvssMetricV2": [
@@ -61,18 +61,18 @@
"type": "Secondary",
"cvssData": {
"version": "2.0",
- "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
+ "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
- "confidentialityImpact": "PARTIAL",
- "integrityImpact": "PARTIAL",
- "availabilityImpact": "PARTIAL",
- "baseScore": 4.3
+ "confidentialityImpact": "COMPLETE",
+ "integrityImpact": "COMPLETE",
+ "availabilityImpact": "COMPLETE",
+ "baseScore": 6.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 3.1,
- "impactScore": 6.4,
+ "impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
@@ -120,6 +120,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://kylinos.cn/support/loophole/patch/3375.html",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.226099",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-20xx/CVE-2023-2098.json b/CVE-2023/CVE-2023-20xx/CVE-2023-2098.json
index 2e290b48f83..e8100dc53a0 100644
--- a/CVE-2023/CVE-2023-20xx/CVE-2023-2098.json
+++ b/CVE-2023/CVE-2023-20xx/CVE-2023-2098.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-2098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T12:15:07.337",
- "lastModified": "2023-04-24T18:19:32.117",
+ "lastModified": "2023-10-18T15:58:38.623",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
+ "criteria": "cpe:2.3:a:oretnom23:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "49085F69-097C-4C7A-A470-9B946EBE8123"
}
]
}
diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json
index 901a970115a..3b7b309461a 100644
--- a/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json
+++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21255.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21255",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.053",
- "lastModified": "2023-08-19T18:15:23.347",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:12.217",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -75,6 +75,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "security@android.com"
+ },
{
"url": "https://source.android.com/security/bulletin/2023-07-01",
"source": "security@android.com",
diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json
index 76ab9837262..86847c2c92e 100644
--- a/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json
+++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21400.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21400",
"sourceIdentifier": "security@android.com",
"published": "2023-07-13T00:15:24.340",
- "lastModified": "2023-10-11T19:15:09.927",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-26T18:20:32.370",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -61,12 +61,36 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/14/2",
@@ -95,7 +119,18 @@
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/25/7",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Mailing List"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "security@android.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://source.android.com/security/bulletin/pixel/2023-07-01",
@@ -106,7 +141,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21413.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21413.json
index 7f00812aaee..ed5f623d2b1 100644
--- a/CVE-2023/CVE-2023-214xx/CVE-2023-21413.json
+++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21413.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-21413",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-10-16T07:15:08.503",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:29:36.640",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n"
+ },
+ {
+ "lang": "es",
+ "value": "GoSecure en nombre de Genetec Inc. ha encontrado una falla que permite la ejecuci\u00f3n remota de c\u00f3digo durante la instalaci\u00f3n de aplicaciones ACAP en el dispositivo Axis. El servicio de manejo de aplicaciones en AXIS OS era vulnerable a la inyecci\u00f3n de comandos, lo que permit\u00eda a un atacante ejecutar c\u00f3digo arbitrario. Axis ha lanzado versiones parcheadas del sistema operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
{
"source": "product-security@axis.com",
"type": "Secondary",
@@ -34,10 +58,51 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:lts:*:*:*",
+ "versionStartIncluding": "10.5.0",
+ "versionEndExcluding": "10.12.199",
+ "matchCriteriaId": "52104F8A-D15A-4D29-BFA6-8AC4761B2808"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
+ "versionStartIncluding": "11.0.89",
+ "versionEndExcluding": "11.6.94",
+ "matchCriteriaId": "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.axis.com/dam/public/ad/ff/83/cve-2023-21413pdf-en-US-412755.pdf",
- "source": "product-security@axis.com"
+ "source": "product-security@axis.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21414.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21414.json
index 799b9179306..aa687150416 100644
--- a/CVE-2023/CVE-2023-214xx/CVE-2023-21414.json
+++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21414.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-21414",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-10-16T07:15:08.680",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:31:53.573",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution."
+ },
+ {
+ "lang": "es",
+ "value": "NCC Group ha encontrado una falla durante la prueba de penetraci\u00f3n interna anual solicitada por Axis Communications. La protecci\u00f3n contra la manipulaci\u00f3n de dispositivos (com\u00fanmente conocida como Arranque Seguro) contiene una falla que brinda la oportunidad de que un ataque sofisticado eluda esta protecci\u00f3n. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "PHYSICAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 5.9
+ },
{
"source": "product-security@axis.com",
"type": "Secondary",
@@ -34,10 +58,282 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.11.55",
+ "versionEndExcluding": "10.12.206",
+ "matchCriteriaId": "A57EAA0B-F777-491D-8CA0-3946AE128F8A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
+ "versionStartIncluding": "11.0.89",
+ "versionEndExcluding": "11.6.94",
+ "matchCriteriaId": "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m3215:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CCF92600-C422-4EAD-9832-59940D509E35"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m3216:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2FD56A2A-788C-4168-AFF8-403D0CDEB056"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m4317-plve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FF3E4C56-DF16-4954-BFAB-B877B417DC67"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m4318-plve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CEBA6BAB-84F8-4990-9F69-D2164AA41413"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m4327-p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D2A8EB07-E3C5-4752-ACF1-42A34CF8481C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:m4328-p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1CD842CE-5408-4DC3-8047-4E3A55B1253C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p1467-le:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A678D824-2504-4C95-910D-3EE27F71278B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p1468-le:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33BA6000-C024-4B45-8449-ADE57233B593"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p1468-xle:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6313E41C-6087-437D-9AE9-73A853EE4C48"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3265-lv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52E2F23C-D61D-4A40-B9F9-7DE0740A743D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3265-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E96AFC9-5D17-469E-A120-F8D25BA3D3A2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3265-v:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A761F9E-DDEB-43B5-BE2D-54B1BD3207DB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3267-lv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4724987B-2077-4598-B179-ECAAD3646793"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3267-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "68DC7D03-7348-4641-8109-A610D8F586DF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3268-lv:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E8457180-29F6-4742-A1C8-EFB3D511B6EC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3268-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B022EF0-E531-4F82-8E03-B46414555A9A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p3827-pve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E566446-B3C7-4D03-9FA5-D999C10183B0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p4705-plve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E0624855-756A-40A9-91BF-DE8C0EC355D6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:p4707-plve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E10F52AE-C6D7-4E10-B496-18CCF617FB69"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "74D4E995-4C85-4E94-B18B-044C6D95490C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656-b:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "68062F65-BAF1-45CC-8515-9747C6FDF42B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656-be:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9D52CD5-4E62-4B7F-81B1-7A37620BEABF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656-ble:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "985DA048-28F6-413D-A611-297993B178BE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656-dle:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76D5EF68-F3F3-4ABD-A139-D1823CE0F92C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1656-le:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1129AC4-1953-4B50-90CC-50D2E4D9AB39"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q1961-te:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BBDE1252-B9A9-4876-9BA3-5D1AFB5B2E72"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q2101-te:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D5C9586E-9B12-4C45-9F89-A6116493D4DE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q3536-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "86575D32-774E-4611-87B3-5B3A3A4B59AA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q3538-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9EF429DC-1F90-4942-9A97-F93AEF866B0B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q3626-ve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "989BC60B-79F9-4650-AAA2-4787D6477B1C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q3628-ve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0374F956-C9D1-4D9B-AEEA-4F1103EAA9CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:xfq1656:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C60CBB3A-0242-4AE7-909E-37EF99C6E136"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
+ "versionEndExcluding": "11.6.94",
+ "matchCriteriaId": "1F2CD512-C82D-454A-B322-BBD93EF7E85C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CB61500A-D634-436C-8BE9-00CEEC301B55"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.11.55",
+ "versionEndExcluding": "10.12.206",
+ "matchCriteriaId": "A57EAA0B-F777-491D-8CA0-3946AE128F8A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
+ "versionStartIncluding": "11.0.89",
+ "versionEndExcluding": "11.6.94",
+ "matchCriteriaId": "90BE6B96-8C89-4EAC-BAA8-A1D5C1D51648"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:axis:q3527-lve:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7C7601D7-8413-49DF-AFCC-1C7851A1B41A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.axis.com/dam/public/45/3c/a1/cve-2023-21414pdf-en-US-412758.pdf",
- "source": "product-security@axis.com"
+ "source": "product-security@axis.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-214xx/CVE-2023-21415.json b/CVE-2023/CVE-2023-214xx/CVE-2023-21415.json
index 1569a4b57f4..e6b04138543 100644
--- a/CVE-2023/CVE-2023-214xx/CVE-2023-21415.json
+++ b/CVE-2023/CVE-2023-214xx/CVE-2023-21415.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-21415",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-10-16T07:15:08.760",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T20:19:06.067",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n"
+ },
+ {
+ "lang": "es",
+ "value": "Sandro Poppi, miembro del programa AXIS OS Bug Bounty, descubri\u00f3 que la API VAPIX overlay_del.cgi es vulnerable a ataques de Path Traversal que permiten la eliminaci\u00f3n de archivos. Esta falla solo puede explotarse despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador. Axis ha lanzado versiones parcheadas del Sistema Operativo AXIS para la falla resaltada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ },
{
"source": "product-security@axis.com",
"type": "Secondary",
@@ -34,10 +58,76 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:-:*:*:*",
+ "versionStartIncluding": "6.50.5.3",
+ "versionEndExcluding": "6.50.5.14",
+ "matchCriteriaId": "F0C843A9-2BA5-4E3F-85D9-D9D2C65B7BAA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
+ "versionStartIncluding": "11.0.81",
+ "versionEndExcluding": "11.6.94",
+ "matchCriteriaId": "09CFB55B-2098-478D-A6AE-A200F2EC42BC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os_2016:*:*:*:*:lts:*:*:*",
+ "versionStartIncluding": "6.50.2",
+ "versionEndExcluding": "6.50.5.2",
+ "matchCriteriaId": "0E3843E2-4943-440F-99E9-8026C9818596"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os_2018:*:*:*:*:lts:*:*:*",
+ "versionEndExcluding": "8.40.35",
+ "matchCriteriaId": "A714346C-6398-46ED-81F0-5546B00A2DEB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*",
+ "versionEndExcluding": "9.80.47",
+ "matchCriteriaId": "8AFCB4A6-3BFD-48CF-A84B-0D83DB101BBC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
+ "versionEndExcluding": "10.12.206",
+ "matchCriteriaId": "4E686725-735A-47FC-87F1-A1899A916315"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
- "url": "https://www.axis.com/dam/public/58/0b/36/cve-2023-21415pdf-en-US-412759.pdf",
- "source": "product-security@axis.com"
+ "url": "https://www.axis.com/dam/public/b6/55/e2/cve-2023-21415pdf-en-US-416245.pdf",
+ "source": "product-security@axis.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21720.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21720.json
index 8935fbe75d1..40f89af2c18 100644
--- a/CVE-2023/CVE-2023-217xx/CVE-2023-21720.json
+++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21720.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21720",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-02-14T20:15:14.590",
- "lastModified": "2023-09-30T11:15:13.077",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:52:56.590",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21739.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21739.json
index db8a8969846..ed146901803 100644
--- a/CVE-2023/CVE-2023-217xx/CVE-2023-21739.json
+++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21739.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21739",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-01-10T22:15:17.727",
- "lastModified": "2023-04-27T19:15:14.513",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T18:30:09.020",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -123,36 +123,6 @@
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19042.2486:*:*:*:*:*:x86:*",
"matchCriteriaId": "730D9CA9-A32B-4F27-97C8-1286100FB23A"
},
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19044.2486:*:*:*:*:*:arm64:*",
- "matchCriteriaId": "BC00AF07-310F-4EDC-A045-CF24804C28A3"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19044.2486:*:*:*:*:*:x64:*",
- "matchCriteriaId": "A836BB66-835B-4518-9B4A-C220B5749CB4"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19044.2486:*:*:*:*:*:x86:*",
- "matchCriteriaId": "A33694E0-10DE-4836-B3FC-25C38C793C4E"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19045.2486:*:*:*:*:*:arm64:*",
- "matchCriteriaId": "F6B88FE3-7E5F-4928-8801-227A040A168D"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19045.2486:*:*:*:*:*:x64:*",
- "matchCriteriaId": "32200A4E-5E11-4CF8-9916-514365FD91D5"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:10.0.19045.2486:*:*:*:*:*:x86:*",
- "matchCriteriaId": "A1693F27-C4C6-49C5-978E-3608D0A0404F"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:10.0.19042.2486:*:*:*:*:*:arm64:*",
@@ -223,6 +193,11 @@
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.2486:*:*:*:*:*:arm64:*",
"matchCriteriaId": "EBF07ADF-112F-4BE6-9F76-8720A3325316"
},
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.2486:*:*:*:*:*:x64:*",
+ "matchCriteriaId": "20B9E184-BF28-4BCD-B05E-29C53953184D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.2486:*:*:*:*:*:x86:*",
diff --git a/CVE-2023/CVE-2023-217xx/CVE-2023-21794.json b/CVE-2023/CVE-2023-217xx/CVE-2023-21794.json
index fe86971434c..e7dade64956 100644
--- a/CVE-2023/CVE-2023-217xx/CVE-2023-21794.json
+++ b/CVE-2023/CVE-2023-217xx/CVE-2023-21794.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21794",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-02-14T20:15:14.950",
- "lastModified": "2023-09-30T11:15:13.207",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:53:40.490",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21920.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21920.json
index fd216d8ec6c..d7930fc4583 100644
--- a/CVE-2023/CVE-2023-219xx/CVE-2023-21920.json
+++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21920.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-21920",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:13.160",
- "lastModified": "2023-09-16T04:15:21.113",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:35:08.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.32 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": {
@@ -63,24 +67,99 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
+ "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0007/",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html",
diff --git a/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json b/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json
index 098c41ad8fe..bfb49adbf61 100644
--- a/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json
+++ b/CVE-2023/CVE-2023-219xx/CVE-2023-21967.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-21967",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:16.397",
- "lastModified": "2023-09-19T11:16:02.327",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:22:35.987",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -111,24 +111,97 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:brocade_san_navigator:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "25FA7A4D-B0E2-423E-8146-E221AE2D6120"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230427-0008/",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5430",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5478",
- "source": "secalert_us@oracle.com"
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2100.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2100.json
index 2a24559abdb..58bdf5b1582 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2100.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2100.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-2100",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-15T13:15:45.033",
- "lastModified": "2023-04-24T18:19:04.477",
+ "lastModified": "2023-10-18T15:58:16.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -102,8 +102,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:vehicle_service_management_system_project:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "B71872FF-70AC-422D-9FA4-3EB30246660F"
+ "criteria": "cpe:2.3:a:oretnom23:vehicle_service_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "49085F69-097C-4C7A-A470-9B946EBE8123"
}
]
}
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json
index 3d85aedc0e4..cfb5df6aec4 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2124.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2124",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-15T22:15:12.150",
- "lastModified": "2023-08-19T18:15:45.500",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:12.810",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -83,6 +83,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230622-0010/",
"source": "secalert@redhat.com"
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2133.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2133.json
index c5322c16acf..7f47c852d4b 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2133.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2133.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2133",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.360",
- "lastModified": "2023-09-30T11:15:13.873",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:52:37.440",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,7 +73,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
- },
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
@@ -120,7 +130,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
@@ -133,8 +146,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Mailing List",
- "Third Party Advisory"
+ "Mailing List"
]
},
{
@@ -146,11 +158,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5393",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2134.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2134.json
index da9b716a3eb..bcfcd169bdb 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2134.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2134.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2134",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.473",
- "lastModified": "2023-09-30T11:15:13.953",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:52:47.177",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,7 +73,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
- },
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
@@ -120,7 +130,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
@@ -133,8 +146,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Mailing List",
- "Third Party Advisory"
+ "Mailing List"
]
},
{
@@ -146,11 +158,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5393",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2135.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2135.json
index d7a183c28a9..86e99f315b5 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2135.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2135.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2135",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.533",
- "lastModified": "2023-09-30T11:15:14.033",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:53:18.983",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,7 +73,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
- },
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
@@ -120,7 +130,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
@@ -133,8 +146,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Mailing List",
- "Third Party Advisory"
+ "Mailing List"
]
},
{
@@ -146,11 +158,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5393",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2136.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2136.json
index c1846093c06..5739018d62c 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2136.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2136.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2136",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.607",
- "lastModified": "2023-09-30T11:15:14.107",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:54:42.007",
+ "vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-04-21",
"cisaActionDue": "2023-05-12",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@@ -77,7 +77,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
- },
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
@@ -124,7 +134,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
@@ -137,8 +150,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Mailing List",
- "Third Party Advisory"
+ "Mailing List"
]
},
{
@@ -150,11 +162,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5393",
diff --git a/CVE-2023/CVE-2023-21xx/CVE-2023-2137.json b/CVE-2023/CVE-2023-21xx/CVE-2023-2137.json
index 1366392dfe3..0d6305bb3d4 100644
--- a/CVE-2023/CVE-2023-21xx/CVE-2023-2137.json
+++ b/CVE-2023/CVE-2023-21xx/CVE-2023-2137.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2137",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.667",
- "lastModified": "2023-09-30T11:15:14.170",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:54:45.597",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,7 +73,17 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
- },
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
@@ -120,7 +130,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/",
@@ -133,7 +146,7 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/",
"source": "chrome-cve-admin@google.com",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
@@ -145,11 +158,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5393",
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22015.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22015.json
new file mode 100644
index 00000000000..bdb9ba06061
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22015.json
@@ -0,0 +1,92 @@
+{
+ "id": "CVE-2023-22015",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:11.587",
+ "lastModified": "2023-10-27T15:15:09.723",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 5.7.42 y anteriores y la 8.0.31 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0",
+ "versionEndIncluding": "5.7.42",
+ "matchCriteriaId": "C5FC5A8D-D1AC-4F6F-AA01-F6244DC44785"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.31",
+ "matchCriteriaId": "3BC9BB67-519D-4F2D-8E50-BB58B08824A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22019.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22019.json
new file mode 100644
index 00000000000..acfde120792
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22019.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22019",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:11.747",
+ "lastModified": "2023-10-23T18:19:21.580",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle HTTP Server de Oracle Fusion Middleware (componente: Web Listener). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle HTTP Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle HTTP Server. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22025.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22025.json
new file mode 100644
index 00000000000..5fecd15367b
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22025.json
@@ -0,0 +1,119 @@
+{
+ "id": "CVE-2023-22025",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:11.837",
+ "lastModified": "2023-10-27T15:15:09.823",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM para JDK de Oracle Java SE (componente: Hotspot). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition y Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se puede aprovechar utilizando API en el componente especificado, por ejemplo, a trav\u00e9s de un servicio web que proporciona datos a las API. Esta vulnerabilidad tambi\u00e9n se aplica a las implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en un espacio aislado o subprogramas de Java en un espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. CVSS 3.1 Puntaje base 3.7 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D5A01042-97E8-483B-BBE2-C9A968423FCD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "1280B8AA-B341-42DC-BA23-4DD970970570"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89511E56-D9E1-46D2-A591-EEC11A4194B2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "54EEB032-9164-49FB-97CB-728A64C43495"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "25D40D36-9C91-49AB-9120-97A867715E20"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5B331904-AF1B-4C47-A664-A257CB16DDEB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0006/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22026.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22026.json
new file mode 100644
index 00000000000..bccfc444054
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22026.json
@@ -0,0 +1,93 @@
+{
+ "id": "CVE-2023-22026",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:11.927",
+ "lastModified": "2023-10-27T15:15:09.937",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 5.7.42 y anteriores y la 8.0.31 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0",
+ "versionEndIncluding": "5.7.42",
+ "matchCriteriaId": "C5FC5A8D-D1AC-4F6F-AA01-F6244DC44785"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.31",
+ "matchCriteriaId": "3BC9BB67-519D-4F2D-8E50-BB58B08824A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22028.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22028.json
new file mode 100644
index 00000000000..f8996ffb534
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22028.json
@@ -0,0 +1,93 @@
+{
+ "id": "CVE-2023-22028",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.003",
+ "lastModified": "2023-10-27T15:15:10.027",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 5.7.43 y anteriores y la 8.0.31 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0",
+ "versionEndIncluding": "5.7.43",
+ "matchCriteriaId": "37480528-9BD2-4EBE-8F1D-D12CC919982A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.31",
+ "matchCriteriaId": "3BC9BB67-519D-4F2D-8E50-BB58B08824A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22029.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22029.json
new file mode 100644
index 00000000000..dcea177d930
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22029.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22029",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.087",
+ "lastModified": "2023-10-23T18:53:16.700",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Commerce Guided Search de Oracle Commerce (componente: Workbench). La versi\u00f3n compatible afectada es la 11.3.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa la b\u00fasqueda guiada de Oracle Commerce. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en la b\u00fasqueda guiada de Oracle Commerce, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Commerce Guided Search, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Commerce Guided Search. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22032.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22032.json
new file mode 100644
index 00000000000..417df3134fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22032.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22032",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.173",
+ "lastModified": "2023-10-27T15:15:10.117",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22059.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22059.json
new file mode 100644
index 00000000000..c08fe9b2bc3
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22059.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22059",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.243",
+ "lastModified": "2023-10-27T15:15:10.203",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22064.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22064.json
new file mode 100644
index 00000000000..0121eac7863
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22064.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22064",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.320",
+ "lastModified": "2023-10-27T15:15:10.293",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22065.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22065.json
new file mode 100644
index 00000000000..bc3b4795f68
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22065.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22065",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.397",
+ "lastModified": "2023-10-27T15:15:10.367",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.33",
+ "matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22066.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22066.json
new file mode 100644
index 00000000000..3b3051cbccf
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22066.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22066",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.467",
+ "lastModified": "2023-10-27T15:15:10.447",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22067.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22067.json
new file mode 100644
index 00000000000..cfbfb3e8e53
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22067.json
@@ -0,0 +1,103 @@
+{
+ "id": "CVE-2023-22067",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.540",
+ "lastModified": "2023-10-28T03:15:08.010",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en Oracle Java SE (componente: CORBA). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381 y 8u381-perf. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de CORBA comprometer Oracle Java SE. Los ataques exitosos a esta vulnerabilidad pueden resultar en una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Java SE. Nota: Esta vulnerabilidad solo se puede aprovechar proporcionando datos a las API en el componente especificado sin utilizar aplicaciones Java Web Start que no son de confianza o subprogramas de Java que no son de confianza, como a trav\u00e9s de un servicio web. CVSS 3.1 Puntaje base 5.3 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:-:*:*:*",
+ "matchCriteriaId": "2950AC81-A9E7-4CC8-A20D-10AEAAD672D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "1280B8AA-B341-42DC-BA23-4DD970970570"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:-:*:*:*",
+ "matchCriteriaId": "9B5F1CAA-26EA-4558-BA69-51D0EB0726DE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "54EEB032-9164-49FB-97CB-728A64C43495"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0006/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5537",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22068.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22068.json
new file mode 100644
index 00000000000..e8e9e42c763
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22068.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-22068",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.617",
+ "lastModified": "2023-10-27T15:15:10.617",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22069.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22069.json
new file mode 100644
index 00000000000..05b16095ac9
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22069.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22069",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.687",
+ "lastModified": "2023-10-23T18:19:30.997",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS 3.1 Puntuaci\u00f3n base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22070.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22070.json
new file mode 100644
index 00000000000..dd357c1a64f
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22070.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22070",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.763",
+ "lastModified": "2023-10-27T15:15:10.697",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22071.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22071.json
new file mode 100644
index 00000000000..44131261364
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22071.json
@@ -0,0 +1,89 @@
+{
+ "id": "CVE-2023-22071",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.837",
+ "lastModified": "2023-10-23T18:20:32.617",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente PL/SQL de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con privilegios elevados que tenga privilegios de Create Session y ejecutar en sys.utl_http con acceso a la red a trav\u00e9s de Oracle Net comprometa PL/SQL. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en PL/SQL, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada de algunos datos accesibles de PL/SQL, as\u00ed como un acceso de lectura no autorizado a un subconjunto de datos accesibles de PL/SQL y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (parcial). DOS) de PL/SQL. CVSS 3.1 Puntuaci\u00f3n base 5,9 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22072.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22072.json
new file mode 100644
index 00000000000..16871d0b998
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22072.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22072",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.910",
+ "lastModified": "2023-10-23T18:19:37.450",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). La versi\u00f3n compatible afectada es 12.2.1.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS 3.1 Puntuaci\u00f3n base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22073.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22073.json
new file mode 100644
index 00000000000..99606912571
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22073.json
@@ -0,0 +1,89 @@
+{
+ "id": "CVE-2023-22073",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:12.987",
+ "lastModified": "2023-10-23T18:20:40.147",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente Oracle Notification Server de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado acceder al segmento de comunicaci\u00f3n f\u00edsica conectado al hardware donde se ejecuta Oracle Notification Server para comprometer Oracle Notification Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Notification Server. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22074.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22074.json
new file mode 100644
index 00000000000..02d6aa7dcb4
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22074.json
@@ -0,0 +1,93 @@
+{
+ "id": "CVE-2023-22074",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.067",
+ "lastModified": "2023-10-26T17:15:08.393",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente Oracle Database Sharding de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios tener privilegios de Create Session y seleccionar cualquier diccionario con acceso a la red a trav\u00e9s de Oracle Net para comprometer Oracle Database Sharding. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Database Sharding. CVSS 3.1 Puntuaci\u00f3n base 2.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 2.4,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://packetstormsecurity.com/files/175352/Oracle-19c-21c-Sharding-Component-Password-Hash-Exposure.html",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22075.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22075.json
new file mode 100644
index 00000000000..4cb509c0626
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22075.json
@@ -0,0 +1,89 @@
+{
+ "id": "CVE-2023-22075",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.140",
+ "lastModified": "2023-10-23T18:23:12.413",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente Oracle Database Sharding de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios que tenga privilegios de Crear sesi\u00f3n, Crear cualquier vista, Seleccionar cualquier tabla con acceso a la red a trav\u00e9s de Oracle Net comprometa la fragmentaci\u00f3n de la base de datos de Oracle. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una denegaci\u00f3n de servicio parcial (DOS parcial) de Oracle Database Sharding. CVSS 3.1 Puntuaci\u00f3n base 2.4 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 2.4,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22076.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22076.json
new file mode 100644
index 00000000000..1070738c8b7
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22076.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22076",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.210",
+ "lastModified": "2023-10-23T18:21:06.347",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Applications Framework de Oracle E-Business Suite (componente: Personalization). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.12. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Applications Framework. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Applications Framework, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Applications Framework, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Applications Framework. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "12.2.3",
+ "versionEndIncluding": "12.2.12",
+ "matchCriteriaId": "A83DB7D1-1B29-4FFB-B11B-4BC0915AAB6D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22077.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22077.json
new file mode 100644
index 00000000000..c040d073382
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22077.json
@@ -0,0 +1,89 @@
+{
+ "id": "CVE-2023-22077",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.283",
+ "lastModified": "2023-10-23T18:20:48.253",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente Oracle Database Recovery Manager de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con privilegios elevados que tiene privilegios de cuenta DBA con acceso a la red a trav\u00e9s de Oracle Net comprometer Oracle Database Recovery Manager. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o una falla frecuente (DOS completo) de Oracle Database Recovery Manager. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22078.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22078.json
new file mode 100644
index 00000000000..364e504462e
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22078.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-22078",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.357",
+ "lastModified": "2023-10-27T15:15:10.787",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22079.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22079.json
new file mode 100644
index 00000000000..804c954b410
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22079.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22079",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.430",
+ "lastModified": "2023-10-27T15:15:10.873",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22080.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22080.json
new file mode 100644
index 00000000000..2932730a086
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22080.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22080",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.503",
+ "lastModified": "2023-10-23T18:51:20.057",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft (componente: PIA Core Technology). Las versiones compatibles que se ven afectadas son 8.59 y 8.60. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer PeopleSoft Enterprise PeopleTools. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en PeopleSoft Enterprise PeopleTools, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de PeopleSoft Enterprise PeopleTools, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF191D4F-3D54-4525-AAF5-B70D3FD2F818"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22081.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22081.json
new file mode 100644
index 00000000000..1302f97d73b
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22081.json
@@ -0,0 +1,143 @@
+{
+ "id": "CVE-2023-22081",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.573",
+ "lastModified": "2023-10-28T03:15:08.107",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8 and 21. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM para JDK de Oracle Java SE (componente: JSSE). Las versiones compatibles que se ven afectadas son Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTPS comprometer Oracle Java SE y Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para causar una Denegaci\u00f3n de Servicio parcial (DOS parcial) de Oracle Java SE, Oracle GraalVM para JDK. Nota: Esta vulnerabilidad se aplica a implementaciones de Java, generalmente en clientes que ejecutan aplicaciones Java Web Start en espacio aislado o subprogramas de Java en espacio aislado, que cargan y ejecutan c\u00f3digo que no es de confianza (por ejemplo, c\u00f3digo que proviene de Internet) y dependen del entorno limitado de Java para su seguridad. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan s\u00f3lo c\u00f3digo confiable (por ejemplo, c\u00f3digo instalado por un administrador). CVSS 3.1 Puntuaci\u00f3n base 5.3 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D5A01042-97E8-483B-BBE2-C9A968423FCD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:-:*:*:*",
+ "matchCriteriaId": "2950AC81-A9E7-4CC8-A20D-10AEAAD672D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "1280B8AA-B341-42DC-BA23-4DD970970570"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:11.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "40C0CB6C-5A35-45E8-A481-F437360F6B7A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D07E25C0-81ED-4DA9-85D3-CF2C758D25D4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jdk:21.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "89511E56-D9E1-46D2-A591-EEC11A4194B2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:-:*:*:*",
+ "matchCriteriaId": "9B5F1CAA-26EA-4558-BA69-51D0EB0726DE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:1.8.0:update381:*:*:enterprise_performance_pack:*:*:*",
+ "matchCriteriaId": "54EEB032-9164-49FB-97CB-728A64C43495"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:11.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A824CA38-74B2-43FC-9C72-6CE37B97D59F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "25D40D36-9C91-49AB-9120-97A867715E20"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:jre:21.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5B331904-AF1B-4C47-A664-A257CB16DDEB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0006/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5537",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22082.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22082.json
new file mode 100644
index 00000000000..451cec98aea
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22082.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22082",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.647",
+ "lastModified": "2023-10-25T14:29:30.697",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: Pod Admin). Las versiones compatibles que se ven afectadas son 6.4.0.0.0 y 7.0.0.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Business Intelligence Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Business Intelligence Enterprise Edition, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Business Intelligence Enterprise Edition, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "EDBC994D-3FE6-4DEF-AE5C-26D2E3AD45BF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "5412263F-C075-4D94-9807-CB895A63708D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22083.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22083.json
new file mode 100644
index 00000000000..b18d935d826
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22083.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22083",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.717",
+ "lastModified": "2023-10-23T18:50:28.727",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Enterprise Session Border Controller de Oracle Communications (componente: Web UI). Las versiones compatibles que se ven afectadas son 9.0-9.2. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTPS comprometa Oracle Enterprise Session Border Controller. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Enterprise Session Border Controller. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.0",
+ "versionEndIncluding": "9.2",
+ "matchCriteriaId": "DB36CC65-35A9-4DA7-963F-0E78B8D5A118"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json
new file mode 100644
index 00000000000..4536cbbe0a9
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22084.json
@@ -0,0 +1,98 @@
+{
+ "id": "CVE-2023-22084",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.793",
+ "lastModified": "2023-10-27T15:15:11.270",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son 5.7.43 y anteriores, 8.0.34 y anteriores y 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.7.0",
+ "versionEndIncluding": "5.7.43",
+ "matchCriteriaId": "0789F881-2109-4DFF-8BE7-D5AAC10FCBA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22085.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22085.json
new file mode 100644
index 00000000000..93448bc49df
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22085.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22085",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.863",
+ "lastModified": "2023-10-23T18:24:06.827",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Hospitality OPERA 5 Property Services de Oracle Hospitality Applications (componente: Opera). La versi\u00f3n soportada afectada es la 5.6. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer los servicios de propiedad de Hospitality OPERA 5. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Hospitality OPERA 5 Property Services. CVSS 3.1 Puntuaci\u00f3n base 8,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22086.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22086.json
new file mode 100644
index 00000000000..66dad245418
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22086.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22086",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:13.937",
+ "lastModified": "2023-10-23T18:19:42.417",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22087.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22087.json
new file mode 100644
index 00000000000..283ef397c34
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22087.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22087",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.007",
+ "lastModified": "2023-10-23T18:24:12.803",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Hospitality OPERA 5 Property Services de Oracle Hospitality Applications (componente: Opera). La versi\u00f3n soportada afectada es la 5.6. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer los servicios de propiedad de Hospitality OPERA 5. Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Hospitality OPERA 5 Property Services. CVSS 3.1 Puntuaci\u00f3n base 8,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22088.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22088.json
new file mode 100644
index 00000000000..038e8a85632
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22088.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22088",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.080",
+ "lastModified": "2023-10-23T18:50:42.360",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Communications Order and Service Management de Oracle Communications Applications (componente: User Management). Las versiones compatibles que se ven afectadas son 7.4.0 y 7.4.1. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa la gesti\u00f3n de pedidos y servicios de Oracle Communications. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Order and Service Management. CVSS 3.1 Puntaje base 4.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD876393-080D-4C24-B28D-EF1AE476EDD4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6DD496A6-ED56-4356-B1ED-FC9D7F88A7B6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22089.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22089.json
new file mode 100644
index 00000000000..8e5c2ee0d16
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22089.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22089",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.150",
+ "lastModified": "2023-10-23T18:19:47.447",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS 3.1 Puntuaci\u00f3n base 9,8 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22090.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22090.json
new file mode 100644
index 00000000000..cd8de8ab7a9
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22090.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22090",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.227",
+ "lastModified": "2023-10-23T18:50:10.933",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto PeopleSoft Enterprise CC Common Application Objects de Oracle PeopleSoft (componente: Eventos y notificaciones). La versi\u00f3n compatible que se ve afectada es la 9.2. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer los objetos de aplicaci\u00f3n comunes de PeopleSoft Enterprise CC. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de los Objetos de Aplicaci\u00f3n Comunes de PeopleSoft Enterprise CC. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cost_center_common_application_objects:9.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D30BE00A-198B-4398-9404-BEA9D255B554"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22091.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22091.json
new file mode 100644
index 00000000000..00a25a74acd
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22091.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22091",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.297",
+ "lastModified": "2023-10-25T14:24:38.267",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 21. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle GraalVM para JDK de Oracle Java SE (componente: Compilador). Las versiones compatibles que se ven afectadas son Oracle GraalVM para JDK: 17.0.8 y 21. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa Oracle GraalVM para JDK. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle GraalVM para JDK, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GraalVM para JDK. CVSS 3.1 Puntaje base 4.8 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D5A01042-97E8-483B-BBE2-C9A968423FCD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3DAC838A-1E97-4D12-9CA9-4593D61CF9FD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22092.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22092.json
new file mode 100644
index 00000000000..f7638b975a1
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22092.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22092",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.370",
+ "lastModified": "2023-10-27T15:15:11.590",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizador). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22093.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22093.json
new file mode 100644
index 00000000000..1bb0e9bcf1c
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22093.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22093",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.443",
+ "lastModified": "2023-10-23T18:23:37.693",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecruitment accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle iRecruitment de Oracle E-Business Suite (componente: Requisition and Vacancy). Las versiones compatibles que se ven afectadas son 12.2.3-12.2.12. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle iRecruitment. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle iRecruitment, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle iRecruitment. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "12.2.3",
+ "versionEndIncluding": "12.2.12",
+ "matchCriteriaId": "A83DB7D1-1B29-4FFB-B11B-4BC0915AAB6D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22094.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22094.json
new file mode 100644
index 00000000000..3bdb5e789c4
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22094.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-22094",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.513",
+ "lastModified": "2023-10-24T23:46:20.363",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Installer de Oracle MySQL (componente: Instalador: General). Las versiones compatibles que se ven afectadas son anteriores a 1.6.8. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta MySQL Installer para comprometer MySQL Installer. Los ataques exitosos requieren la interacci\u00f3n humana de una persona que no sea el atacante y, si bien la vulnerabilidad est\u00e1 en MySQL Installer, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n de datos cr\u00edticos o a todos los datos accesibles del instalador de MySQL y la capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del instalador de MySQL. Nota: Este parche se utiliza en las versiones 8.0.35 y 5.7.44 incluidas en MySQL Server. CVSS 3.1 Puntaje base 7.9 (impactos en integridad y disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.9,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 5.8
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql_installer:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.6.8",
+ "matchCriteriaId": "A67BC22B-D2F9-4B84-8183-604B67BA1367"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22095.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22095.json
new file mode 100644
index 00000000000..77b8c9657c4
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22095.json
@@ -0,0 +1,84 @@
+{
+ "id": "CVE-2023-22095",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.590",
+ "lastModified": "2023-10-27T15:15:11.957",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizer). La versi\u00f3n compatible afectada es la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntaje base 6.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22096.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22096.json
new file mode 100644
index 00000000000..8ba33e1afd4
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22096.json
@@ -0,0 +1,89 @@
+{
+ "id": "CVE-2023-22096",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.663",
+ "lastModified": "2023-10-23T18:20:55.877",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el componente Java VM de Oracle Database Server. Las versiones compatibles que se ven afectadas son 19.3-19.20 y 21.3-21.11. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios que tenga privilegios de Crear sesi\u00f3n y Crear procedimiento con acceso a la red a trav\u00e9s de Oracle Net comprometa la m\u00e1quina virtual Java. Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n del acceso a algunos de los datos accesibles de Java VM. CVSS 3.1 Puntaje base 4.3 (Impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "19.3",
+ "versionEndIncluding": "19.20",
+ "matchCriteriaId": "32E02E1D-EF08-47A1-9095-06F9F2D8D268"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:database_server:*:*:*:*:enterprise:*:*:*",
+ "versionStartIncluding": "21.3",
+ "versionEndIncluding": "21.11",
+ "matchCriteriaId": "84088F94-42E8-4553-AE33-A5C4E954C83F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22097.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22097.json
new file mode 100644
index 00000000000..97beb7cdee5
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22097.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22097",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.740",
+ "lastModified": "2023-10-27T15:15:12.057",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22098.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22098.json
new file mode 100644
index 00000000000..e533285296c
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22098.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22098",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.813",
+ "lastModified": "2023-10-23T18:20:14.763",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles que se ven afectadas son anteriores a la 7.0.12. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad est\u00e1 en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) de Oracle VM VirtualBox, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle VM VirtualBox y acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle VM VirtualBox. Nota: Solo aplicable a la plataforma 7.0.x. CVSS 3.1 Puntuaci\u00f3n base 7.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 5.3
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0.0",
+ "versionEndExcluding": "7.0.12",
+ "matchCriteriaId": "D8A5BD79-BD2B-483D-B14F-0F2E525E56D6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-220xx/CVE-2023-22099.json b/CVE-2023/CVE-2023-220xx/CVE-2023-22099.json
new file mode 100644
index 00000000000..266975e469a
--- /dev/null
+++ b/CVE-2023/CVE-2023-220xx/CVE-2023-22099.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22099",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.893",
+ "lastModified": "2023-10-23T18:20:27.083",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles que se ven afectadas son anteriores a la 7.0.12. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad est\u00e1 en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) de Oracle VM VirtualBox, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle VM VirtualBox y acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle VM VirtualBox. Nota: Solo aplicable a la plataforma 7.0.x. CVSS 3.1 Puntuaci\u00f3n base 7.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 5.3
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0.0",
+ "versionEndExcluding": "7.0.12",
+ "matchCriteriaId": "D8A5BD79-BD2B-483D-B14F-0F2E525E56D6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22100.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22100.json
new file mode 100644
index 00000000000..a91a11231d7
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22100.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22100",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:14.963",
+ "lastModified": "2023-10-23T18:20:21.120",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle VM VirtualBox de Oracle Virtualization (componente: Core). Las versiones compatibles que se ven afectadas son anteriores a la 7.0.12. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con altos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle VM VirtualBox para comprometer Oracle VM VirtualBox. Si bien la vulnerabilidad est\u00e1 en Oracle VM VirtualBox, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle VM VirtualBox y la capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) de Oracle VM VirtualBox. Nota: Solo aplicable a la plataforma 7.0.x. CVSS 3.1 Puntuaci\u00f3n base 7,9 (impactos en la confidencialidad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.9,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 5.8
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0.0",
+ "versionEndExcluding": "7.0.12",
+ "matchCriteriaId": "D8A5BD79-BD2B-483D-B14F-0F2E525E56D6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22101.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22101.json
new file mode 100644
index 00000000000..6ebba29dc9a
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22101.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22101",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.033",
+ "lastModified": "2023-10-23T18:19:52.673",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS 3.1 Puntuaci\u00f3n base 8.1 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22102.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22102.json
new file mode 100644
index 00000000000..349ac27c627
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22102.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22102",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.100",
+ "lastModified": "2023-10-27T15:15:12.167",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles que se ven afectadas son la 8.1.0 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa los conectores MySQL. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en los conectores MySQL, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en la adquisici\u00f3n de MySQL Connectors. CVSS 3.1 Puntuaci\u00f3n base 8.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "8.1.0",
+ "matchCriteriaId": "1C8D087A-01CE-42A3-9A33-3E424C2D0258"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0007/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22103.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22103.json
new file mode 100644
index 00000000000..76605b6af8e
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22103.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22103",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.173",
+ "lastModified": "2023-10-27T15:15:12.283",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22104.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22104.json
new file mode 100644
index 00000000000..1933d21ade7
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22104.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22104",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.243",
+ "lastModified": "2023-10-27T15:15:12.410",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.32 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0.0",
+ "versionEndIncluding": "8.0.32",
+ "matchCriteriaId": "9B03E711-1254-4CBD-B2B5-F947248C2A53"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22105.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22105.json
new file mode 100644
index 00000000000..9dfc9c666a9
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22105.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22105",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.307",
+ "lastModified": "2023-10-23T18:49:55.443",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto BI Publisher de Oracle Analytics (componente: Web Server). Las versiones compatibles que se ven afectadas son 6.4.0.0.0 y 7.0.0.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa BI Publisher. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, mientras la vulnerabilidad est\u00e9 en BI Publisher, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de BI Publisher, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de BI Publisher. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:bi_publisher:6.4.0.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F6CEFA51-E2C5-4F07-952D-F8F46C928092"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:bi_publisher:7.0.0.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F59017DC-0258-45BD-89E4-DC8EBA922107"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22106.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22106.json
new file mode 100644
index 00000000000..60eebcb9e67
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22106.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-22106",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.377",
+ "lastModified": "2023-10-23T18:21:13.897",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Enterprise Command Center Framework de Oracle E-Business Suite (componente: API). Las versiones compatibles que se ven afectadas son ECC: 8, 9 y 10. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Enterprise Command Center Framework. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Enterprise Command Center Framework. CVSS 3.1 Puntaje base 6.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6BFFA86D-F43E-4329-A58A-75052BE3A03F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D2F1A03-9F1A-4F3A-885F-9F1640CEF9ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93D67729-C882-4D4D-9D43-C9EA9DE59CA8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22107.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22107.json
new file mode 100644
index 00000000000..bae09794cce
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22107.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-22107",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.440",
+ "lastModified": "2023-10-23T18:23:53.740",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Command Center Framework accessible data as well as unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Enterprise Command Center Framework de Oracle E-Business Suite (componente: UI Components). Las versiones compatibles que se ven afectadas son ECC: 8, 9 y 10. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle Enterprise Command Center Framework. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Enterprise Command Center Framework, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Enterprise Command Center Framework, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Enterprise Command Center Framework. CVSS 3.1 Puntaje base 6.1 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6BFFA86D-F43E-4329-A58A-75052BE3A03F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8D2F1A03-9F1A-4F3A-885F-9F1640CEF9ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:enterprise_command_center_framework:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93D67729-C882-4D4D-9D43-C9EA9DE59CA8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22108.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22108.json
new file mode 100644
index 00000000000..94e35b2ece8
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22108.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22108",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.507",
+ "lastModified": "2023-10-23T18:19:57.627",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles que se ven afectadas son 12.2.1.4.0 y 14.1.1.0.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3, IIOP comprometa Oracle WebLogic Server. Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle WebLogic Server. CVSS 3.1 Puntaje base 7.5 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22109.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22109.json
new file mode 100644
index 00000000000..f2e07533426
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22109.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-22109",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.573",
+ "lastModified": "2023-10-25T14:17:48.507",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Business Intelligence Enterprise Edition de Oracle Analytics (componente: Analytics Web Dashboards). Las versiones compatibles que se ven afectadas son 6.4.0.0.0, 7.0.0.0.0 y 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Business Intelligence Enterprise Edition. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Business Intelligence Enterprise Edition, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Puntaje base 4.6 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:business_intelligence:6.4.0.0.0:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "EDBC994D-3FE6-4DEF-AE5C-26D2E3AD45BF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:business_intelligence:7.0.0.0.0:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "5412263F-C075-4D94-9807-CB895A63708D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
+ "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22110.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22110.json
new file mode 100644
index 00000000000..2530b3006ee
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22110.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22110",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.643",
+ "lastModified": "2023-10-27T15:15:12.510",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.33",
+ "matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22111.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22111.json
new file mode 100644
index 00000000000..f59af5a8dd5
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22111.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22111",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.717",
+ "lastModified": "2023-10-27T15:15:12.600",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: UDF). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.33",
+ "matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22112.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22112.json
new file mode 100644
index 00000000000..e6161017e5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22112.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22112",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.793",
+ "lastModified": "2023-10-27T15:15:12.693",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Optimizer). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22113.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22113.json
new file mode 100644
index 00000000000..f3ddb3a6e25
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22113.json
@@ -0,0 +1,85 @@
+{
+ "id": "CVE-2023-22113",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.873",
+ "lastModified": "2023-10-27T15:15:12.787",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Security: Encryption). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles del servidor MySQL. CVSS 3.1 Puntaje base 2.7 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.33",
+ "matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22114.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22114.json
new file mode 100644
index 00000000000..e69bef43f25
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22114.json
@@ -0,0 +1,91 @@
+{
+ "id": "CVE-2023-22114",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:15.950",
+ "lastModified": "2023-10-27T15:15:12.873",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: InnoDB). Las versiones compatibles que se ven afectadas son la 8.0.34 y anteriores y la 8.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.34",
+ "matchCriteriaId": "F5D3C348-07C4-4E6E-9E47-CECBEBA4223B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:8.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "16FFE86C-A164-406B-93DA-A6A75D380FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22115.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22115.json
new file mode 100644
index 00000000000..3d0a478649f
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22115.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-22115",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.033",
+ "lastModified": "2023-10-27T15:15:12.967",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: DML). Las versiones compatibles que se ven afectadas son la 8.0.33 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con altos privilegios y acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometa el servidor MySQL. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada de provocar un bloqueo o una falla frecuentemente repetible (DOS completo) del servidor MySQL. CVSS 3.1 Puntuaci\u00f3n base 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0",
+ "versionEndIncluding": "8.0.33",
+ "matchCriteriaId": "44F51EF6-9993-4D49-AB0C-7D8D8FB65A98"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "secalert_us@oracle.com"
+ },
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22117.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22117.json
new file mode 100644
index 00000000000..cee753a6768
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22117.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2023-22117",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.107",
+ "lastModified": "2023-10-23T18:21:51.067",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 12.3, 12.4, 14.0-14.3 y 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle FLEXCUBE Universal Banking. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle FLEXCUBE Universal Banking, los ataques pueden afectar significativamente productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle FLEXCUBE Universal Banking, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.0.0",
+ "versionEndIncluding": "14.3.0",
+ "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5.0",
+ "versionEndIncluding": "14.7.0",
+ "matchCriteriaId": "789A462F-9133-4624-8D25-D34E7AEDFBEC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77DAFCA5-2BAD-4382-8AEB-862E10B87161"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22118.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22118.json
new file mode 100644
index 00000000000..cda80e12bc1
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22118.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2023-22118",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.177",
+ "lastModified": "2023-10-23T18:22:03.180",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 12.3, 12.4, 14.0-14.3 y 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle FLEXCUBE Universal Banking. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle FLEXCUBE Universal Banking, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle FLEXCUBE Universal Banking, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio. (DOS parcial) de Oracle FLEXCUBE Universal Banking. CVSS 3.1 Puntuaci\u00f3n base 6,5 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.0.0",
+ "versionEndIncluding": "14.3.0",
+ "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5.0",
+ "versionEndIncluding": "14.7.0",
+ "matchCriteriaId": "789A462F-9133-4624-8D25-D34E7AEDFBEC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77DAFCA5-2BAD-4382-8AEB-862E10B87161"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22119.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22119.json
new file mode 100644
index 00000000000..b832bf6ed63
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22119.json
@@ -0,0 +1,99 @@
+{
+ "id": "CVE-2023-22119",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.247",
+ "lastModified": "2023-10-23T18:22:14.563",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 12.3, 12.4, 14.0-14.3 y 14.5-14.7. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa Oracle FLEXCUBE Universal Banking. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Universal Banking, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle FLEXCUBE Universal Banking y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio (DOS parcial) de Oracle FLEXCUBE Universal Banking. CVSS 3.1 Puntuaci\u00f3n base 5,9 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.0.0",
+ "versionEndIncluding": "14.3.0",
+ "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5.0",
+ "versionEndIncluding": "14.7.0",
+ "matchCriteriaId": "789A462F-9133-4624-8D25-D34E7AEDFBEC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.3.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77DAFCA5-2BAD-4382-8AEB-862E10B87161"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3D55FB5-8ED8-4797-B5BC-545477AF7347"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22121.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22121.json
new file mode 100644
index 00000000000..832b121673a
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22121.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22121",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.323",
+ "lastModified": "2023-10-23T18:22:22.633",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Banking Trade Finance de Oracle Financial Services Applications (componente: Infraestructura). Las versiones compatibles que se ven afectadas son 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Oracle Banking Trade Finance. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Banking Trade Finance, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Banking Trade Finance. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).x\u00ba"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5",
+ "versionEndIncluding": "14.7",
+ "matchCriteriaId": "F1668AD8-FA32-4F95-A417-BDE83156C396"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22122.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22122.json
new file mode 100644
index 00000000000..8a6ea24d058
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22122.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22122",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.397",
+ "lastModified": "2023-10-23T18:22:32.107",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Banking Trade Finance de Oracle Financial Services Applications (componente: Infraestructura). Las versiones compatibles que se ven afectadas son 14.5-14.7. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Banking Trade Finance. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos cr\u00edticos o acceso completo a todos los datos accesibles de Oracle Banking Trade Finance, as\u00ed como acceso no autorizado a actualizaciones, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Banking Trade Finance y la capacidad no autorizada de causar una vulnerabilidad parcial. denegaci\u00f3n de servicio (DOS parcial) de Oracle Banking Trade Finance. CVSS 3.1 Puntuaci\u00f3n base 5,9 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5",
+ "versionEndIncluding": "14.7",
+ "matchCriteriaId": "F1668AD8-FA32-4F95-A417-BDE83156C396"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22123.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22123.json
new file mode 100644
index 00000000000..656e2f80768
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22123.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22123",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.467",
+ "lastModified": "2023-10-23T18:22:38.917",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Banking Trade Finance de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Banking Trade Finance. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Banking Trade Finance, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Banking Trade Finance, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Banking Trade Finance. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5",
+ "versionEndIncluding": "14.7",
+ "matchCriteriaId": "F1668AD8-FA32-4F95-A417-BDE83156C396"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22124.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22124.json
new file mode 100644
index 00000000000..da4ecb79cef
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22124.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22124",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.540",
+ "lastModified": "2023-10-23T18:22:45.570",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Banking Trade Finance de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Banking Trade Finance. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Banking Trade Finance, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Banking Trade Finance, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Banking Trade Finance. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5",
+ "versionEndIncluding": "14.7",
+ "matchCriteriaId": "F1668AD8-FA32-4F95-A417-BDE83156C396"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22125.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22125.json
new file mode 100644
index 00000000000..3fc6196a290
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22125.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-22125",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.607",
+ "lastModified": "2023-10-23T18:22:57.883",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Banking Trade Finance de Oracle Financial Services Applications (componente: Infrastructure). Las versiones compatibles que se ven afectadas son 14.5-14.7. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer Oracle Banking Trade Finance. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad est\u00e1 en Oracle Banking Trade Finance, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos a esta vulnerabilidad pueden resultar en actualizaciones no autorizadas, inserci\u00f3n o eliminaci\u00f3n de acceso a algunos de los datos accesibles de Oracle Banking Trade Finance, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Banking Trade Finance. CVSS 3.1 Puntaje base 5.4 (Impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:banking_trade_finance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "14.5",
+ "versionEndIncluding": "14.7",
+ "matchCriteriaId": "F1668AD8-FA32-4F95-A417-BDE83156C396"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22126.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22126.json
new file mode 100644
index 00000000000..e7fc6af5cff
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22126.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22126",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.677",
+ "lastModified": "2023-10-23T18:20:04.377",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle WebCenter Content de Oracle Fusion Middleware (componente: Content Server). La versi\u00f3n compatible afectada es 12.2.1.4.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometer Oracle WebCenter Content. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle WebCenter Content. CVSS 3.1 Puntaje base 5.3 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:webcenter_content:12.2.1.4.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC6BB89E-DCA0-4453-A043-1987EB657451"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22127.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22127.json
new file mode 100644
index 00000000000..78705b1199e
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22127.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22127",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.750",
+ "lastModified": "2023-10-23T18:49:47.720",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Outside In Technology de Oracle Fusion Middleware (componente: SDK de acceso a contenido, SDK de exportaci\u00f3n de im\u00e1genes, SDK de exportaci\u00f3n de PDF, SDK de exportaci\u00f3n HTML). La versi\u00f3n compatible afectada es la 8.5.6. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios y acceso a la red a trav\u00e9s de HTTP comprometer la tecnolog\u00eda Oracle Outside In. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado una actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n no autorizada del acceso a algunos de los datos accesibles de Oracle Outside In Technology, as\u00ed como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Outside In Technology y la capacidad no autorizada de causar una denegaci\u00f3n parcial de servicio. (DOS parcial) de Oracle Outside In Technology. CVSS 3.1 Puntuaci\u00f3n base 6.3 (impactos en la confidencialidad, la integridad y la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.6:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76D6D900-3178-4FB2-980C-5E806933F059"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22128.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22128.json
new file mode 100644
index 00000000000..6a88453fe4b
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22128.json
@@ -0,0 +1,105 @@
+{
+ "id": "CVE-2023-22128",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.823",
+ "lastModified": "2023-10-23T18:49:29.657",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Filesystem). Las versiones compatibles que se ven afectadas son la 10 y la 11. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de rquota comprometa Oracle Solaris. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Solaris. CVSS 3.1 Puntaje base 3.1 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ },
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.1,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
+ "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22129.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22129.json
new file mode 100644
index 00000000000..2ec9f52f79c
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22129.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22129",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.900",
+ "lastModified": "2023-10-23T18:55:51.797",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. Note: This vunlerability only affects SPARC Systems. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Oracle Solaris de Oracle Systems (componente: Kernel). La versi\u00f3n compatible que se ve afectada es la 11. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios iniciar sesi\u00f3n en la infraestructura donde se ejecuta Oracle Solaris para comprometer Oracle Solaris. Los ataques exitosos de esta vulnerabilidad pueden tener como resultado una capacidad no autorizada para causar un bloqueo o una falla frecuentemente repetible (DOS completo) de Oracle Solaris. Nota: Esta vulnerabilidad solo afecta a los sistemas SPARC. CVSS 3.1 Puntuaci\u00f3n base 5.5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:sparc:*",
+ "matchCriteriaId": "EB70B299-0A40-401F-ADDD-5D34F1E04052"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-221xx/CVE-2023-22130.json b/CVE-2023/CVE-2023-221xx/CVE-2023-22130.json
new file mode 100644
index 00000000000..da98233eee4
--- /dev/null
+++ b/CVE-2023/CVE-2023-221xx/CVE-2023-22130.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-22130",
+ "sourceIdentifier": "secalert_us@oracle.com",
+ "published": "2023-10-17T22:15:16.973",
+ "lastModified": "2023-10-23T18:48:43.810",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad en el producto Sun ZFS Storage Appliance de Oracle Systems (componente: Core). La versi\u00f3n compatible afectada es la 8.8.60. Una vulnerabilidad dif\u00edcil de explotar permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP comprometa Sun ZFS Storage Appliance. Los ataques exitosos a esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar un bloqueo o un bloqueo frecuente (DOS completo) de Sun ZFS Storage Appliance. CVSS 3.1 Puntuaci\u00f3n base 5.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert_us@oracle.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.60:*:*:*:*:*:*:*",
+ "matchCriteriaId": "94E7D50C-4ED6-481C-A804-550CFD85423B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.oracle.com/security-alerts/cpuoct2023.html",
+ "source": "secalert_us@oracle.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22308.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22308.json
index 52b1e9a0328..6e2e323972a 100644
--- a/CVE-2023/CVE-2023-223xx/CVE-2023-22308.json
+++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22308.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-22308",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:09.967",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T02:43:42.797",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad vpnserver OvsProcessData de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegaci\u00f3n de Servicio (DoS). Un atacante puede enviar un paquete malicioso para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-191"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,36 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D21F370B-D9F2-43E8-8E45-0EA74A3C9D4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22325.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22325.json
index 08bdb85bb58..fa9becb8266 100644
--- a/CVE-2023/CVE-2023-223xx/CVE-2023-22325.json
+++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22325.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-22325",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:10.283",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:12:38.933",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad DCRegister DDNS_RPC_MAX_RECV_SIZE de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegaci\u00f3n de Servicio (DoS). Un atacante puede realizar un ataque de intermediario para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-835"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,49 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "79C47EE5-1B55-4FDD-A5B5-E10FF3337100"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D21F370B-D9F2-43E8-8E45-0EA74A3C9D4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-223xx/CVE-2023-22392.json b/CVE-2023/CVE-2023-223xx/CVE-2023-22392.json
index a2812e6dd9d..2a17e8d2d50 100644
--- a/CVE-2023/CVE-2023-223xx/CVE-2023-22392.json
+++ b/CVE-2023/CVE-2023-223xx/CVE-2023-22392.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-22392",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-12T23:15:10.680",
- "lastModified": "2023-10-13T12:47:48.873",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-23T20:15:08.700",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nPTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command \"show chassis fpc\".\n\nThe following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.\n\nexpr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw\nexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware\nexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.\nexpr_dfw_base_hw_create:114 Failed to add h/w data.\nexpr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__\nexpr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0\nexpr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!\nexpr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure\nexpr_dfw_bp_topo_handler:1102 Failed to program fnum.\nexpr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.\nThis issue affects Juniper Networks Junos OS:\n\non PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R2-S2, 21.4R3;\n * 22.1 versions prior to 22.1R1-S2, 22.1R2.\n\n\n\n\non PTX3000, PTX5000, QFX10000:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3\n * 22.2 versions prior to 22.2R3-S1\n * 22.3 versions prior to 22.3R2-S2, 22.3R3\n * 22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en Packet Forwarding Engine (PFE) de Juniper Networks Junos OS permite que un atacante adyacente no autenticado provoque una Denegaci\u00f3n de Servicio (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002 y PTX10004, PTX10008 y PTX10016 con FPC LC110x no admiten ciertas rutas de flujo. Una vez que se recibe una ruta de flujo a trav\u00e9s de una sesi\u00f3n BGP establecida y se intenta instalar el filtro resultante en el PFE, se pierde la memoria del mont\u00f3n de FPC. La memoria del mont\u00f3n de FPC se puede monitorizar usando el comando CLI \"show chassis fpc\". Los siguientes mensajes de syslog se pueden observar si no se puede instalar el filtro respectivo derivado de una ruta de flujo. expr_dfw_sfm_range_add:661 Longitud del paquete SFM No se puede obtener una entrada sfm para actualizar el hw expr_dfw_hw_sfm_add:750 No se puede agregar la coincidencia secundaria del filtro al hardware expr_dfw_base_hw_add:52 No se pudieron agregar datos h/w sfm. expr_dfw_base_hw_create:114 No se pudieron agregar datos h/w. expr_dfw_base_pfe_inst_create:241 No se pudo crear la base inst para sfilter 0 en PFE 0 para __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 No se pudo crear __flowspec_default_inet__ en PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old no encontrado para pfe_index 0!expr_dfw_bp_pgm_flt_num:548 Error al programar el punto de enlace en hw: error gen\u00e9rico expr_dfw_bp_topo_handler:1102 Error al programar fnum. expr_dfw_entry_process_change:679 No se pudo cambiar la instancia para el filtro __flowspec_default_inet__. Este problema afecta a Juniper Networks Junos OS: en PTX1000, PTX10002 y PTX10004, PTX10008 y PTX10016 con FPC LC110x: * Todas las versiones anteriores a 20.4R3-S5; * Versiones 21.1 anteriores a 21.1R3-S4; * Versiones 21.2 anteriores a 21.2R3-S2; * Versiones 21.3 anteriores a 21.3R3; * Versiones 21.4 anteriores a 21.4R2-S2, 21.4R3; * Versiones 22.1 anteriores a 22.1R1-S2, 22.1R2. en PTX3000, PTX5000, QFX10000: * Todas las versiones anteriores a 20.4R3-S8; * 21.1 versi\u00f3n 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S4; * Versiones 22.1 anteriores a 22.1R3-S3 * Versiones 22.2 anteriores a 22.2R3-S1 * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3 * Versiones 22.4 anteriores a 22.4R2."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-401"
+ }
+ ]
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -46,9 +80,762 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20.4",
+ "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx1000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0E6DF99D-E438-4943-BC32-F2821E72AE0B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx1000-72q:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B219F54A-4474-48CB-80F1-D988A719C3DA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx10002:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "82B22AC2-B794-4F12-9EB3-9AA6E4B19831"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx10002-60c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1B5462DF-5CF1-4DF9-989B-622EA734964F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx10004:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C432E543-37F5-4CA0-B239-2B97C6A16907"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx10008:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A64A26-4606-4D33-8958-5A3B7FFC4CDB"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx10016:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1879799F-18B2-4958-AA90-FD19348C889F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20.4",
+ "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx3000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "516476F9-7D4C-494F-99AA-750F4467CD15"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:ptx5000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "654140A0-FEC0-4DB4-83BF-ECCB000DFA4D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:juniper:qfx10000:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5AF2039C-E08C-472F-82E6-DAD3F94724B5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
- "url": "https://supportportal.juniper.net/JSA70188",
+ "url": "https://supportportal.juniper.net/JSA73530",
"source": "sirt@juniper.net"
}
]
diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json
index d67ab0561bf..f40b4ca529b 100644
--- a/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json
+++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22515.json
@@ -2,20 +2,20 @@
"id": "CVE-2023-22515",
"sourceIdentifier": "security@atlassian.com",
"published": "2023-10-04T14:15:10.440",
- "lastModified": "2023-10-10T19:22:02.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T16:15:19.130",
+ "vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-10-05",
- "cisaActionDue": "2023-10-26",
- "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
- "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability",
+ "cisaActionDue": "2023-10-13",
+ "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.",
+ "cisaVulnerabilityName": "Atlassian Confluence Data Center and Server Broken Access Control Vulnerability",
"descriptions": [
{
"lang": "en",
- "value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.\n\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. \n\nFor more details, please review the linked advisory on this CVE."
+ "value": "Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. \r\n\r\nAtlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. "
},
{
"lang": "es",
- "value": "Atlassian ha sido informado de un problema por un pu\u00f1ado de clientes que atacantes externos pueden haber explotado una vulnerabilidad previamente desconocida en instancias de Confluence Data Center y Server de acceso p\u00fablico para crear cuentas de administrador de Confluence no autorizadas y acceder a instancias de Confluence. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema. Para obtener m\u00e1s detalles, revise el aviso vinculado sobre este CVE."
+ "value": "Atlassian ha sido informado de un problema informado por un pu\u00f1ado de clientes en el que atacantes externos pueden haber explotado una vulnerabilidad previamente desconocida en instancias de Confluence Data Center and Server de acceso p\u00fablico para crear cuentas de administrador de Confluence no autorizadas y acceder a instancias de Confluence. Los sitios de Atlassian Cloud no se ven afectados por esta vulnerabilidad. Si se accede a su sitio de Confluence a trav\u00e9s de un dominio atlassian.net, est\u00e1 alojado en Atlassian y no es vulnerable a este problema."
}
],
"metrics": {
@@ -131,6 +131,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/175225/Atlassian-Confluence-Unauthenticated-Remote-Code-Execution.html",
+ "source": "security@atlassian.com"
+ },
{
"url": "https://confluence.atlassian.com/display/KB/FAQ+for+CVE-2023-22515",
"source": "security@atlassian.com",
@@ -146,12 +150,8 @@
]
},
{
- "url": "https://jira.atlassian.com/browse/CONFSERVER-92457",
- "source": "security@atlassian.com",
- "tags": [
- "Issue Tracking",
- "Permissions Required"
- ]
+ "url": "https://jira.atlassian.com/browse/CONFSERVER-92475",
+ "source": "security@atlassian.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-228xx/CVE-2023-22812.json b/CVE-2023/CVE-2023-228xx/CVE-2023-22812.json
index d5ecaad8370..319c8f1f656 100644
--- a/CVE-2023/CVE-2023-228xx/CVE-2023-22812.json
+++ b/CVE-2023/CVE-2023-228xx/CVE-2023-22812.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22812",
"sourceIdentifier": "psirt@wdc.com",
"published": "2023-03-24T20:15:15.343",
- "lastModified": "2023-03-29T15:03:46.660",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T18:15:09.740",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data."
+ "value": "SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. \n"
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22932.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22932.json
index 238b88cbd18..a534a52218e 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22932.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22932.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-22932",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.143",
- "lastModified": "2023-02-23T14:41:12.553",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.160",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -98,6 +98,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/",
+ "source": "prodsec@splunk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22933.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22933.json
index e7c2fc39c0e..140f32052bb 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22933.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22933.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22933",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.220",
- "lastModified": "2023-02-23T15:17:24.610",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.243",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the \u2018layoutPanel\u2019 attribute in the \u2018module\u2019 tag\u2019. The vulnerability affects instances with Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the \u2018layoutPanel\u2019 attribute in the \u2018module\u2019 tag\u2019."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22934.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22934.json
index d1107cf5b2f..a36be625bd0 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22934.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22934.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22934",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.297",
- "lastModified": "2023-02-23T15:27:14.540",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.307",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018pivot\u2019 search processing language (SPL) command lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards) using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. The vulnerability affects instances with Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018pivot\u2019 search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22935.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22935.json
index dff0736269d..89acc60ba34 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22935.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22935.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22935",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.377",
- "lastModified": "2023-02-23T16:51:16.563",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.370",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018display.page.search.patterns.sensitivity\u2019 search parameter lets a search bypass [SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018display.page.search.patterns.sensitivity\u2019 search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. "
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22937.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22937.json
index d93516b9ae6..6a7a7a6524a 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22937.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22937.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22937",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.540",
- "lastModified": "2023-02-23T17:06:42.767",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.447",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. For more information on lookup table files, see [About lookups](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Aboutlookupsandfieldactions)."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl."
}
],
"metrics": {
@@ -113,6 +113,10 @@
"Mitigation",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://research.splunk.com/application/b7d1293f-e78f-415e-b5f6-443df3480082/",
+ "source": "prodsec@splunk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22939.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22939.json
index a859749fa4a..4b4bb0064fe 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22939.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22939.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22939",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.687",
- "lastModified": "2023-02-23T15:48:40.717",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.517",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018map\u2019 search processing language (SPL) command lets a search [bypass SPL safeguards for risky commands](https://docs.splunk.com/Documentation/Splunk/latest/Security/SPLsafeguards). The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2018map\u2019 search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. "
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22940.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22940.json
index d98dacd2d48..20a7552bac3 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22940.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22940.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22940",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.760",
- "lastModified": "2023-02-23T15:58:38.460",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.587",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the \u2018collect\u2019 search processing language (SPL) command, including \u2018summaryindex\u2019, \u2018sumindex\u2019, \u2018stash\u2019,\u2019 mcollect\u2019, and \u2018meventcollect\u2019, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the \u2018collect\u2019 search processing language (SPL) command, including \u2018summaryindex\u2019, \u2018sumindex\u2019, \u2018stash\u2019,\u2019 mcollect\u2019, and \u2018meventcollect\u2019, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. "
}
],
"metrics": {
@@ -114,11 +114,8 @@
]
},
{
- "url": "https://research.splunk.com/endpoint/ee69374a-d27e-4136-adac-956a96ff60fd",
- "source": "prodsec@splunk.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/",
+ "source": "prodsec@splunk.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22941.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22941.json
index 39990f4672d..be556f25710 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22941.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22941.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22941",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.837",
- "lastModified": "2023-02-23T16:03:31.600",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.657",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted \u2018INGEST_EVAL\u2019 parameter in a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) crashes the Splunk daemon (splunkd)."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted \u2018INGEST_EVAL\u2019 parameter in a Field Transformation crashes the Splunk daemon (splunkd)."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22942.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22942.json
index 99a2541411d..40fc3d87bbc 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22942.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22942.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22942",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.907",
- "lastModified": "2023-02-23T16:08:20.770",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.727",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the \u2018kvstore_client\u2019 REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled."
+ "value": "In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the \u2018kvstore_client\u2019 REST endpoint lets a potential attacker update SSG KV store collections using an HTTP GET request."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-229xx/CVE-2023-22943.json b/CVE-2023/CVE-2023-229xx/CVE-2023-22943.json
index b40f3d78397..3ecef5c8513 100644
--- a/CVE-2023/CVE-2023-229xx/CVE-2023-22943.json
+++ b/CVE-2023/CVE-2023-229xx/CVE-2023-22943.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-22943",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.993",
- "lastModified": "2023-02-23T16:17:58.663",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.793",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. The vulnerability affects AoB and apps that AoB generates when using the REST API Modular Input functionality through its user interface. The vulnerability also potentially affects third-party apps and add-ons that call the *cloudconnectlib.splunktacollectorlib.cloud_connect_mod_input* Python class directly."
+ "value": "In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2241.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2241.json
index 5778e9be3e7..315c0b4e6b8 100644
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2241.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2241.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2241",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-22T16:15:42.050",
- "lastModified": "2023-04-29T03:03:33.527",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-22T15:15:08.713",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2246.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2246.json
index e0947332788..ddb1e7b0bf0 100644
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2246.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2246.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2246",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-23T16:15:07.107",
- "lastModified": "2023-05-05T19:15:15.603",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-22T16:15:08.283",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -83,7 +83,7 @@
},
"weaknesses": [
{
- "source": "cna@vuldb.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -93,7 +93,7 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@@ -121,10 +121,6 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/172182/Online-Pizza-Ordering-System-1.0-Shell-Upload.html",
- "source": "cna@vuldb.com"
- },
{
"url": "https://docs.google.com/document/d/1Bzt1UOXHJYyNFvTUsMO4zfbiDd_cKxuEygjAww2GcZQ/edit",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json
index b341a78b702..3dd7bfce7fc 100644
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2269.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2269",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-25T21:15:10.627",
- "lastModified": "2023-09-29T22:15:10.877",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:13.207",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -103,6 +103,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "secalert@redhat.com"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT/",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23373.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23373.json
new file mode 100644
index 00000000000..eb6db3ea0cf
--- /dev/null
+++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23373.json
@@ -0,0 +1,111 @@
+{
+ "id": "CVE-2023-23373",
+ "sourceIdentifier": "security@qnapsecurity.com.tw",
+ "published": "2023-10-20T17:15:08.427",
+ "lastModified": "2023-10-26T17:22:35.563",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQUSBCam2 2.0.3 ( 2023/06/15 ) and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo afecta a QUSBCam2. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios ejecutar comandos a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: QUSBCam2 2.0.3 (2023/06/15) y posteriores"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@qnapsecurity.com.tw",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
+ {
+ "source": "security@qnapsecurity.com.tw",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:qnap:qusbcam2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.0",
+ "versionEndExcluding": "2.0.3",
+ "matchCriteriaId": "640A39B0-28DE-4F65-BCF8-D91334E0D071"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.qnap.com/en/security-advisory/qsa-23-43",
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23374.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23374.json
index 188c09ec4f5..7b15c7e326d 100644
--- a/CVE-2023/CVE-2023-233xx/CVE-2023-23374.json
+++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23374.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-23374",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-02-14T20:15:16.827",
- "lastModified": "2023-09-30T11:15:13.287",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:53:36.303",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-235xx/CVE-2023-23581.json b/CVE-2023/CVE-2023-235xx/CVE-2023-23581.json
index 0fca8ad15af..2ebd4a31348 100644
--- a/CVE-2023/CVE-2023-235xx/CVE-2023-23581.json
+++ b/CVE-2023/CVE-2023-235xx/CVE-2023-23581.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-23581",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:10.937",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T02:46:13.130",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad vpnserver EnSafeHttpHeaderValueStr de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegaci\u00f3n de Servicio (DoS)."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,36 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D21F370B-D9F2-43E8-8E45-0EA74A3C9D4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-236xx/CVE-2023-23632.json b/CVE-2023/CVE-2023-236xx/CVE-2023-23632.json
index b14468eca88..9bd5081e26d 100644
--- a/CVE-2023/CVE-2023-236xx/CVE-2023-23632.json
+++ b/CVE-2023/CVE-2023-236xx/CVE-2023-23632.json
@@ -2,19 +2,80 @@
"id": "CVE-2023-23632",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-12T20:15:12.187",
- "lastModified": "2023-10-13T12:47:48.873",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T19:28:11.450",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret."
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 22.2.x a 22.4.x de BeyondTrust Privileged Remote Access (PRA) son vulnerables a una omisi\u00f3n de autenticaci\u00f3n local. Los atacantes pueden aprovechar un proceso de verificaci\u00f3n de secretos defectuoso en las sesiones de salto del shell BYOT, lo que permite el acceso no autorizado a elementos de salto adivinando solo el primer car\u00e1cter del secreto."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "22.2.1",
+ "versionEndExcluding": "22.3.3",
+ "matchCriteriaId": "31A784B4-BF67-4CBC-BD67-688E05CFD037"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_03_CSNC-2022-018_PRA_Privilege_Escalation.txt",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23737.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23737.json
index 5bbdb018977..bd6b4692430 100644
--- a/CVE-2023/CVE-2023-237xx/CVE-2023-23737.json
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23737.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-23737",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-12T12:15:10.313",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T17:58:03.137",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <=\u00a04.0 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de inyecci\u00f3n SQL (SQLi) no autenticada en el complemento MainWP MainWP Broken Links Checker Extension en versiones <= 4.0."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "audit@patchstack.com",
"type": "Secondary",
@@ -46,10 +70,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:managewp:broken_link_checker:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "4.0",
+ "matchCriteriaId": "9902C28E-4CCB-4F8A-82F0-A73F47493A10"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mainwp-broken-links-checker-extension/wordpress-mainwp-broken-links-checker-extension-plugin-4-0-unauthenticated-sql-injection-vulnerability?_s_id=cve",
- "source": "audit@patchstack.com"
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json
new file mode 100644
index 00000000000..fa2bcfd630f
--- /dev/null
+++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23767.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-23767",
+ "sourceIdentifier": "product-cna@github.com",
+ "published": "2023-10-25T18:17:23.870",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files.\u00a0This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Asignaci\u00f3n de permisos incorrecta para recursos cr\u00edticos en GitHub Enterprise Server que permit\u00eda a las cuentas de usuario del sistema operativo local leer los detalles de la conexi\u00f3n MySQL, incluida la contrase\u00f1a de MySQL, a trav\u00e9s de archivos de configuraci\u00f3n. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server y se solucion\u00f3 en las versiones 3.7.18, 3.8.11, 3.9.6 y 3.10.3."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "product-cna@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "product-cna@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.3",
+ "source": "product-cna@github.com"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.18",
+ "source": "product-cna@github.com"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.11",
+ "source": "product-cna@github.com"
+ },
+ {
+ "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.6",
+ "source": "product-cna@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23914.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23914.json
index fbe8603b8fe..8418b4498fc 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23914.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23914.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-23914",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.637",
- "lastModified": "2023-10-11T11:15:10.340",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:57:11.737",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,6 +73,134 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -86,11 +214,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0006/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23915.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23915.json
index 3c8913fc4aa..fad0f755d89 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23915.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23915.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-23915",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.703",
- "lastModified": "2023-10-11T11:15:10.793",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:57:08.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,6 +73,134 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -85,11 +213,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0006/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-239xx/CVE-2023-23916.json b/CVE-2023/CVE-2023-239xx/CVE-2023-23916.json
index bf5a3775470..fc0cdaf9062 100644
--- a/CVE-2023/CVE-2023-239xx/CVE-2023-23916.json
+++ b/CVE-2023/CVE-2023-239xx/CVE-2023-23916.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-23916",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-02-23T20:15:13.777",
- "lastModified": "2023-10-11T11:15:10.960",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:56:59.260",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -260,7 +260,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230309-0006/",
diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json
index 8b91365eee5..edb3e857120 100644
--- a/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2307.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2307",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-04-26T17:15:11.217",
- "lastModified": "2023-10-10T08:15:10.687",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:29:14.063",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "security@huntr.dev",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -64,6 +64,16 @@
"value": "CWE-352"
}
]
+ },
+ {
+ "source": "security@huntr.dev",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
}
],
"configurations": [
@@ -87,7 +97,10 @@
"references": [
{
"url": "https://github.com/BuilderIO/qwik/pull/3862/commits/09190b70027354baf7ad3d208df9c05a87f75f57",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/204ea12e-9e5c-4166-bf0e-fd49c8836917",
diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2325.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2325.json
new file mode 100644
index 00000000000..1e806b1fa37
--- /dev/null
+++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2325.json
@@ -0,0 +1,120 @@
+{
+ "id": "CVE-2023-2325",
+ "sourceIdentifier": "security@m-files.com",
+ "published": "2023-10-20T07:15:15.213",
+ "lastModified": "2023-10-26T17:36:35.787",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Stored XSS Vulnerability in M-Files Classic Web versions before 23.10\u00a0and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en las versiones M-Files Classic Web anteriores a 23.10 y LTS Service Release Versions anteriores a 23.2 LTS SR4 y 23.8 LTS SR1 permite al atacante ejecutar scripts en el navegador de los usuarios a trav\u00e9s de un documento HTML almacenado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@m-files.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@m-files.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:m-files:classic_web:*:*:*:*:-:*:*:*",
+ "versionEndExcluding": "23.10",
+ "matchCriteriaId": "28E12800-4297-4473-B24F-9D71897DB877"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:m-files:classic_web:23.2:-:*:*:lts:*:*:*",
+ "matchCriteriaId": "4E66A68C-65E6-48E9-97DD-621B4B73D975"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:m-files:classic_web:23.8:-:*:*:lts:*:*:*",
+ "matchCriteriaId": "B6C757FE-8BF2-4CFC-A0CF-4EDFB77C8D96"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-2325/",
+ "source": "security@m-files.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-241xx/CVE-2023-24198.json b/CVE-2023/CVE-2023-241xx/CVE-2023-24198.json
index 9525cb999d0..47270d9b0a0 100644
--- a/CVE-2023/CVE-2023-241xx/CVE-2023-24198.json
+++ b/CVE-2023/CVE-2023-241xx/CVE-2023-24198.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-24198",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-06T15:15:10.827",
- "lastModified": "2023-02-10T04:53:36.893",
+ "lastModified": "2023-10-18T15:28:51.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:raffle_draw_system_project:raffle_draw_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "3292C3CB-82C1-4E6D-970B-AE09766A82DB"
+ "criteria": "cpe:2.3:a:oretnom23:raffle_draw_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6F67511D-93BB-4CB7-8880-FE97D266A1B4"
}
]
}
diff --git a/CVE-2023/CVE-2023-241xx/CVE-2023-24199.json b/CVE-2023/CVE-2023-241xx/CVE-2023-24199.json
index 76ba0b9a9bc..1bfa12709aa 100644
--- a/CVE-2023/CVE-2023-241xx/CVE-2023-24199.json
+++ b/CVE-2023/CVE-2023-241xx/CVE-2023-24199.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-24199",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-06T15:15:10.917",
- "lastModified": "2023-02-10T04:51:07.777",
+ "lastModified": "2023-10-18T15:29:34.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:raffle_draw_system_project:raffle_draw_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "3292C3CB-82C1-4E6D-970B-AE09766A82DB"
+ "criteria": "cpe:2.3:a:oretnom23:raffle_draw_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6F67511D-93BB-4CB7-8880-FE97D266A1B4"
}
]
}
diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24200.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24200.json
index 7c6f50658d2..13e97cc9ed1 100644
--- a/CVE-2023/CVE-2023-242xx/CVE-2023-24200.json
+++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24200.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-24200",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-06T15:15:11.007",
- "lastModified": "2023-02-10T04:51:15.737",
+ "lastModified": "2023-10-18T15:31:32.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:raffle_draw_system_project:raffle_draw_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "3292C3CB-82C1-4E6D-970B-AE09766A82DB"
+ "criteria": "cpe:2.3:a:oretnom23:raffle_draw_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6F67511D-93BB-4CB7-8880-FE97D266A1B4"
}
]
}
diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24201.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24201.json
index 0011d1eb5c7..3e2f6758146 100644
--- a/CVE-2023/CVE-2023-242xx/CVE-2023-24201.json
+++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24201.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-24201",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-06T15:15:11.097",
- "lastModified": "2023-02-10T04:51:59.563",
+ "lastModified": "2023-10-18T15:32:22.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:raffle_draw_system_project:raffle_draw_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "3292C3CB-82C1-4E6D-970B-AE09766A82DB"
+ "criteria": "cpe:2.3:a:oretnom23:raffle_draw_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6F67511D-93BB-4CB7-8880-FE97D266A1B4"
}
]
}
diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24202.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24202.json
index c1f80fe35f0..3c120f47dee 100644
--- a/CVE-2023/CVE-2023-242xx/CVE-2023-24202.json
+++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24202.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-24202",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-06T15:15:11.183",
- "lastModified": "2023-02-10T04:52:09.047",
+ "lastModified": "2023-10-18T15:32:30.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:raffle_draw_system_project:raffle_draw_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "3292C3CB-82C1-4E6D-970B-AE09766A82DB"
+ "criteria": "cpe:2.3:a:oretnom23:raffle_draw_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6F67511D-93BB-4CB7-8880-FE97D266A1B4"
}
]
}
diff --git a/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json b/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json
index 0926f7b2c6c..e215ced9ed0 100644
--- a/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json
+++ b/CVE-2023/CVE-2023-243xx/CVE-2023-24385.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24385",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-17T09:15:09.960",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-24T15:02:07.950",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
{
"source": "audit@patchstack.com",
"type": "Secondary",
@@ -50,10 +70,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:davidlingren:media_library_assistant:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.12",
+ "matchCriteriaId": "1FE5C2DE-E210-4D3E-89A7-FF21821516CE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/media-library-assistant/wordpress-media-library-assistant-plugin-3-11-cross-site-scripting-xss-vulnerability?_s_id=cve",
- "source": "audit@patchstack.com"
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24429.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24429.json
index 83b9d0278b4..1e849661493 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24429.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24429.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24429",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.110",
- "lastModified": "2023-02-04T02:06:33.267",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:23.990",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24430.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24430.json
index c74073303fc..0115692473f 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24430.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24430.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24430",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.170",
- "lastModified": "2023-02-04T01:58:28.333",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.057",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2973%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24431.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24431.json
index b2a170736c0..dba9bedf128 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24431.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24431.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24431",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.240",
- "lastModified": "2023-02-02T15:46:07.067",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.110",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24432.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24432.json
index 139997f0fea..1de797ab676 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24432.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24432.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24432",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.307",
- "lastModified": "2023-02-02T15:45:03.793",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.167",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24433.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24433.json
index 13b9d5ed535..972ffcff315 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24433.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24433.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24433",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.387",
- "lastModified": "2023-02-02T15:45:32.247",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.233",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2772%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24434.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24434.json
index e7519dbd476..adc5c941df6 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24434.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24434.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24434",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.457",
- "lastModified": "2023-02-02T15:30:10.487",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.300",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24435.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24435.json
index 9df89089315..82dabad4415 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24435.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24435.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24435",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.537",
- "lastModified": "2023-02-02T13:57:32.567",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.357",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20(2)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%282%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-244xx/CVE-2023-24436.json b/CVE-2023/CVE-2023-244xx/CVE-2023-24436.json
index 613ab6cede1..064c5519af6 100644
--- a/CVE-2023/CVE-2023-244xx/CVE-2023-24436.json
+++ b/CVE-2023/CVE-2023-244xx/CVE-2023-24436.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24436",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-01-26T21:18:17.600",
- "lastModified": "2023-02-02T15:03:24.113",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.417",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -66,11 +66,8 @@
],
"references": [
{
- "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20(1)",
- "source": "jenkinsci-cert@googlegroups.com",
- "tags": [
- "Vendor Advisory"
- ]
+ "url": "https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2789%20%281%29",
+ "source": "jenkinsci-cert@googlegroups.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-245xx/CVE-2023-24515.json b/CVE-2023/CVE-2023-245xx/CVE-2023-24515.json
index ff416b388b8..e79f99f176c 100644
--- a/CVE-2023/CVE-2023-245xx/CVE-2023-24515.json
+++ b/CVE-2023/CVE-2023-245xx/CVE-2023-24515.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-24515",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-08-22T19:16:34.480",
- "lastModified": "2023-08-26T02:23:15.997",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T12:15:09.093",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -56,7 +56,7 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
@@ -66,7 +66,7 @@
]
},
{
- "source": "cve-coordination@incibe.es",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@@ -95,6 +95,10 @@
}
],
"references": [
+ {
+ "url": "https://gist.github.com/damodarnaik/9cc76c6b320510c34a0a668bd7439f7b",
+ "source": "cve-coordination@incibe.es"
+ },
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
"source": "cve-coordination@incibe.es",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2459.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2459.json
index 2f3b5188548..3a871587cd7 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2459.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2459.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2459",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:08.803",
- "lastModified": "2023-09-30T11:15:14.233",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:54:50.567",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -84,6 +84,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2460.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2460.json
index cda401d4405..0541faf0442 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2460.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2460.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2460",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.327",
- "lastModified": "2023-09-30T11:15:14.307",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:54:54.283",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -41,7 +41,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "NVD-CWE-noinfo"
}
]
}
@@ -84,6 +84,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2461.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2461.json
index bd53f265b32..fa407d4082b 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2461.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2461.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2461",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.387",
- "lastModified": "2023-09-30T11:15:14.367",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:15.903",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -96,6 +96,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -131,15 +141,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2462.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2462.json
index 40d4fd3b777..b7ddeb47df4 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2462.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2462.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2462",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.443",
- "lastModified": "2023-09-30T11:15:14.440",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T20:51:46.813",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -119,15 +124,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2463.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2463.json
index ce46f42570a..55d670a6a62 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2463.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2463.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2463",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.497",
- "lastModified": "2023-09-30T11:15:14.500",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:03:56.857",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -81,6 +81,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -131,15 +141,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2464.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2464.json
index b2feb9f3655..7f728037a9b 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2464.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2464.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2464",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.550",
- "lastModified": "2023-09-30T11:15:14.560",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:04:01.780",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2465.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2465.json
index 7044faf46cb..80aedba131d 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2465.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2465.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2465",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.597",
- "lastModified": "2023-09-30T11:15:14.623",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-17T19:06:16.967",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2466.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2466.json
index f1ff684c57e..d4489bc1c7c 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2466.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2466.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2466",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.647",
- "lastModified": "2023-09-30T11:15:14.697",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:04:05.570",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2467.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2467.json
index 0d96e9935ac..1c9f7c61b14 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2467.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2467.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2467",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.697",
- "lastModified": "2023-09-30T11:15:14.757",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:04:08.910",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -81,6 +81,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -131,15 +141,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2468.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2468.json
index e3548b7bb9b..810b15803e0 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2468.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2468.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2468",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.747",
- "lastModified": "2023-09-30T11:15:14.817",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T21:04:13.863",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -69,6 +69,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
@@ -119,15 +129,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF/",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5398",
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2475.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2475.json
index 251aa9010c2..9fb3d929adb 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2475.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2475.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2475",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-02T13:15:25.287",
- "lastModified": "2023-05-09T17:27:09.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T06:15:08.267",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867."
+ "value": "A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-24xx/CVE-2023-2476.json b/CVE-2023/CVE-2023-24xx/CVE-2023-2476.json
index 20416833fda..0274b4079de 100644
--- a/CVE-2023/CVE-2023-24xx/CVE-2023-2476.json
+++ b/CVE-2023/CVE-2023-24xx/CVE-2023-2476.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2476",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-02T14:15:09.273",
- "lastModified": "2023-05-09T17:21:53.020",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T06:15:10.087",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
diff --git a/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json b/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json
new file mode 100644
index 00000000000..f29cc9d765e
--- /dev/null
+++ b/CVE-2023/CVE-2023-250xx/CVE-2023-25032.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-25032",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-25T18:17:24.597",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <=\u00a05.5.1 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada autenticada (con permisos de admin o superiores) en el complemento PrintFriendly en Print, PDF y Email en versiones <= 5.5.1."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/printfriendly/wordpress-print-pdf-email-by-printfriendly-plugin-5-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-254xx/CVE-2023-25476.json b/CVE-2023/CVE-2023-254xx/CVE-2023-25476.json
new file mode 100644
index 00000000000..419d32fbf56
--- /dev/null
+++ b/CVE-2023/CVE-2023-254xx/CVE-2023-25476.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-25476",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-18T08:15:07.570",
+ "lastModified": "2023-10-25T17:38:34.117",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic AmpedSense \u2013 AdSense Split Tester plugin <=\u00a04.68 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Ezoic AmpedSense de AdSense Split Tester en versiones <= 4.68."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ezoic:ampedsense:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "4.68",
+ "matchCriteriaId": "93D680E4-4E9E-4B4C-AFDC-057406063535"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/ampedsense-adsense-split-tester/wordpress-ampedsense-adsense-split-tester-plugin-4-68-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25753.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25753.json
new file mode 100644
index 00000000000..81f6dc3bc24
--- /dev/null
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25753.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-25753",
+ "sourceIdentifier": "security@apache.org",
+ "published": "2023-10-19T09:15:08.480",
+ "lastModified": "2023-10-25T17:20:20.830",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nThere exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter.\n\nOf particular concern is our ability to exert control over the HTTP method, cookies, IP address, and headers. This effectively grants us the capability to dispatch complete HTTP requests to hosts of our choosing.\n\nThis issue affects Apache ShenYu: 2.5.1.\n\nUpgrade to Apache ShenYu 2.6.0 or apply patch\u00a0 https://github.com/apache/shenyu/pull/4776 \u00a0.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad SSRF (falsificaci\u00f3n de solicitudes del lado del servidor) ubicada en el endpoint /sandbox/proxyGateway. Esta vulnerabilidad nos permite manipular solicitudes arbitrarias y recuperar las respuestas correspondientes ingresando cualquier URL en el par\u00e1metro requestUrl. De particular preocupaci\u00f3n es nuestra capacidad para ejercer control sobre el m\u00e9todo HTTP, las cookies, la direcci\u00f3n IP y los encabezados. Esto efectivamente nos otorga la capacidad de enviar solicitudes HTTP completas a los hosts de nuestra elecci\u00f3n. Este problema afecta a Apache ShenYu: 2.5.1. Actualice a Apache ShenYu 2.6.0 o aplique el parche https://github.com/apache/shenyu/pull/4776"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ },
+ {
+ "source": "security@apache.org",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:apache:shenyu:2.5.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5FF6FCF7-9CEF-4E24-B669-256B1C825361"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://lists.apache.org/thread/chprswxvb22z35vnoxv9tt3zknsm977d",
+ "source": "security@apache.org",
+ "tags": [
+ "Mailing List",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25761.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25761.json
index 2bceb5e1856..b8c52859d0e 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25761.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25761.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25761",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.387",
- "lastModified": "2023-02-23T04:48:24.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.680",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25762.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25762.json
index 1167e9361ca..950d5e3fca3 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25762.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25762.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25762",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.470",
- "lastModified": "2023-02-23T04:48:16.377",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.743",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25763.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25763.json
index 480a6fd9b04..ab552c41207 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25763.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25763.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25763",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.543",
- "lastModified": "2023-02-23T04:48:08.983",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.803",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25764.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25764.json
index 5e6f0a821a4..79b94d42d42 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25764.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25764.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25764",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.617",
- "lastModified": "2023-02-23T04:48:01.200",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.857",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-79"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-79"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25765.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25765.json
index 0e61ce0b151..b53867149b3 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25765.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25765.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25765",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.700",
- "lastModified": "2023-02-23T04:47:47.887",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.917",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-693"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25766.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25766.json
index e6a6ae60de6..233ba0c1b21 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25766.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25766.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25766",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.773",
- "lastModified": "2023-03-01T20:09:45.747",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:24.967",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25767.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25767.json
index acb322de66a..c03080793ad 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25767.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25767.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25767",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.847",
- "lastModified": "2023-02-24T15:27:53.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:25.027",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -34,18 +34,6 @@
}
]
},
- "weaknesses": [
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Primary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-352"
- }
- ]
- }
- ],
"configurations": [
{
"nodes": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25768.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25768.json
index d7800b4a6c1..b36aa94f541 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25768.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25768.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-25768",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-02-15T14:15:13.947",
- "lastModified": "2023-03-08T17:35:46.383",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:25.083",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -44,16 +44,6 @@
"value": "CWE-862"
}
]
- },
- {
- "source": "jenkinsci-cert@googlegroups.com",
- "type": "Secondary",
- "description": [
- {
- "lang": "en",
- "value": "CWE-862"
- }
- ]
}
],
"configurations": [
diff --git a/CVE-2023/CVE-2023-257xx/CVE-2023-25774.json b/CVE-2023/CVE-2023-257xx/CVE-2023-25774.json
index a3562076b8c..9010a8046f2 100644
--- a/CVE-2023/CVE-2023-257xx/CVE-2023-25774.json
+++ b/CVE-2023/CVE-2023-257xx/CVE-2023-25774.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-25774",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.297",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:53:08.367",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) en la funcionalidad vpnserver ConnectionAccept() de SoftEther VPN 5.02. Un conjunto de conexiones de red especialmente manipuladas puede provocar una Denegaci\u00f3n de Servicio (DoS). Un atacante puede enviar una secuencia de paquetes maliciosos para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D21F370B-D9F2-43E8-8E45-0EA74A3C9D4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json
index 0722091ea48..d25cc09e3b6 100644
--- a/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json
+++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2564.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2564",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-05-07T14:15:42.343",
- "lastModified": "2023-10-10T08:15:10.790",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T20:27:01.213",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
"references": [
{
"url": "https://github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1",
- "source": "security@huntr.dev"
+ "source": "security@huntr.dev",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://huntr.dev/bounties/d13113ad-a107-416b-acc1-01e4c16ec461",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26112.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26112.json
index 1146e7568f6..29aadb1c75b 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26112.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26112.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-26112",
"sourceIdentifier": "report@snyk.io",
"published": "2023-04-03T05:15:07.753",
- "lastModified": "2023-04-10T13:57:52.633",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T04:15:10.387",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file."
+ "value": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r"
}
],
"metrics": {
@@ -91,6 +91,14 @@
"Issue Tracking"
]
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6BO4RLMYEJODCNUE3DJIIUUFVTPAG6VN/",
+ "source": "report@snyk.io"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZHY7B33EFY4LESP2NI4APQUPRROTAZK/",
+ "source": "report@snyk.io"
+ },
{
"url": "https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494",
"source": "report@snyk.io",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json
index 28a9c5b92fb..355a86ef75b 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26115.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26115",
"sourceIdentifier": "report@snyk.io",
"published": "2023-06-22T05:15:09.157",
- "lastModified": "2023-08-24T16:15:07.820",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-23T18:57:33.990",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -76,7 +76,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:word-wrap_project:word-wrap:*:*:*:*:*:node.js:*:*",
- "matchCriteriaId": "04B48B0A-8B67-4838-A1E0-EB3CB727A813"
+ "versionEndExcluding": "1.2.4",
+ "matchCriteriaId": "F9B3A751-DF84-4680-B6CB-4D30C7F9FF5D"
}
]
}
@@ -93,7 +94,10 @@
},
{
"url": "https://github.com/jonschlinkert/word-wrap/releases/tag/1.2.4",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-4058657",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26116.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26116.json
index 5006cb7069a..57f3c997016 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26116.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26116.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26116",
"sourceIdentifier": "report@snyk.io",
"published": "2023-03-30T05:15:07.410",
- "lastModified": "2023-05-30T17:18:44.267",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T04:15:10.527",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -86,6 +86,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/",
+ "source": "report@snyk.io"
+ },
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406320",
"source": "report@snyk.io",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26117.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26117.json
index ef26ba09fc0..82192e1c99a 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26117.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26117.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26117",
"sourceIdentifier": "report@snyk.io",
"published": "2023-03-30T05:15:07.687",
- "lastModified": "2023-05-30T17:20:47.480",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T04:15:10.637",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -86,6 +86,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/",
+ "source": "report@snyk.io"
+ },
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406323",
"source": "report@snyk.io",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26118.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26118.json
index 428fa0e0943..3978f02b193 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26118.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26118.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26118",
"sourceIdentifier": "report@snyk.io",
"published": "2023-03-30T05:15:07.750",
- "lastModified": "2023-05-30T17:20:32.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T04:15:10.720",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -86,6 +86,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQWJLE5WE33WNMA54XSJIDXBRK2KL3XJ/",
+ "source": "report@snyk.io"
+ },
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-5406326",
"source": "report@snyk.io",
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26155.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26155.json
index df75240577a..e2667e51fb6 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26155.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26155.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-26155",
"sourceIdentifier": "report@snyk.io",
"published": "2023-10-14T05:15:55.183",
- "lastModified": "2023-10-14T17:32:33.483",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:44:50.783",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path."
+ },
+ {
+ "lang": "es",
+ "value": "Todas las versiones del paquete node-qpdf son vulnerables a la inyecci\u00f3n de comandos, de modo que el m\u00e9todo encrypt() exportado por el paquete no puede sanitizar su entrada de par\u00e1metros, que luego fluye hacia una API de ejecuci\u00f3n de comandos confidencial. Como resultado, los atacantes pueden inyectar comandos maliciosos una vez que puedan especificar la ruta del archivo pdf de entrada."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "report@snyk.io",
"type": "Secondary",
@@ -34,14 +58,51 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nrhirani:node-qpdf:*:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC0932B9-C3A4-46E0-B0FE-8E4B7937A0D3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/nrhirani/node-qpdf/issues/23",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Issue Tracking"
+ ]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-NODEQPDF-5747918",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26219.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26219.json
new file mode 100644
index 00000000000..67533031fe7
--- /dev/null
+++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26219.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-26219",
+ "sourceIdentifier": "security@tibco.com",
+ "published": "2023-10-25T18:17:25.143",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console\u2019s and Agent\u2019s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Los componentes Hawk Console y Hawk Agent de TIBCO Hawk de TIBCO Software Inc., TIBCO Hawk Distribution para TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail y TIBCO Runtime Agent contienen una vulnerabilidad que te\u00f3ricamente permite a un atacante acceder al log de Hawk Console y Hawk Agent para obtener las credenciales utilizadas para acceder a los servidores EMS asociados. Las versiones afectadas son TIBCO Hawk de TIBCO Software Inc.: versiones 6.2.2 y siguientes, TIBCO Hawk Distribution para TIBCO Silver Fabric: versiones 6.2.2 y siguientes, TIBCO Operational Intelligence Hawk RedTail: versiones 7.2.1 y siguientes y TIBCO Runtime Agente: versiones 5.12.2 y anteriores."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@tibco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.tibco.com/services/support/advisories",
+ "source": "security@tibco.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26220.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26220.json
index 417d35a629b..decc298a407 100644
--- a/CVE-2023/CVE-2023-262xx/CVE-2023-26220.json
+++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26220.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-26220",
"sourceIdentifier": "security@tibco.com",
"published": "2023-10-10T23:15:09.933",
- "lastModified": "2023-10-10T23:25:33.373",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:30:03.617",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "El componente Spotfire Library de Spotfire Analyst y Spotfire Server de TIBCO Software Inc. contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con pocos privilegios y acceso a la red ejecutar Cross Site Scripting (XSS) almacenado en el sistema afectado. Un ataque exitoso que utilice esta vulnerabilidad requiere la interacci\u00f3n humana de una persona distinta del atacante. Las versiones afectadas son Spotfire Analyst de TIBCO Software Inc.: versiones 11.4.7 e inferiores, versiones 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0. 3 y 12.0.4, versiones 12.1.0 y 12.1.1 y Spotfire Server: versiones 11.4.11 y anteriores, versiones 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0 , 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4 y 12.0.5, versiones 12.1.0 y 12.1.1."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security@tibco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "security@tibco.com",
"type": "Secondary",
@@ -46,10 +80,172 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "11.4.7",
+ "matchCriteriaId": "841BE5EF-AA80-4864-8379-572F84D01CB1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.5.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6643BEFC-4C34-4D82-9451-79F2E2727230"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "98448711-785E-483A-BC6A-5A5311C7FF63"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7CB9F167-A6FF-46ED-9BCB-F4634ACB18B5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:11.8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7E3122E8-7D53-4FE6-A38F-39ED821BC8BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12F5049F-F75D-45A3-A6A3-E22353721532"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F029AC1D-CB5B-4F2B-B255-EB98F7758232"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2AD66F3D-4B7D-4C0A-A3DE-69C4A0D2B480"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F07C385A-55C6-4B35-9D1A-058958571530"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.0.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1CF7CAF-77B3-4FB8-AD50-E74999A5306E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D671E2F-D211-4E0D-B351-92A08327E439"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_analyst:12.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD0A72BA-11DB-494E-9FBA-415253D878BE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "11.4.11",
+ "matchCriteriaId": "4A54F9B1-432F-4BDF-8331-710EB7DC7DA0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.5.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "50269188-015E-406A-90B8-5F113773A3D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBDD97C0-212A-4E53-9246-65ED746C6554"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7E22936E-ADBE-4D1F-AB3E-574DDE9B26E0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "71EF8AB2-09E0-4235-B7A2-41867303ACA2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.6.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2838D095-0DA8-4F1B-BAD4-D5A326C5D65C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "014E0C2D-6601-478E-A5EF-D14789430A31"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5854EC01-743F-4B31-B51F-34DE3F4DDCFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:11.8.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "113FBC40-777B-4B99-A5BF-A40F6707AFD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "117AF754-4972-4254-A158-37B87C054DAF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7619EE98-BAFF-4685-B434-4CD2966D6C2D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7487265D-177D-40E5-8BBA-54224B9FFC96"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7722AC4-9856-403E-92A9-5CD0CFA57CDF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.4:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A18039B-1EF0-4617-9579-509E611FA859"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2FB4CDB7-3FA6-4441-94F6-CEA13BD8C811"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DE8D46B2-D8C9-4FF9-A6FA-61B755241B12"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tibco:spotfire_server:12.1.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8466B949-D760-46C3-BC9B-11489DA9773F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.tibco.com/services/support/advisories",
- "source": "security@tibco.com"
+ "source": "security@tibco.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26300.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26300.json
new file mode 100644
index 00000000000..16e67d7705e
--- /dev/null
+++ b/CVE-2023/CVE-2023-263xx/CVE-2023-26300.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-26300",
+ "sourceIdentifier": "hp-security-alert@hp.com",
+ "published": "2023-10-18T19:15:08.460",
+ "lastModified": "2023-10-18T20:00:27.677",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. HP is releasing firmware updates to mitigate the potential vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Se ha identificado una posible vulnerabilidad de seguridad en el BIOS de System para Certain HP PC products que podr\u00eda permitir una escalada de privilegios. HP est\u00e1 lanzando actualizaciones de firmware para mitigar la vulnerabilidad potencial."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://support.hp.com/us-en/document/ish_9461800-9461828-16",
+ "source": "hp-security-alert@hp.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26568.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26568.json
new file mode 100644
index 00000000000..15db36d3667
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26568.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26568",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.217",
+ "lastModified": "2023-10-28T03:20:16.467",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetStudentGroupStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26568",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26569.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26569.json
new file mode 100644
index 00000000000..4f4a6930bd4
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26569.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26569",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.277",
+ "lastModified": "2023-10-28T03:20:20.530",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo StudentPopupDetails_Timetable en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26569",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26570.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26570.json
new file mode 100644
index 00000000000..8c4622002dc
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26570.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26570",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.337",
+ "lastModified": "2023-10-28T03:20:26.277",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the StudentPopupDetails_Timetable method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_Timetable en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26570",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26571.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26571.json
new file mode 100644
index 00000000000..7f6e701dc9f
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26571.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26571",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.397",
+ "lastModified": "2023-10-28T03:20:31.930",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the SetStudentNotes method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo SetStudentNotes en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la modificaci\u00f3n de los datos de los estudiantes por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26571",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26572.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26572.json
new file mode 100644
index 00000000000..ba6e3d215ee
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26572.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26572",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.457",
+ "lastModified": "2023-10-28T03:22:43.037",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetExcursionList method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetExcursionList en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26572",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26573.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26573.json
new file mode 100644
index 00000000000..162dca7784a
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26573.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26573",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.513",
+ "lastModified": "2023-10-28T03:22:35.543",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the SetDB method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo SetDB en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la Denegaci\u00f3n de Servicio (DoS) o el robo de credenciales de inicio de sesi\u00f3n de la base de datos."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26573",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26574.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26574.json
new file mode 100644
index 00000000000..9c29da4e031
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26574.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26574",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.577",
+ "lastModified": "2023-10-28T03:22:50.603",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the SearchStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26574",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26575.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26575.json
new file mode 100644
index 00000000000..6f0b00ed29f
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26575.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26575",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.650",
+ "lastModified": "2023-10-28T03:22:26.930",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the SearchStudentsStaff method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudentsStaff en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de estudiantes y profesores."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26575",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26576.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26576.json
new file mode 100644
index 00000000000..4db532de611
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26576.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26576",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.720",
+ "lastModified": "2023-10-28T03:22:20.050",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the SearchStudentsRFID method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo SearchStudentsRFID en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26576",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26577.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26577.json
new file mode 100644
index 00000000000..1384276a9e6
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26577.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26577",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.780",
+ "lastModified": "2023-10-28T03:22:14.633",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. "
+ },
+ {
+ "lang": "es",
+ "value": "Cross-Site Scripting (XSS) Almacenado en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permiten a los atacantes secuestrar la sesi\u00f3n de navegaci\u00f3n del usuario que ha iniciado sesi\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26577",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26578.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26578.json
new file mode 100644
index 00000000000..392b7db2331
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26578.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-26578",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.837",
+ "lastModified": "2023-10-28T03:22:06.693",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Arbitrary file upload to web root in the IDAttend\u2019s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. "
+ },
+ {
+ "lang": "es",
+ "value": "La carga arbitraria de archivos a la ra\u00edz de la web en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite a atacantes autenticados cargar archivos peligrosos a la ra\u00edz web, como ASP o ASPX, obteniendo la ejecuci\u00f3n de comandos en el servidor afectado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2E83E186-DB76-4468-9BDE-E15B437E81EB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26578",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26579.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26579.json
new file mode 100644
index 00000000000..95dd614bee3
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26579.json
@@ -0,0 +1,109 @@
+{
+ "id": "CVE-2023-26579",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.897",
+ "lastModified": "2023-10-28T03:21:34.177",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the DeleteStaff method in IDAttend\u2019s IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo DeleteStaff en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite que atacantes no autenticados eliminen informaci\u00f3n del personal."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:3.1.013:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2E83E186-DB76-4468-9BDE-E15B437E81EB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26579",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26580.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26580.json
new file mode 100644
index 00000000000..1551004cb5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26580.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-26580",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:25.950",
+ "lastModified": "2023-10-28T03:23:40.257",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "Un archivo arbitrario no autenticado le\u00eddo en la aplicaci\u00f3n IDWeb 3.1.013 de IDAttend permite la recuperaci\u00f3n de cualquier archivo presente en el servidor web por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-552"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-552"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26580",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26581.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26581.json
new file mode 100644
index 00000000000..1e240478bb0
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26581.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26581",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.010",
+ "lastModified": "2023-10-28T03:20:36.517",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetVisitors method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetVisitors en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26581",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26582.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26582.json
new file mode 100644
index 00000000000..752aedee517
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26582.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26582",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.070",
+ "lastModified": "2023-10-28T03:20:40.767",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetExcursionDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26582",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26583.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26583.json
new file mode 100644
index 00000000000..863c47aa0a3
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26583.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26583",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.127",
+ "lastModified": "2023-10-28T03:20:44.597",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetCurrentPeriod en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26584.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26584.json
new file mode 100644
index 00000000000..8430aea749d
--- /dev/null
+++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26584.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-26584",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.180",
+ "lastModified": "2023-10-28T03:20:48.837",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetStudentInconsistencies en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2624.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2624.json
index 1d7eedc00fa..8aa47230eb7 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2624.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2624.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2624",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.030",
- "lastModified": "2023-10-03T18:15:10.153",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T16:06:17.940",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -67,7 +67,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174895/WordPress-KiviCare-3.2.0-Cross-Site-Scripting.html",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://wpscan.com/vulnerability/dc3a841d-a95b-462e-be4b-acaa44e77264",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
index 198302c5d74..4b350dfe824 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2650.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2650",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-05-30T14:15:09.683",
- "lastModified": "2023-08-29T18:04:28.613",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T15:15:13.057",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -167,6 +167,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5417",
"source": "openssl-security@openssl.org",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2667.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2667.json
index ae4a99c9c98..031bba3e15e 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2667.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2667.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2667",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T07:15:08.627",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T06:15:11.847",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883."
+ "value": "A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228883."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2667.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228883",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2668.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2668.json
index c6464ccfd58..061bbdec5ad 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2668.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2668.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2668",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T07:15:08.733",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T06:15:12.467",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884."
+ "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228884."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2668.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228884",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2669.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2669.json
index 2df2d8cb5cb..8e96c5ae424 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2669.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2669.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2669",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T08:15:09.063",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T07:15:10.303",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability."
+ "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228885 was assigned to this vulnerability."
}
],
"metrics": {
@@ -121,6 +121,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2669.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228885",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2670.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2670.json
index ab362350973..feb9096f4cd 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2670.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2670.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2670",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T08:15:09.130",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T07:15:10.450",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2670.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228886",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2671.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2671.json
index 97279a3a1bd..1106bdb188e 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2671.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2671.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2671",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T09:15:10.447",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T07:15:10.543",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887."
+ "value": "A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228887."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2671.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228887",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2672.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2672.json
index 5d581e0bad0..e1700c27bfe 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2672.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2672.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2672",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-12T09:15:10.520",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T07:15:10.637",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888."
+ "value": "A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228888."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/CVE-2023-2672.md",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.228888",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2681.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2681.json
index 7f4d89f3ced..08001bc4269 100644
--- a/CVE-2023/CVE-2023-26xx/CVE-2023-2681.json
+++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2681.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-2681",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2023-10-03T13:15:09.937",
- "lastModified": "2023-10-05T16:43:37.583",
+ "lastModified": "2023-10-25T15:00:33.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -89,8 +89,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:jorani_project:jorani:1.0.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "00665EA7-7D22-4226-801E-ABA4BD94D0D7"
+ "criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"
}
]
}
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27114.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27114.json
index 94a08835c02..12335be4d95 100644
--- a/CVE-2023/CVE-2023-271xx/CVE-2023-27114.json
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27114.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27114",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-10T02:15:58.403",
- "lastModified": "2023-03-15T16:26:50.240",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-17T16:15:09.837",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -65,11 +65,8 @@
],
"references": [
{
- "url": "https://github.com/radareorg/radare2/commit/13308c9aad79f9c7a3507ce549fe270103e8ceea",
- "source": "cve@mitre.org",
- "tags": [
- "Patch"
- ]
+ "url": "https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509",
+ "source": "cve@mitre.org"
},
{
"url": "https://github.com/radareorg/radare2/issues/21363",
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27132.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27132.json
new file mode 100644
index 00000000000..140dd8139ac
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27132.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-27132",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-17T16:15:09.957",
+ "lastModified": "2023-10-25T12:51:26.787",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TSplus Remote Work 16.0.0.0 places a cleartext password on the \"var pass\" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product."
+ },
+ {
+ "lang": "es",
+ "value": "TSplus Remote Work 16.0.0.0 coloca una contrase\u00f1a de texto plano en la l\u00ednea \"var pass\" del c\u00f3digo fuente HTML para el portal web seguro de inicio de sesi\u00f3n \u00fanico. NOTA: CVE-2023-31069 se refiere \u00fanicamente al producto TSplus Remote Access, no al producto TSplus Remote Work."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-522"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tsplus:tsplus_remote_work:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "16.0.0.0",
+ "matchCriteriaId": "4FCFDE54-02A8-45F8-BA88-E7E44FB60FD9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://packetstormsecurity.com/files/174271",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27133.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27133.json
new file mode 100644
index 00000000000..a9a731342e3
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27133.json
@@ -0,0 +1,82 @@
+{
+ "id": "CVE-2023-27133",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-17T16:15:10.033",
+ "lastModified": "2023-10-24T20:42:16.187",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\\TSplus-RemoteWork\\Clients\\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product."
+ },
+ {
+ "lang": "es",
+ "value": "TSplus Remote Work 16.0.0.0 tiene permisos d\u00e9biles para archivos .exe, .js y .html en la carpeta %PROGRAMFILES(X86)%\\TSplus-RemoteWork\\Clients\\www. Esto puede permitir una escalada de privilegios si un usuario local diferente modifica un archivo. NOTA: CVE-2023-31067 y CVE-2023-31068 se refieren \u00fanicamente al producto TSplus Remote Access, no al producto TSplus Remote Work."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:tsplus:tsplus_remote_work:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "16.0.0.0",
+ "matchCriteriaId": "4FCFDE54-02A8-45F8-BA88-E7E44FB60FD9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://packetstormsecurity.com/files/174272",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27148.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27148.json
new file mode 100644
index 00000000000..7f274ed8847
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27148.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-27148",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T20:15:08.817",
+ "lastModified": "2023-10-27T19:40:46.700",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenada en el panel de administraci\u00f3n de Enhancesoft osTicket v1.17.2 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Nombre de funci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:enhancesoft:osticket:1.17.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77B993F5-E270-471F-8FE3-B8B110FBC08E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-27148-osticket_xss/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27149.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27149.json
new file mode 100644
index 00000000000..27e20c67a87
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27149.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-27149",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T20:15:08.863",
+ "lastModified": "2023-10-27T19:41:33.100",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenada en Enhancesoft osTicket v1.17.2 permite a los atacantes ejecutar scripts o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de entrada Etiqueta al actualizar una lista personalizada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:enhancesoft:osticket:1.17.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "77B993F5-E270-471F-8FE3-B8B110FBC08E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-27149-osticket_xss/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27152.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27152.json
new file mode 100644
index 00000000000..f3662777a5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27152.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-27152",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T21:15:08.703",
+ "lastModified": "2023-10-24T12:45:02.747",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication."
+ },
+ {
+ "lang": "es",
+ "value": "DECISO OPNsense 23.1 no impone l\u00edmites de velocidad para la autenticaci\u00f3n, lo que permite a los atacantes realizar un ataque de fuerza bruta para eludir la autenticaci\u00f3n."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-27152-opnsense-brute-force/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-271xx/CVE-2023-27170.json b/CVE-2023/CVE-2023-271xx/CVE-2023-27170.json
new file mode 100644
index 00000000000..f1ad128284d
--- /dev/null
+++ b/CVE-2023/CVE-2023-271xx/CVE-2023-27170.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-27170",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T23:15:09.253",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Xpand IT Write-back manager v2.3.1 permite a los atacantes realizar un directory traversal mediante la modificaci\u00f3n del par\u00e1metro siteName."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://balwurk.com/cve-2023-27170-improper-limitation-of-a-pathname-to-a-restricted-directory/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27254.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27254.json
new file mode 100644
index 00000000000..ffd88f563a6
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27254.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27254",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.240",
+ "lastModified": "2023-10-28T03:20:53.253",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetRoomChanges en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27255.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27255.json
new file mode 100644
index 00000000000..b05aea74e0e
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27255.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27255",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.297",
+ "lastModified": "2023-10-28T03:22:55.287",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo DeleteRoomChanges en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27256.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27256.json
new file mode 100644
index 00000000000..24f6ce032a5
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27256.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27256",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.353",
+ "lastModified": "2023-10-28T03:23:01.543",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the GetLogFiles method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetLogFiles en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la recuperaci\u00f3n de archivos de registro confidenciales por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27257.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27257.json
new file mode 100644
index 00000000000..446348feeee
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27257.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27257",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.410",
+ "lastModified": "2023-10-28T03:19:47.833",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the GetActiveToiletPasses method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetActiveToiletPasses en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados recuperen la informaci\u00f3n de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27258.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27258.json
new file mode 100644
index 00000000000..d680284b1ca
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27258.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27258",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.470",
+ "lastModified": "2023-10-28T03:19:57.333",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetStudentGroupStudents en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la recuperaci\u00f3n de datos de estudiantes y profesores por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27259.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27259.json
new file mode 100644
index 00000000000..c949c4076f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27259.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27259",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.527",
+ "lastModified": "2023-10-28T03:20:02.377",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de estudiantes y profesores."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27260.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27260.json
new file mode 100644
index 00000000000..fae0a285f86
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27260.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27260",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.587",
+ "lastModified": "2023-10-28T03:20:11.070",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27261.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27261.json
new file mode 100644
index 00000000000..9ea22164243
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27261.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27261",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.657",
+ "lastModified": "2023-10-28T03:23:33.637",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the DeleteAssignments method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo DeleteAssignments en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la eliminaci\u00f3n de datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27262.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27262.json
new file mode 100644
index 00000000000..d8f6a48e4d3
--- /dev/null
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27262.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27262",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.713",
+ "lastModified": "2023-10-28T03:23:20.260",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La inyecci\u00f3n de SQL no autenticado en el m\u00e9todo GetAssignmentsDue en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite la extracci\u00f3n o modificaci\u00f3n de todos los datos por parte de atacantes no autenticados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27312.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27312.json
index d33ba801fe4..2c2467b2f72 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27312.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27312.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27312",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.537",
- "lastModified": "2023-10-12T19:42:47.127",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:17:11.533",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are \nsusceptible to a vulnerability which may allow authenticated \nunprivileged users to modify email and snapshot name settings within the\n VMware vSphere user interface.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "El complemento SnapCenter para VMware vSphere versiones 4.6 anteriores a 4.9 son susceptibles a una vulnerabilidad que puede permitir a usuarios autenticados sin privilegios modificar la configuraci\u00f3n del correo electr\u00f3nico y el nombre de la instant\u00e1nea dentro de la interfaz de usuario de VMware vSphere."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -46,10 +80,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:*:*:*:*:*:vmware_vsphere:*:*",
+ "versionStartIncluding": "4.6",
+ "versionEndExcluding": "4.9",
+ "matchCriteriaId": "63D70659-B00B-4380-A8A9-700EBE918615"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230713-0001/",
- "source": "security-alert@netapp.com"
+ "source": "security-alert@netapp.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27313.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27313.json
index 38545d71f2e..9629990a6f1 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27313.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27313.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27313",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.653",
- "lastModified": "2023-10-12T19:42:47.127",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:16:58.257",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a \nvulnerability which may allow an authenticated unprivileged user to gain\n access as an admin user.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 3.x y 4.x de SnapCenter anteriores a la 4.9 son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado sin privilegios obtenga acceso como usuario administrador."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -46,10 +80,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0",
+ "versionEndExcluding": "4.9",
+ "matchCriteriaId": "9B02A810-1E06-4266-94FF-4A33D6ED68A9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230713-0002/",
- "source": "security-alert@netapp.com"
+ "source": "security-alert@netapp.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27314.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27314.json
index e7b04ec2008..159de89da1a 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27314.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27314.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27314",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T19:15:11.747",
- "lastModified": "2023-10-12T19:42:47.127",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:00:24.900",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service."
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones de ONTAP 9 anteriores a 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 y 9.13.1 son susceptibles a una vulnerabilidad que podr\u00eda permitir que un atacante remoto no autenticado provoque una falla del servicio HTTP."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -46,10 +80,72 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.0",
+ "versionEndExcluding": "9.8",
+ "matchCriteriaId": "D9342DC4-2928-49B6-AACA-95B3DE9C994A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.8:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BE523D87-B51F-41F2-9B6F-A85AB28FF3DC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.8:p7:*:*:*:*:*:*",
+ "matchCriteriaId": "B353C687-391F-476E-9199-2D769842E019"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "E0284DC1-9FAA-4979-82C3-AB7347614C80"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.9.1:p3:*:*:*:*:*:*",
+ "matchCriteriaId": "76CBFD8A-CE4C-4337-8F22-397DDCC1B074"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.10.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "E932E75A-46F0-47AA-9EFE-11D7127D4015"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.10.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F1A4278F-D9A9-4C39-AC53-AB35DB921E02"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.12.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CABEEE42-6098-4259-ABAA-8D8D7BEEB0A0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.13.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BE4AE3BB-685A-466F-B4FA-D49D366C6598"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20231009-0001/",
- "source": "security-alert@netapp.com"
+ "source": "security-alert@netapp.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27316.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27316.json
index 93dad735d39..b3fff6815be 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27316.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27316.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27316",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2023-10-12T22:15:09.640",
- "lastModified": "2023-10-13T12:47:48.873",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:25:34.030",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter versions 4.8 through 4.9 are susceptible to a \nvulnerability which may allow an authenticated SnapCenter Server user to\n become an admin user on a remote system where a SnapCenter plug-in has \nbeen installed. \n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 4.8 a 4.9 de SnapCenter son susceptibles a una vulnerabilidad que puede permitir que un usuario autenticado de SnapCenter Server se convierta en usuario administrador en un sistema remoto donde se ha instalado un complemento de SnapCenter."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security-alert@netapp.com",
"type": "Secondary",
@@ -46,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.8",
+ "versionEndIncluding": "4.9",
+ "matchCriteriaId": "4304E07C-4A87-4589-896A-7F2EEC1BC7E1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.netapp.com/advisory/NTAP-20231012-0001/",
- "source": "security-alert@netapp.com"
+ "source": "security-alert@netapp.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231012-0001/",
- "source": "security-alert@netapp.com"
+ "source": "security-alert@netapp.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27375.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27375.json
new file mode 100644
index 00000000000..2f20e748ac2
--- /dev/null
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27375.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27375",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.773",
+ "lastModified": "2023-10-28T03:23:15.667",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_ContactDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27376.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27376.json
new file mode 100644
index 00000000000..37f7cc6fc6a
--- /dev/null
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27376.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27376",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.837",
+ "lastModified": "2023-10-28T03:23:11.250",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_StudentDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-306"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27377.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27377.json
new file mode 100644
index 00000000000..c14697eb996
--- /dev/null
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27377.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-27377",
+ "sourceIdentifier": "vdp@themissinglink.com.au",
+ "published": "2023-10-25T18:17:26.897",
+ "lastModified": "2023-10-28T03:23:47.653",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
+ },
+ {
+ "lang": "es",
+ "value": "La falta de autenticaci\u00f3n en el m\u00e9todo StudentPopupDetails_EmergencyContactDetails en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados extraigan datos confidenciales de los estudiantes."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ },
+ {
+ "source": "vdp@themissinglink.com.au",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "3.1.052",
+ "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377",
+ "source": "vdp@themissinglink.com.au",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27380.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27380.json
index 7dbc2338d2c..45db4e00954 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27380.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27380.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27380",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.747",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T15:00:54.690",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad admin.cgi USSD_send de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede conducir a la ejecuci\u00f3n de un comando. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1780",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-273xx/CVE-2023-27395.json b/CVE-2023/CVE-2023-273xx/CVE-2023-27395.json
index 137585139d6..02cb44d2af0 100644
--- a/CVE-2023/CVE-2023-273xx/CVE-2023-27395.json
+++ b/CVE-2023/CVE-2023-273xx/CVE-2023-27395.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27395",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.583",
- "lastModified": "2023-10-12T18:15:09.987",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:58:04.460",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la funcionalidad vpnserver WpcParsePacket() de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede realizar un ataque de intermediario para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,49 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "79C47EE5-1B55-4FDD-A5B5-E10FF3337100"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D21F370B-D9F2-43E8-8E45-0EA74A3C9D4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27516.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27516.json
index 5eef644b272..f514d41b729 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27516.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27516.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-27516",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.670",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T16:35:39.283",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad CiRpcAccepted() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Un paquete de red especialmente manipulado puede provocar un acceso no autorizado. Un atacante puede enviar una solicitud de red para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1188"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "79C47EE5-1B55-4FDD-A5B5-E10FF3337100"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1754",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json
index 3ad1bf676a3..0851bfe98dc 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27530.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27530",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-10T22:15:10.497",
- "lastModified": "2023-04-17T16:15:09.527",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-22T19:15:08.757",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -107,6 +107,10 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html",
"source": "support@hackerone.com"
+ },
+ {
+ "url": "https://www.debian.org/security/2023/dsa-5530",
+ "source": "support@hackerone.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27533.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27533.json
index b15619f64ea..3074deb86f8 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27533.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27533.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27533",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.373",
- "lastModified": "2023-10-11T11:15:11.197",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:51:08.517",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,6 +73,149 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -86,19 +229,31 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0011/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27534.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27534.json
index 21711fadc8e..09b241119e9 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27534.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27534.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27534",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.427",
- "lastModified": "2023-10-11T11:15:11.447",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:45:28.913",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -73,6 +73,149 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -86,15 +229,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0012/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27535.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27535.json
index 38cbdd42b22..2ae3c1e859b 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27535.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27535.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27535",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.483",
- "lastModified": "2023-10-11T11:15:11.530",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:45:13.193",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -260,7 +260,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/",
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
index b6ab92af152..9d7112c091a 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27536.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27536",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.547",
- "lastModified": "2023-10-11T11:15:11.643",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:44:37.687",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -270,7 +270,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/",
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27537.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27537.json
index 012638e7a6f..9ecb878547d 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27537.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27537.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27537",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.617",
- "lastModified": "2023-10-11T11:15:11.753",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:44:28.253",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -76,6 +76,139 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -89,11 +222,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-275xx/CVE-2023-27538.json b/CVE-2023/CVE-2023-275xx/CVE-2023-27538.json
index a1cf47ddfe9..3e36428bfe7 100644
--- a/CVE-2023/CVE-2023-275xx/CVE-2023-27538.json
+++ b/CVE-2023/CVE-2023-275xx/CVE-2023-27538.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-27538",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.677",
- "lastModified": "2023-10-11T11:15:11.977",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:43:26.050",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -67,8 +67,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.16.1",
- "versionEndIncluding": "7.88.1",
- "matchCriteriaId": "17E5685B-B249-480E-8AE0-F2EDA57EA053"
+ "versionEndExcluding": "8.0.0",
+ "matchCriteriaId": "D3ABEE9E-8E0B-4B8D-8913-D86B9CB05769"
}
]
}
@@ -88,6 +88,154 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
+ "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:9.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "52DE3DFE-350F-4E83-B425-1D7D47BEF6DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -101,15 +249,24 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0010/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27791.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27791.json
new file mode 100644
index 00000000000..e4959553440
--- /dev/null
+++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27791.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-27791",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T20:15:08.937",
+ "lastModified": "2023-10-25T09:51:31.380",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema encontrado en IXP Data Easy Install 6.6.148840 permite a un atacante remoto escalar privilegios a trav\u00e9s de PRNG inseguro."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-338"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.148840:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4D3B40C-C1D0-41C5-B8E7-73EBF11E2A2F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27792.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27792.json
new file mode 100644
index 00000000000..ced86538e40
--- /dev/null
+++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27792.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-27792",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T21:15:08.517",
+ "lastModified": "2023-10-25T09:50:30.440",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema encontrado en IXP Data Easy Install v.6.6.14884.0 permite a un atacante escalar privilegios debido a la falta de permisos aplicados a los subdirectorios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.148840:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4D3B40C-C1D0-41C5-B8E7-73EBF11E2A2F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27793.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27793.json
new file mode 100644
index 00000000000..d23b2b474df
--- /dev/null
+++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27793.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-27793",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T21:15:08.650",
+ "lastModified": "2023-10-25T12:07:41.090",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema descubierto en IXP Data Easy Install v.6.6.14884.0 permite a atacantes locales obtener privilegios elevados mediante una codificaci\u00f3n d\u00e9bil de informaci\u00f3n confidencial."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.14884.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3E471C4-DD8E-41E9-822F-2D00BAC36F4A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-277xx/CVE-2023-27795.json b/CVE-2023/CVE-2023-277xx/CVE-2023-27795.json
new file mode 100644
index 00000000000..2ff3718d643
--- /dev/null
+++ b/CVE-2023/CVE-2023-277xx/CVE-2023-27795.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-27795",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T21:15:08.697",
+ "lastModified": "2023-10-26T14:17:00.387",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema encontrado en IXP Data Easy Install v.6.6.14884.0 permite a un atacante local obtener privilegios a trav\u00e9s de una clave XOR est\u00e1tica."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.148840:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4D3B40C-C1D0-41C5-B8E7-73EBF11E2A2F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27854.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27854.json
new file mode 100644
index 00000000000..a8c1a08ea90
--- /dev/null
+++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27854.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-27854",
+ "sourceIdentifier": "PSIRT@rockwellautomation.com",
+ "published": "2023-10-27T19:15:41.157",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "PSIRT@rockwellautomation.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "PSIRT@rockwellautomation.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145",
+ "source": "PSIRT@rockwellautomation.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27857.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27857.json
index 98617a993e9..fcba6999faf 100644
--- a/CVE-2023/CVE-2023-278xx/CVE-2023-27857.json
+++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27857.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-27857",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-03-22T02:15:48.953",
- "lastModified": "2023-03-29T13:14:53.417",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:26.953",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation."
+ "value": "\n In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field\n\n\n\n in Rockwell Automation's ThinManager ThinServer.\u00a0\u00a0An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation.\n\n\n\n \n\n"
}
],
"metrics": {
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-120"
+ "value": "CWE-125"
}
]
}
diff --git a/CVE-2023/CVE-2023-278xx/CVE-2023-27858.json b/CVE-2023/CVE-2023-278xx/CVE-2023-27858.json
new file mode 100644
index 00000000000..ffc753c2341
--- /dev/null
+++ b/CVE-2023/CVE-2023-278xx/CVE-2023-27858.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-27858",
+ "sourceIdentifier": "PSIRT@rockwellautomation.com",
+ "published": "2023-10-27T19:15:41.230",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u00a0uninitialized pointer in the application. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "PSIRT@rockwellautomation.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "PSIRT@rockwellautomation.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-824"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145",
+ "source": "PSIRT@rockwellautomation.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json
index 492431f633a..3485a26f4a5 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2718.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2718",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-12T18:15:10.167",
- "lastModified": "2023-10-11T09:15:09.813",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:31:44.707",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -36,7 +36,7 @@
},
"weaknesses": [
{
- "source": "contact@wpscan.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -44,6 +44,16 @@
"value": "CWE-79"
}
]
+ },
+ {
+ "source": "contact@wpscan.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
}
],
"configurations": [
@@ -75,7 +85,10 @@
},
{
"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2721.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2721.json
index cd2a7749e7e..14e480cd7ff 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2721.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2721.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2721",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.160",
- "lastModified": "2023-09-30T11:15:14.887",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:31:03.057",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2722.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2722.json
index 11055717765..6bfc74e6e6a 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2722.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2722.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2722",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.217",
- "lastModified": "2023-09-30T11:15:14.967",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T16:47:19.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -142,7 +142,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2723.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2723.json
index 9381caac1f9..ef78762fb25 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2723.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2723.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2723",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.277",
- "lastModified": "2023-09-30T11:15:15.037",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T16:47:22.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2724.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2724.json
index 8a15efe0f82..38fb978f921 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2724.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2724.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2724",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.327",
- "lastModified": "2023-09-30T11:15:15.107",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T16:47:30.767",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -102,7 +102,11 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/173131/Chrome-Internal-JavaScript-Object-Access-Via-Origin-Trials.html",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop_16.html",
@@ -134,7 +138,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2725.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2725.json
index 01aeaed193d..da632175962 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2725.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2725.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2725",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.383",
- "lastModified": "2023-09-30T11:15:15.187",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T16:47:34.527",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2726.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2726.json
index 6d9a0d335c3..a26e0270895 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2726.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2726.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2726",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-16T19:15:09.433",
- "lastModified": "2023-09-30T11:15:15.260",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:31:06.937",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -130,7 +130,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "chrome-cve-admin@google.com"
+ "source": "chrome-cve-admin@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5404",
diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json
index 7ccc48d2c28..f760b764e97 100644
--- a/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json
+++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2744.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2744",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-27T14:15:11.433",
- "lastModified": "2023-10-16T18:15:15.790",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:06:07.627",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -67,7 +67,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/175106/WordPress-WP-ERP-1.12.2-SQL-Injection.html",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://wpscan.com/vulnerability/435da8a1-9955-46d7-a508-b5738259e731",
diff --git a/CVE-2023/CVE-2023-281xx/CVE-2023-28129.json b/CVE-2023/CVE-2023-281xx/CVE-2023-28129.json
index dd90fa87de3..f74520722fa 100644
--- a/CVE-2023/CVE-2023-281xx/CVE-2023-28129.json
+++ b/CVE-2023/CVE-2023-281xx/CVE-2023-28129.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-28129",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-10T20:15:09.657",
- "lastModified": "2023-08-15T20:28:13.247",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T04:15:10.807",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "Desktop & Server Management (DSM) may have a possible execution of arbitrary commands."
+ "value": "DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json
index ad3ca360b63..9d44676a9a0 100644
--- a/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json
+++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28261.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28261",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-27T19:15:20.350",
- "lastModified": "2023-09-30T11:15:13.373",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:53:10.297",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -101,7 +101,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json b/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json
index 58c8c51799e..d95c1dc43b4 100644
--- a/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json
+++ b/CVE-2023/CVE-2023-282xx/CVE-2023-28286.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28286",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-27T19:15:20.467",
- "lastModified": "2023-09-30T11:15:13.463",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:53:06.050",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -81,7 +81,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
index 959810789d7..c630b253e78 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28319.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28319",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:10.020",
- "lastModified": "2023-10-11T11:15:12.140",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:42:56.687",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -238,21 +238,24 @@
"url": "http://seclists.org/fulldisclosure/2023/Jul/47",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/48",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/52",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
@@ -266,7 +269,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
index 63479fe7c31..ce12106ae2a 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28320.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28320",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:15.937",
- "lastModified": "2023-10-11T11:15:12.517",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:42:42.793",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -242,21 +242,24 @@
"url": "http://seclists.org/fulldisclosure/2023/Jul/47",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/48",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/52",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
@@ -270,7 +273,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
index d54f49a6e65..5bd42a670cd 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28321.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28321",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:16.020",
- "lastModified": "2023-10-11T15:15:09.543",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T18:42:36.073",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -79,6 +79,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
@@ -258,21 +263,24 @@
"url": "http://seclists.org/fulldisclosure/2023/Jul/47",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/48",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/52",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
@@ -286,7 +294,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/",
@@ -306,7 +318,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
index 53fb6db5b63..38458b10460 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28322.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-28322",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-05-26T21:15:16.153",
- "lastModified": "2023-10-11T11:15:12.940",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T21:05:41.690",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -258,21 +258,24 @@
"url": "http://seclists.org/fulldisclosure/2023/Jul/47",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/48",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/52",
"source": "support@hackerone.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
@@ -302,7 +305,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-12",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230609-0009/",
diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28381.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28381.json
index 204150567b3..213a1293965 100644
--- a/CVE-2023/CVE-2023-283xx/CVE-2023-28381.json
+++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28381.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-28381",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:12.827",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T15:00:34.063",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad admin.cgi MVPN_trial_init de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede conducir a la ejecuci\u00f3n de un comando. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-286xx/CVE-2023-28635.json b/CVE-2023/CVE-2023-286xx/CVE-2023-28635.json
index 935312ed911..3990a6e557a 100644
--- a/CVE-2023/CVE-2023-286xx/CVE-2023-28635.json
+++ b/CVE-2023/CVE-2023-286xx/CVE-2023-28635.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-28635",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-11T20:15:09.893",
- "lastModified": "2023-10-11T21:04:47.110",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T16:06:32.323",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character."
+ },
+ {
+ "lang": "es",
+ "value": "vantage6 es una infraestructura de aprendizaje federada que preserva la privacidad. Antes de la versi\u00f3n 4.0.0, los usuarios malintencionados pod\u00edan intentar obtener acceso a recursos que no pod\u00edan ver, creando recursos con n\u00fameros enteros como nombres. Un ejemplo en el que esto supone un riesgo es cuando los usuarios definen qu\u00e9 usuarios pueden ejecutar algoritmos en su nodo. Esto puede definirse por nombre de usuario o identificaci\u00f3n de usuario. Ahora, por ejemplo, si el ID de usuario 13 puede ejecutar tareas y un atacante crea un nombre de usuario con el nombre de usuario '13', se le permitir\u00eda ejecutar un algoritmo por error. Tambi\u00e9n puede haber otros lugares en el c\u00f3digo donde dicha combinaci\u00f3n de ID o nombre de recurso genera problemas. La versi\u00f3n 4.0.0 contiene un parche para este problema. La mejor soluci\u00f3n es comprobar, cuando se crean o modifican recursos, que el nombre del recurso siempre comience con un car\u00e1cter."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -46,18 +70,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vantage6:vantage6:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "4.0.0",
+ "matchCriteriaId": "21C07998-FF3A-4F49-B6B7-97E89CB0A6B4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/vantage6/vantage6/blob/0682c4288f43fee5bcc72dc448cdd99bd7e57f76/docs/release_notes.rst#400",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/vantage6/vantage6/pull/744",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-7x94-6g2m-3hp2",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28793.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28793.json
new file mode 100644
index 00000000000..888061cc425
--- /dev/null
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28793.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28793",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.387",
+ "lastModified": "2023-10-27T00:41:16.730",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la librer\u00eda signelf utilizada por Zscaler Client Connector en Linux permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
+ "versionEndExcluding": "1.3.1.6",
+ "matchCriteriaId": "58F93164-0E8D-4DDC-BE4E-8D09CC32B322"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28795.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28795.json
new file mode 100644
index 00000000000..5b0c55228b0
--- /dev/null
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28795.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28795",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.450",
+ "lastModified": "2023-10-27T00:41:21.067",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de error de validaci\u00f3n de origen en Zscaler Client Connector en Linux permite la inclusi\u00f3n de c\u00f3digo en el proceso existente. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-346"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
+ "versionEndExcluding": "1.3.1.6",
+ "matchCriteriaId": "58F93164-0E8D-4DDC-BE4E-8D09CC32B322"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28796.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28796.json
new file mode 100644
index 00000000000..19fd5ba3c1a
--- /dev/null
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28796.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28796",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.507",
+ "lastModified": "2023-10-27T00:41:34.893",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nImproper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La verificaci\u00f3n incorrecta de la vulnerabilidad de Cryptographic Signature en Zscaler Client Connector en Linux permite la inyecci\u00f3n de c\u00f3digo. Este problema afecta a Zscaler Client Connector para Linux: versiones anteriores a 1.3.1.6."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
+ "versionEndExcluding": "1.3.1.6",
+ "matchCriteriaId": "58F93164-0E8D-4DDC-BE4E-8D09CC32B322"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-287xx/CVE-2023-28797.json b/CVE-2023/CVE-2023-287xx/CVE-2023-28797.json
new file mode 100644
index 00000000000..1a92b4cd438
--- /dev/null
+++ b/CVE-2023/CVE-2023-287xx/CVE-2023-28797.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28797",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.567",
+ "lastModified": "2023-10-27T00:41:53.097",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Zscaler Client Connector para Windows anterior a 4.1 escribe/elimina un archivo de configuraci\u00f3n dentro de carpetas espec\u00edficas en el disco. Un usuario malintencionado puede reemplazar la carpeta y ejecutar c\u00f3digo como usuario privilegiado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-59"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-59"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "4.1",
+ "matchCriteriaId": "54B697A3-9F3A-4C87-A8E9-462696DF7BB6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2022",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28803.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28803.json
new file mode 100644
index 00000000000..deabe0d11c8
--- /dev/null
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28803.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28803",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.627",
+ "lastModified": "2023-10-27T00:42:04.713",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Es posible omitir la autenticaci\u00f3n mediante la suplantaci\u00f3n de un dispositivo con una direcci\u00f3n IP sint\u00e9tica en Zscaler Client Connector en Windows, lo que permite omitir la funcionalidad. Este problema afecta a Client Connector: versiones anteriores a 3.9."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-290"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-290"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*",
+ "versionEndExcluding": "3.9",
+ "matchCriteriaId": "9B8D07A9-4498-4AFE-BE03-7241D844ED24"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28804.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28804.json
new file mode 100644
index 00000000000..64780da86b8
--- /dev/null
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28804.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28804",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.687",
+ "lastModified": "2023-10-27T00:42:14.680",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de verificaci\u00f3n incorrecta de Cryptographic Signature en Zscaler Client Connector en Linux permite reemplazar archivos binarios. Este problema afecta a Linux Client Connector: antes de 1.4.0.105"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-347"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
+ "versionEndExcluding": "1.4.0.105",
+ "matchCriteriaId": "265D988F-CAC9-45C0-A663-257BD0DCEF15"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-288xx/CVE-2023-28805.json b/CVE-2023/CVE-2023-288xx/CVE-2023-28805.json
new file mode 100644
index 00000000000..f01a475face
--- /dev/null
+++ b/CVE-2023/CVE-2023-288xx/CVE-2023-28805.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-28805",
+ "sourceIdentifier": "cve@zscaler.com",
+ "published": "2023-10-23T14:15:09.740",
+ "lastModified": "2023-10-27T00:42:30.530",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de validaci\u00f3n de entrada incorrecta en Zscaler Client Connector en Linux permite la escalada de privilegios. Este problema afecta a Client Connector: anterior a 1.4.0.105"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.4,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
+ {
+ "source": "cve@zscaler.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
+ "versionEndExcluding": "1.4.0.105",
+ "matchCriteriaId": "265D988F-CAC9-45C0-A663-257BD0DCEF15"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023",
+ "source": "cve@zscaler.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2854.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2854.json
index 9bc02e0e000..22fb980a67c 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2854.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2854.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2854",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:17.643",
- "lastModified": "2023-09-17T07:15:09.167",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:07:51.753",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,11 +131,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-17.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2855.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2855.json
index 7e34d615fb2..47d61c7f2e1 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2855.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2855.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2855",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:17.757",
- "lastModified": "2023-09-17T07:15:09.267",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T18:02:30.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "La falla del analizador de registros de Candump en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de un archivo de captura manipulado"
}
],
"metrics": {
@@ -90,6 +94,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,11 +131,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-12.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2856.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2856.json
index 0cccf228244..3bb5916b619 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2856.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2856.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2856",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:17.913",
- "lastModified": "2023-09-17T07:15:09.347",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:53:32.420",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del analizador de archivos VMS TCPIPtrace en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,15 +136,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-16.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2857.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2857.json
index 64f95de8bb4..18a1ecafec6 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2857.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2857.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2857",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:18.273",
- "lastModified": "2023-09-17T07:15:09.427",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:53:17.220",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,11 +131,17 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-13.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2858.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2858.json
index b3b8e335f4a..0dbc9a9bc2a 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2858.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2858.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2858",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:18.633",
- "lastModified": "2023-09-17T07:15:09.547",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:52:55.287",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de un archivo de captura manipulado."
}
],
"metrics": {
@@ -90,6 +94,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,15 +136,24 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-15.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2879.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2879.json
index 0f1c698c2b6..4a16a7a1e79 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2879.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2879.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2879",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-26T21:15:19.000",
- "lastModified": "2023-09-17T07:15:09.630",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:52:45.083",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "GDSDB bucle infinito en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio a trav\u00e9s de inyecci\u00f3n de paquetes o archivo de captura manipulado"
}
],
"metrics": {
@@ -90,6 +94,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -112,15 +136,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-14.html",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json
index e7526228e93..6503d843323 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2886.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2886",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-05-25T09:15:12.303",
- "lastModified": "2023-08-16T08:15:40.977",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-18T08:15:07.697",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
+ "confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
- "baseScore": 5.4,
+ "baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
- "impactScore": 2.5
+ "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
diff --git a/CVE-2023/CVE-2023-28xx/CVE-2023-2898.json b/CVE-2023/CVE-2023-28xx/CVE-2023-2898.json
index 507c638528a..128107a797b 100644
--- a/CVE-2023/CVE-2023-28xx/CVE-2023-2898.json
+++ b/CVE-2023/CVE-2023-28xx/CVE-2023-2898.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-2898",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-26T22:15:14.727",
- "lastModified": "2023-09-29T22:15:11.190",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:13.620",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -78,6 +78,10 @@
}
],
"references": [
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29009.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29009.json
new file mode 100644
index 00000000000..412c9ed5897
--- /dev/null
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29009.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-29009",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-27T20:15:09.010",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://basercms.net/security/JVN_45547161",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/baserproject/basercms/releases/tag/basercms-4.8.0",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/baserproject/basercms/security/advisories/GHSA-8vqx-prq4-rqrq",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json
index cbca31fc19e..4e0712cec0e 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29023.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29023",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-11T18:15:13.163",
- "lastModified": "2023-05-15T17:45:08.583",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:27.050",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-79"
}
]
}
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json
index 3fbb15c99db..b8896986483 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29024.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29024",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-11T18:15:13.240",
- "lastModified": "2023-05-15T17:45:04.930",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:27.150",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-79"
}
]
}
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json
index 28bed267516..4736af1b9d5 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29025.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29025",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-11T18:15:13.323",
- "lastModified": "2023-05-15T17:45:31.340",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:27.230",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-79"
}
]
}
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json
index 58d38e0322f..35865f127f1 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29030.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29030",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-11T18:15:13.770",
- "lastModified": "2023-05-15T17:46:39.870",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:27.313",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-79"
}
]
}
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json
index 177b08b0647..d572a836a62 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29031.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29031",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-11T18:15:13.843",
- "lastModified": "2023-05-15T17:46:57.373",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:27.397",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-79"
}
]
}
diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29334.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29334.json
index 4531b44a78c..9e6733d7fe5 100644
--- a/CVE-2023/CVE-2023-293xx/CVE-2023-29334.json
+++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29334.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29334",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-04-28T18:15:26.390",
- "lastModified": "2023-09-30T11:15:13.547",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:53:01.143",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29350.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29350.json
index e2fabfacdfd..e5e704fbd14 100644
--- a/CVE-2023/CVE-2023-293xx/CVE-2023-29350.json
+++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29350.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29350",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-05T23:15:09.253",
- "lastModified": "2023-09-30T11:15:13.620",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:54:16.570",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-293xx/CVE-2023-29354.json b/CVE-2023/CVE-2023-293xx/CVE-2023-29354.json
index 1dda8b0e680..6b2a7ac86a1 100644
--- a/CVE-2023/CVE-2023-293xx/CVE-2023-29354.json
+++ b/CVE-2023/CVE-2023-293xx/CVE-2023-29354.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29354",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-05-05T23:15:09.333",
- "lastModified": "2023-09-30T11:15:13.713",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:54:10.640",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202309-17",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29453.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29453.json
index 9b2bfbc278c..c8cbb716fd1 100644
--- a/CVE-2023/CVE-2023-294xx/CVE-2023-29453.json
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29453.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-29453",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-10-12T06:15:13.077",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-24T14:50:55.717",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution."
+ },
+ {
+ "lang": "es",
+ "value": "Las plantillas no consideran correctamente las comillas invertidas (`) como delimitadores de cadenas de Javascript y no las escapan como se esperaba. Las comillas invertidas se utilizan, desde ES6, para los literales de plantillas JS. Si una plantilla contiene una acci\u00f3n de plantilla Go dentro de un literal de plantilla Javascript, el contenido de la acci\u00f3n se puede usar para terminar el literal, inyectando c\u00f3digo Javascript arbitrario en la plantilla Go. Como los literales de plantilla de ES6 son bastante complejos y ellos mismos pueden hacer interpolaci\u00f3n de cadenas, se tom\u00f3 la decisi\u00f3n de simplemente no permitir que se utilicen acciones de plantilla de Go dentro de ellos (por ejemplo, \"var a = {{.}}\"), ya que no hay forma obviamente segura de permitir este comportamiento. Esto adopta el mismo enfoque que github.com/google/safehtml. Con arreglo, Plantilla. Parse devuelve un error cuando encuentra plantillas como esta, con un c\u00f3digo de error de valor 12. Este c\u00f3digo de error no se ha exportado actualmente, pero se exportar\u00e1 en la versi\u00f3n de Go 1.21. Los usuarios que conf\u00edan en el comportamiento anterior pueden volver a habilitarlo usando el indicador GODEBUG jstmpllitinterp=1, con la advertencia de que ahora se escapar\u00e1n las comillas invertidas. Esto debe usarse con precauci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-94"
+ }
+ ]
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -46,10 +80,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0",
+ "versionEndExcluding": "5.0.35",
+ "matchCriteriaId": "2950ACED-D8E9-456D-AEBF-5E5E145A6B82"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.0.0",
+ "versionEndExcluding": "6.0.18",
+ "matchCriteriaId": "EDA29820-0B03-4566-BB94-AC420CE44CBB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix-agent2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.4.0",
+ "versionEndExcluding": "6.4.3",
+ "matchCriteriaId": "CE6BD8DF-5ACA-4B40-BA17-05C8E398B503"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23388",
- "source": "security@zabbix.com"
+ "source": "security@zabbix.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29462.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29462.json
index 1c6d2f75e1e..b20f5d73fd3 100644
--- a/CVE-2023/CVE-2023-294xx/CVE-2023-29462.json
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29462.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29462",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-05-09T14:15:13.343",
- "lastModified": "2023-05-17T18:26:52.220",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T18:15:09.830",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-125"
+ "value": "CWE-787"
}
]
}
@@ -99,6 +99,13 @@
}
],
"references": [
+ {
+ "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139391",
+ "source": "PSIRT@rockwellautomation.com",
+ "tags": [
+ "Broken Link"
+ ]
+ },
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-10",
"source": "nvd@nist.gov",
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29464.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29464.json
index a1276fddd13..bcea0888e01 100644
--- a/CVE-2023/CVE-2023-294xx/CVE-2023-29464.json
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29464.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-29464",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-10-13T13:15:11.453",
- "lastModified": "2023-10-13T13:46:47.010",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T20:10:53.483",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nFactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "FactoryTalk Linx, en Rockwell Automation PanelView Plus, permite que un actor de amenazas no autenticado lea datos de la memoria a trav\u00e9s de paquetes maliciosos manipulados. Enviar un tama\u00f1o mayor que el tama\u00f1o del b\u00fafer da como resultado una fuga de datos de la memoria, lo que resulta en una divulgaci\u00f3n de informaci\u00f3n. Si el tama\u00f1o es lo suficientemente grande, hace que las comunicaciones a trav\u00e9s del protocolo industrial com\u00fan dejen de responder a cualquier tipo de paquete, lo que resulta en una Denegaci\u00f3n de Servicio (DoS) para FactoryTalk Linx a trav\u00e9s del protocolo industrial com\u00fan."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@@ -46,10 +80,36 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.20:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0753AB1-A633-4B8B-983E-1FA04EDDB2BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:rockwellautomation:factorytalk_linx:6.30:*:*:*:*:*:*:*",
+ "matchCriteriaId": "22A83428-A3F4-45DD-95D2-D938CE82E4AE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141040",
- "source": "PSIRT@rockwellautomation.com"
+ "source": "PSIRT@rockwellautomation.com",
+ "tags": [
+ "Permissions Required",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-294xx/CVE-2023-29484.json b/CVE-2023/CVE-2023-294xx/CVE-2023-29484.json
index fafa2bed515..8b092e79c58 100644
--- a/CVE-2023/CVE-2023-294xx/CVE-2023-29484.json
+++ b/CVE-2023/CVE-2023-294xx/CVE-2023-29484.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29484",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T20:15:14.423",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-24T13:39:23.563",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,15 +14,99 @@
"value": "En Terminalfour anterior a 8.3.16, los usuarios LDAP mal configurados pueden iniciar sesi\u00f3n con una contrase\u00f1a no v\u00e1lida."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:7.4.0004:qp3:*:*:*:*:*:*",
+ "matchCriteriaId": "15737F32-A5C2-401E-8DF4-F5615AAD6473"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:8.2.18.2.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B5447EF3-9A0D-46CB-A8DD-F88327D74C97"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:8.2.18.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7B7456B-FBBB-4074-A268-784EFFCC567A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:8.3.11.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCCDDB67-3BBE-43BD-993F-7BF5FEA65169"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:8.3.14.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0558454-674B-45B6-B223-6458701D90FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:terminalfour:terminalfour:8.3.16:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E42F0B63-691C-4E14-BCAF-1E3754E11EA4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://docs.terminalfour.com/articles/security-notices/cve-2023-29484/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://docs.terminalfour.com/release-notes/83/16.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Release Notes"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json b/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json
index 0c05da97ede..34041414341 100644
--- a/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json
+++ b/CVE-2023/CVE-2023-298xx/CVE-2023-29842.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-29842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T03:15:09.600",
- "lastModified": "2023-10-16T18:15:15.697",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:03:11.893",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,19 +17,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 9.8,
- "baseSeverity": "CRITICAL"
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 3.9,
+ "exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
@@ -66,7 +66,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/175105/ChurchCRM-4.5.4-SQL-Injection.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://github.com/ChurchCRM/CRM",
diff --git a/CVE-2023/CVE-2023-299xx/CVE-2023-29973.json b/CVE-2023/CVE-2023-299xx/CVE-2023-29973.json
new file mode 100644
index 00000000000..ff5d95293ae
--- /dev/null
+++ b/CVE-2023/CVE-2023-299xx/CVE-2023-29973.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-29973",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:27.493",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall."
+ },
+ {
+ "lang": "es",
+ "value": "Pfsense CE versi\u00f3n 2.6.0 es vulnerable a No rate limit, lo que puede llevar a que un atacante cree m\u00faltiples usuarios maliciosos en el firewall."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-29973-no-rate-limit/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
index ef94e691a15..12b7c1f9dca 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2952.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-2952",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-05-30T23:15:09.887",
- "lastModified": "2023-09-17T07:15:09.717",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T17:52:38.970",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file"
+ },
+ {
+ "lang": "es",
+ "value": "El bucle infinito del disector XRA en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegaci\u00f3n de servicio mediante la inyecci\u00f3n de paquetes o un archivo de captura manipulado"
}
],
"metrics": {
@@ -101,6 +105,11 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
@@ -126,16 +135,23 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html",
"source": "cve@gitlab.com",
"tags": [
- "Mailing List"
+ "Mailing List",
+ "Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202309-02",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5429",
- "source": "cve@gitlab.com"
+ "source": "cve@gitlab.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.wireshark.org/security/wnpa-sec-2023-20.html",
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2978.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2978.json
index 39a8ff55375..c10d3391399 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2978.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2978.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2978",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T14:15:09.763",
- "lastModified": "2023-06-05T18:02:38.967",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.147",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2979.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2979.json
index 3a9df772874..63f0fb80b5d 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2979.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2979.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2979",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T14:15:09.843",
- "lastModified": "2023-06-05T18:03:03.957",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.253",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211."
+ "value": "A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2980.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2980.json
index 7829b7eb25e..8b594391b9c 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2980.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2980.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2980",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T15:15:09.467",
- "lastModified": "2023-06-05T18:03:52.583",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.327",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212."
+ "value": "A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2981.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2981.json
index 3b60af82dda..2bbfbb7d273 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2981.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2981.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-2981",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-30T15:15:09.553",
- "lastModified": "2023-06-05T18:04:19.170",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.400",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability."
}
],
"metrics": {
@@ -111,6 +111,10 @@
}
],
"references": [
+ {
+ "url": "https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-29xx/CVE-2023-2995.json b/CVE-2023/CVE-2023-29xx/CVE-2023-2995.json
index 7475b36b922..722cc901428 100644
--- a/CVE-2023/CVE-2023-29xx/CVE-2023-2995.json
+++ b/CVE-2023/CVE-2023-29xx/CVE-2023-2995.json
@@ -2,16 +2,16 @@
"id": "CVE-2023-2995",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-19T20:15:09.120",
- "lastModified": "2023-09-21T13:13:26.580",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T09:15:08.867",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+ "value": "The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
},
{
"lang": "es",
- "value": "El complemento Leyka de WordPress hasta la versi\u00f3n 3.30.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Stored Cross-Site Scripting incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
+ "value": "El complemento Leyka WordPress anterior a 3.30.4 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30131.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30131.json
new file mode 100644
index 00000000000..5e371e45beb
--- /dev/null
+++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30131.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-30131",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T21:15:08.743",
+ "lastModified": "2023-10-26T14:15:22.767",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema descubierto en IXP EasyInstall 6.6.14884.0 permite a los atacantes ejecutar comandos arbitrarios, obtener privilegios elevados y causar otros impactos no especificados a trav\u00e9s de llamadas API no autenticadas."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.148840:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E4D3B40C-C1D0-41C5-B8E7-73EBF11E2A2F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30132.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30132.json
new file mode 100644
index 00000000000..cc2f366a7bf
--- /dev/null
+++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30132.json
@@ -0,0 +1,81 @@
+{
+ "id": "CVE-2023-30132",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T21:15:08.787",
+ "lastModified": "2023-10-26T14:17:33.853",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema descubierto en IXP Data EasyInstall 6.6.14907.0 permite a los atacantes obtener privilegios aumentados a trav\u00e9s de una Clave Criptogr\u00e1fica est\u00e1tica."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-326"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ixpdata:easyinstall:6.6.14907.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B36668E0-1EE5-4222-A266-DB48404EB9F1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.bramfitt-tech-labs.com/article/easy-install-cve-issue",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Technical Description",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30148.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30148.json
index 5b0b16fef4b..d92c1bbbe5d 100644
--- a/CVE-2023/CVE-2023-301xx/CVE-2023-30148.json
+++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30148.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-30148",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-14T04:15:10.933",
- "lastModified": "2023-10-14T17:32:33.483",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T13:16:01.450",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php."
+ },
+ {
+ "lang": "es",
+ "value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en Opart opartmultihtmlblock anterior a la versi\u00f3n 2.0.12 y Opart multihtmlblock* versi\u00f3n 1.0.0, permiten a usuarios remotos autenticados inyectar scripts web o HTML arbitrarios a trav\u00e9s del campo body_text o body_text_rude en /sourcefiles/BlockhtmlClass.php y /sourcefiles/blockhtml.php."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "cve@mitre.org",
"type": "Secondary",
@@ -34,10 +58,44 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:opart:multi_html_block:*:*:*:*:*:prestashop:*:*",
+ "versionEndExcluding": "2.0.12",
+ "matchCriteriaId": "26C0B971-9CCD-467D-9648-DC6096CCDAAC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/10/opartmultihtmlblock.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-301xx/CVE-2023-30154.json b/CVE-2023/CVE-2023-301xx/CVE-2023-30154.json
index fdd6e57ff03..eafc8233d4b 100644
--- a/CVE-2023/CVE-2023-301xx/CVE-2023-30154.json
+++ b/CVE-2023/CVE-2023-301xx/CVE-2023-30154.json
@@ -2,19 +2,80 @@
"id": "CVE-2023-30154",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-14T04:15:11.393",
- "lastModified": "2023-10-14T17:32:33.483",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:23:45.270",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons."
+ },
+ {
+ "lang": "es",
+ "value": "La neutralizaci\u00f3n m\u00faltiple inadecuada de par\u00e1metros SQL en el m\u00f3dulo AfterMail (aftermailpresta) para PrestaShop, anterior a la versi\u00f3n 2.2.1, permite a atacantes remotos realizar ataques de inyecci\u00f3n SQL a trav\u00e9s de los par\u00e1metros `id_customer`, `id_conf`, `id_product` y `token` en `aftermailajax.php` a trav\u00e9s del par\u00e1metro 'id_product' en los hooks DisplayRightColumnProduct y DisplayProductButtons."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:shoprunners:aftermail:*:*:*:*:*:prestashop:*:*",
+ "versionEndExcluding": "2.2.1",
+ "matchCriteriaId": "61260C43-B987-47A3-A578-D470AFA7AC7F"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://security.friendsofpresta.org/modules/2023/10/10/aftermailpresta.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-304xx/CVE-2023-30492.json b/CVE-2023/CVE-2023-304xx/CVE-2023-30492.json
new file mode 100644
index 00000000000..0728d2e6dfe
--- /dev/null
+++ b/CVE-2023/CVE-2023-304xx/CVE-2023-30492.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-30492",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-26T12:15:08.513",
+ "lastModified": "2023-10-26T12:58:59.800",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <=\u00a02.0.0.1 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada autenticada (con permisos de colaborador o superior) en el complemento Vark Minimum Purchase para WooCommerce en versiones <= 2.0.0.1."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/minimum-purchase-for-woocommerce/wordpress-minimum-purchase-for-woocommerce-plugin-2-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30534.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30534.json
index 916c5ecaa6d..379689c71a7 100644
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30534.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30534.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30534",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-05T22:15:08.240",
- "lastModified": "2023-10-13T04:15:11.693",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:51:29.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -95,15 +115,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://www.fastly.com/blog/cve-2023-30534-insecure-deserialization-in-cacti-prior-to-1-2-25",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json
index 089dfc449a4..95edf82c4c8 100644
--- a/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json
+++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30562.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30562",
"sourceIdentifier": "cybersecurity@bd.com",
"published": "2023-07-13T20:15:09.080",
- "lastModified": "2023-07-25T18:47:10.843",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-26T16:15:08.433",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -37,20 +37,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
- "integrityImpact": "HIGH",
- "availabilityImpact": "HIGH",
- "baseScore": 6.7,
- "baseSeverity": "MEDIUM"
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.0,
+ "baseSeverity": "LOW"
},
"exploitabilityScore": 1.5,
- "impactScore": 5.2
+ "impactScore": 1.4
}
]
},
diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30633.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30633.json
new file mode 100644
index 00000000000..049f546aa2b
--- /dev/null
+++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30633.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-30633",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T20:15:08.990",
+ "lastModified": "2023-10-20T11:27:35.620",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices)."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en TrEEConfigDriver de Insyde InsydeH2O con kernel 5.0 a 5.5. Puede informar valores falsos de TPM PCR y, por tanto, enmascarar la actividad de malware. Los dispositivos utilizan Platform Configuration Registers (PCR) para registrar informaci\u00f3n sobre la configuraci\u00f3n del dispositivo y del software para garantizar que el proceso de arranque sea seguro. (Por ejemplo, Windows utiliza estas mediciones de PCR para determinar el estado del dispositivo). Un dispositivo vulnerable puede hacerse pasar por un dispositivo en buen estado extendiendo valores arbitrarios a los bancos del Platform Configuration Registers (PCR). Esto requiere acceso f\u00edsico al dispositivo de la v\u00edctima objetivo o comprometer las credenciales de usuario de un dispositivo. Este problema es similar a CVE-2021-42299 (en dispositivos Surface Pro)."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.insyde.com/security-pledge",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.insyde.com/security-pledge/SA-2023045",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json
index a93e50f9eb0..73e4bac5a1e 100644
--- a/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json
+++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30774.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-30774",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.923",
- "lastModified": "2023-07-03T16:15:10.150",
+ "lastModified": "2023-10-26T00:15:09.963",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -74,6 +74,10 @@
}
],
"references": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Oct/24",
+ "source": "secalert@redhat.com"
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30774",
"source": "secalert@redhat.com",
@@ -100,6 +104,10 @@
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0002/",
"source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213984",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-307xx/CVE-2023-30781.json b/CVE-2023/CVE-2023-307xx/CVE-2023-30781.json
new file mode 100644
index 00000000000..48ca8a03558
--- /dev/null
+++ b/CVE-2023/CVE-2023-307xx/CVE-2023-30781.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-30781",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-18T14:15:09.237",
+ "lastModified": "2023-10-25T01:26:48.097",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Blvd Tweeple plugin <=\u00a00.9.5 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Theme Blvd Tweeple en versiones <= 0.9.5."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:themeblvd:tweeple:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "0.9.5",
+ "matchCriteriaId": "4FD92DA8-285B-4150-8D8D-A3D6C32036FE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/tweeple/wordpress-tweeple-plugin-0-9-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json b/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json
index 519f69626af..baa7d7cb835 100644
--- a/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json
+++ b/CVE-2023/CVE-2023-308xx/CVE-2023-30801.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-30801",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2023-10-10T14:15:10.493",
- "lastModified": "2023-10-10T14:58:46.263",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T02:17:16.787",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the \"external program\" feature in the web user interface. This was reportedly exploited in the wild in March 2023.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Todas las versiones del cliente qBittorrent hasta la 4.5.5 utilizan credenciales predeterminadas cuando la interfaz de usuario web est\u00e1 habilitada. El administrador no est\u00e1 obligado a cambiar las credenciales predeterminadas. A partir de 4.5.5, este problema no se ha solucionado. Un atacante remoto puede utilizar las credenciales predeterminadas para autenticar y ejecutar comandos arbitrarios del sistema operativo utilizando la funci\u00f3n \"programa externo\" en la interfaz de usuario web. Seg\u00fan se informa, esto fue explotado salvajemente en marzo de 2023."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ },
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
@@ -46,14 +80,38 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.5.5",
+ "matchCriteriaId": "A1B8F48C-E176-4D0E-A303-596701DD2EF4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/qbittorrent/qBittorrent/issues/18731",
- "source": "disclosure@vulncheck.com"
+ "source": "disclosure@vulncheck.com",
+ "tags": [
+ "Issue Tracking"
+ ]
},
{
"url": "https://vulncheck.com/advisories/qbittorrent-default-creds",
- "source": "disclosure@vulncheck.com"
+ "source": "disclosure@vulncheck.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30911.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30911.json
new file mode 100644
index 00000000000..0fcf8ef8395
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30911.json
@@ -0,0 +1,505 @@
+{
+ "id": "CVE-2023-30911",
+ "sourceIdentifier": "security-alert@hpe.com",
+ "published": "2023-10-18T18:15:09.033",
+ "lastModified": "2023-10-25T01:24:10.810",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service."
+ },
+ {
+ "lang": "es",
+ "value": "HPE Integrated Lights-Out 5 e Integrated Lights-Out 6 que utilizan iLOrest pueden provocar una Denegaci\u00f3n de Servicio."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "security-alert@hpe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hpe:integrated_lights-out_5_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.98",
+ "matchCriteriaId": "DAF9FFD1-73D6-40AD-849B-EB4749B5AAE3"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_2000_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6135F141-E7EE-4DCE-988F-62F7B5815EBA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_plus_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1BF55930-EC9C-4C0D-8092-3E1091902D4B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_4200_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CFB818A6-80D5-4DD7-8E0D-EC25764A0693"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_4510_gen10_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "25418088-0890-401E-837C-611154B2C433"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_plus_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D1480B92-9A59-4675-B2DF-6DAE385927B2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_6500_gen10_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC09C72C-0BD3-4DB1-96C6-72F2330D4165"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_n2600_gen10_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FB23B5E3-887B-41C8-B83E-0203BEC9DDB1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_n2800_gen10_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "33A5C2F7-66E1-483F-95E7-D51C6D32E7CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_r2200_gen10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F3FF527B-51BF-445B-80D0-42FD50D6F60A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_r2600_gen10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A478D98-EE4E-45ED-A257-F154693E6FB2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:apollo_r2800_gen10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3CAC257C-8594-454D-BA28-5D98F03AF3EC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:edgeline_e920_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4CB4D5F2-2E5C-4191-ACA0-D086E08FFDA4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:edgeline_e920d_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AC36ED1-D392-4DC6-B3E0-99A821705AA2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:edgeline_e920t_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4D0ACC75-47E9-439A-9338-170478FB326F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_bl460c_gen10_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C25FD273-0E16-4975-985C-8BD96AE0D449"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl110_gen10_plus_telco_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "554BD1A9-19DC-40E7-875F-2C6091CDC904"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl160_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0C77CAF-0A18-4447-93BD-C64595475E37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl180_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "08D81BA5-E5D8-4D42-8C42-A91063008359"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EA978EC2-6027-4605-BECC-68B4682DB5E5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl20_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B15D52EA-CE63-47AF-993D-265163B5B38E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B1F98CB6-3933-4425-A7E9-542AB764C8C4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl325_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A91E7E91-BED2-4CFE-AB7A-8537F1A589C8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl345_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9BE801CF-95AB-409A-8063-9525FC1A3BF1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4A540039-4339-44CE-92AD-83B80928FC81"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl360_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD08B95A-240C-436E-91B5-2D594F6F1F07"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl365_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7151CE9-BAD2-47B8-9283-5BEB53C93D98"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E27B2E8E-1F1D-4397-BE33-80755D6BE56C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl380_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8545248A-2943-4B8D-A295-BE7D43492BC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "00B032E4-9663-4525-ACC4-217B5E266124"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_plus_v2_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "61758FDD-0744-4207-950E-D11717E9E5D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl385_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D3845235-CAFC-4FB3-AB26-F0E8A8815F88"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl560_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B8389F7F-7653-4695-91CC-DCFACC870094"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl580_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "419470B4-80EF-46BF-8DB4-6569D3E8435F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_e910_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "174EF59C-18A6-4490-A23A-76E74C1D2AFA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_e910t_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C755817B-B074-4496-934B-A30C72A4F849"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_m750_server_blade:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E79D5665-6654-4AF7-A3DE-7F338067E8C3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F8B5AC2-7889-4654-88D2-289CE20A4ED7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_microserver_gen10_plus_v2:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FCB4EDC6-F7DA-4DCD-AB0B-BCCD5B4776DC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml110_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB32875E-11E3-443E-809C-12CCAE574570"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5527AD20-7E19-4987-915D-FCFFEBFDA4C6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml30_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76C24685-FEE2-494F-9806-56477E62FD1A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml350_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DE16BA-939E-4C26-B03B-439E60C7C872"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl170r_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4B224273-2E15-41F2-84D6-D754F6B76B49"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl190r_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1ACD7139-05F6-4D60-BB0F-9AA6952720CA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl220n_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "01181BEB-DE0B-49AA-B632-91B40046120F"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl225n_gen10_plus_1u_node:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9334B70C-EBBD-4D0F-A0DC-EC84E014701E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl230k_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "50247A44-3EA0-4B4B-9AB6-64D9B470F190"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl270d_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1A21F0B8-D613-46CD-BAEC-5CD876FD5352"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl290n_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4435D5C3-A7CB-4EA6-87A9-6026DAC8DA47"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl2x260w_gen10_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "72F58441-4DFB-42F3-AA93-500AAF712D1B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl645d_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "424298C0-01E2-4770-818D-25F47A801F88"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl675d_gen10_plus_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1E7408A4-7409-4223-ABA7-C1F35E84D213"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_xl925g_gen10_plus_1u_4-node_configure-to-order_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0C3D137A-E744-4543-83DF-7B0E01F4456C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:synergy_480_gen10_compute_module:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "853AF641-B81C-4FB7-89AB-EACF420F0C62"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:synergy_480_gen10_plus_compute_module:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F15301B-B695-4DC8-9EE5-517AC2E64778"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:synergy_660_gen10_compute_module:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "19188281-533B-450E-84F1-089F3300D08E"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:hpe:integrated_lights-out_6_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.53",
+ "matchCriteriaId": "46E5BFA5-D47B-4D7D-9328-9210F5289934"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:alletra_4110:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F66E9860-0CC6-4C51-9B1D-D56CBD1F231B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:alletra_4120:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F95280DF-C0DD-4685-9F1E-5B8F2BA8CFD7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:alletra_4140:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BB18DECF-4A39-4970-BE37-7C19818BD78A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl110_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D3F028DB-68DF-4551-9D52-99D02F5DDBD3"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl20_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2378D39A-9737-4681-A724-1CF9B252D29E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl320_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4D01E2C9-76B7-4C23-A9B4-7BFB90F7F848"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl325_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8B8A4A0C-A33A-48E5-8F53-807A20333DE9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl345_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "37DFB5BE-E36B-4D5D-AC60-267799B6AEF9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl360_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EE19E0B8-B23C-41E0-82DA-BEFBCDC7954A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl365_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C8E5A73F-96A5-4488-8DAE-3ECBEAD71CE9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl380_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "05AF31FE-6C42-4D64-A216-7FD5383D50F5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl380a_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5A576DB6-E28A-44F3-9D02-AB6DB197589D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl385_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36449636-2501-4608-968D-9E73090A4D43"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_dl560_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C8E15353-5528-4630-87CE-1D1304C13E97"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml110_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "79E6B854-C81C-4D33-856F-6BBE7AA38863"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml30_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ADDD6399-8558-4642-83FF-B0F8E370F549"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_ml350_gen11_server:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A24D0AE-55B8-438A-B956-3A20F34382F2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:proliant_rl300_gen11:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEC202C6-AD3B-4C2C-9BA6-3F5356EF30AC"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:hpe:synergy_480_gen11_compute_module:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AF809BB7-50A7-4477-A627-D63A3AE5AA18"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf04544en_us",
+ "source": "security-alert@hpe.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30912.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30912.json
new file mode 100644
index 00000000000..ce7ed8726c6
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30912.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-30912",
+ "sourceIdentifier": "security-alert@hpe.com",
+ "published": "2023-10-25T18:17:27.543",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nA remote code execution issue exists in HPE OneView.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Existe un problema de ejecuci\u00f3n remota de c\u00f3digo en HPE OneView."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-alert@hpe.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04548en_us",
+ "source": "security-alert@hpe.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30967.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30967.json
new file mode 100644
index 00000000000..a7bdb95f658
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30967.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-30967",
+ "sourceIdentifier": "cve-coordination@palantir.com",
+ "published": "2023-10-26T00:15:10.040",
+ "lastModified": "2023-10-26T11:44:17.377",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. "
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que el servicio Gotham Orbital-Simulator anterior a 0.692.0 era vulnerable a un problema de Path Traversal que permit\u00eda a un usuario no autenticado leer archivos arbitrarios en el sistema de archivos."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@palantir.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79",
+ "source": "cve-coordination@palantir.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30969.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30969.json
new file mode 100644
index 00000000000..7998c5a8de7
--- /dev/null
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30969.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-30969",
+ "sourceIdentifier": "cve-coordination@palantir.com",
+ "published": "2023-10-26T00:15:10.107",
+ "lastModified": "2023-10-26T11:44:17.377",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que el servicio Palantir Tiles1 era vulnerable a un problema en toda la API en el que el servicio no realizaba autenticaci\u00f3n/autorizaci\u00f3n en todos los endpoints."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "cve-coordination@palantir.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7",
+ "source": "cve-coordination@palantir.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json
index 86c2ab81dd0..4938612f393 100644
--- a/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30987.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30987",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.627",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:05:29.397",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,153 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.5",
+ "versionEndExcluding": "11.5.8",
+ "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
+ "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
+ "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
+ "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
+ "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
+ "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/253440",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047560",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json
index b0b4c41f299..5d2745d21ab 100644
--- a/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30991.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-30991",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T23:15:10.147",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:34:33.447",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,98 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.5",
+ "versionEndIncluding": "11.5.8",
+ "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254037",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047499",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-309xx/CVE-2023-30994.json b/CVE-2023/CVE-2023-309xx/CVE-2023-30994.json
index b48b6842a80..7f884106347 100644
--- a/CVE-2023/CVE-2023-309xx/CVE-2023-30994.json
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30994.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-30994",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T17:15:09.623",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:48:41.863",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138"
+ },
+ {
+ "lang": "es",
+ "value": "IBM QRadar SIEM 7.5.0 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. IBM X-Force ID: 254138"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-327"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,81 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
+ "matchCriteriaId": "DACA17CC-8B71-4E71-B075-BFFB65AD989C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*",
+ "matchCriteriaId": "BA60FDE5-8C40-4C7A-97CF-BA2A64BF307D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*",
+ "matchCriteriaId": "AB518E06-00BA-48F3-8AEC-6E1E97CAA2CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*",
+ "matchCriteriaId": "289027A2-178C-45DE-A86F-1207F23D13B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*",
+ "matchCriteriaId": "5047AECF-879B-427A-ACF7-ECB10965E1B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*",
+ "matchCriteriaId": "CD448AB8-E3CC-41A1-9D32-B1B35C68FA5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*",
+ "matchCriteriaId": "9F4014E8-42E2-4B76-B2DA-8B50929A4AB5"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254138",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7049133",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3010.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3010.json
new file mode 100644
index 00000000000..9779baf39a6
--- /dev/null
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3010.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-3010",
+ "sourceIdentifier": "security@grafana.com",
+ "published": "2023-10-25T18:17:29.993",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Grafana is an open-source platform for monitoring and observability. \n\nThe WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Grafana es una plataforma de c\u00f3digo abierto para monitorizaci\u00f3n y observabilidad. El complemento del panel WorldMap, versiones anteriores a la 1.0.4, contiene una vulnerabilidad de DOM XSS."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@grafana.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://grafana.com/security/security-advisories/cve-2023-3010/",
+ "source": "security@grafana.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
index deff3da40f8..a4cb2d4cd6a 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3018.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3018",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-31T15:15:09.713",
- "lastModified": "2023-09-25T16:46:20.430",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.550",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -111,15 +111,6 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/172653/Lost-And-Found-Information-System-1.0-Broken-Access-Control-Privilege-Escalation.html",
- "source": "cna@vuldb.com",
- "tags": [
- "Exploit",
- "Third Party Advisory",
- "VDB Entry"
- ]
- },
{
"url": "https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3042.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3042.json
new file mode 100644
index 00000000000..fc4886eb0c4
--- /dev/null
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3042.json
@@ -0,0 +1,124 @@
+{
+ "id": "CVE-2023-3042",
+ "sourceIdentifier": "security@dotcms.com",
+ "published": "2023-10-17T23:15:11.920",
+ "lastModified": "2023-10-25T14:31:29.200",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. \n\nThe oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 .\u00a0\n\nTo mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.\n\nSpecifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. \n\nAdditionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.\n\nFix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+\n"
+ },
+ {
+ "lang": "es",
+ "value": "En dotCMS, versiones mencionadas, una falla en NormalizationFilter no elimina las barras dobles (//) de las URL, lo que potencialmente permite omitir XSS y controles de acceso. Un ejemplo de URL afectada es https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp, que deber\u00eda devolver una respuesta 404 pero no lo hizo. La supervisi\u00f3n de la lista predeterminada de caracteres de URL no v\u00e1lidos se puede ver en el enlace proporcionado de GitHub https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java #L37. Para mitigar, los usuarios pueden bloquear las URL con barras dobles en los firewalls o utilizar variables de configuraci\u00f3n de dotCMS. Espec\u00edficamente, pueden usar la variable ambiental DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS para agregar // a la lista de cadenas no v\u00e1lidas. Adem\u00e1s, la variable DOT_URI_NORMALIZATION_FORBIDDEN_REGEX ofrece un control m\u00e1s detallado, por ejemplo, para bloquear URL //html.*. Versi\u00f3n reparada: 23.06+, LTS 22.03.7+, LTS 23.01.4+"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@dotcms.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@dotcms.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dotcms:dotcms:5.3.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1B26B5D7-CE8E-4908-8D46-A78B1A4245BA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dotcms:dotcms:21.06:*:*:*:*:*:*:*",
+ "matchCriteriaId": "98D4378C-DEAC-44C1-89D1-A4846450E153"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dotcms:dotcms:22.03:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5FC8E88E-4C9A-4FE9-A3B6-2A5707323F1E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:dotcms:dotcms:23.01:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68AC1E5-1756-4838-8BE5-78B2F1435A6C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.dotcms.com/security/SI-68",
+ "source": "security@dotcms.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json
index 861d7c94c99..f58cd97f5fb 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3085.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-3085",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-03T11:15:21.443",
- "lastModified": "2023-06-12T17:25:40.813",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T08:15:08.707",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663."
+ "value": "A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The patch is named 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663."
},
{
"lang": "es",
diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json
index 17818e2e12b..f28d604c6cc 100644
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3090.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3090",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.693",
- "lastModified": "2023-10-11T19:15:10.233",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-26T18:27:16.253",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -104,6 +104,16 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
@@ -117,11 +127,19 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e",
@@ -141,11 +159,25 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0002/",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5448",
@@ -156,7 +188,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31046.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31046.json
new file mode 100644
index 00000000000..4778f613eb3
--- /dev/null
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31046.json
@@ -0,0 +1,107 @@
+{
+ "id": "CVE-2023-31046",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-19T14:15:08.883",
+ "lastModified": "2023-10-26T17:14:53.670",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with \"GET /ui/static/..//..\" reach getStaticContent in UIContentResource.class in the static-content-files servlet."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de Path Traversal en PaperCut NG anterior a 22.1.1 y PaperCut MF anterior a 22.1.1. En condiciones espec\u00edficas, esto podr\u00eda permitir que un atacante autenticado obtenga acceso de solo lectura al sistema de archivos del servidor, porque las solicitudes que comienzan con \"GET /ui/static/..//..\" alcanza getStaticContent en UIContentResource.class en el servlet static-content-files."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "22.1.1",
+ "matchCriteriaId": "E017C8AB-3DE6-4506-8F25-95DCD901FFAE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "22.1.1",
+ "matchCriteriaId": "3FB63050-D74D-417B-9639-B81D3B789EE1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://research.aurainfosec.io/disclosure/papercut/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://web.archive.org/web/20230814061444/https://research.aurainfosec.io/disclosure/papercut/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.papercut.com/kb/Main/PO-1216-and-PO-1219#security-notifications",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.papercut.com/kb/Main/SecurityBulletinJune2023",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json
index 940211bb750..e453302453d 100644
--- a/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31069.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-31069",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-11T19:15:41.983",
- "lastModified": "2023-09-13T03:53:33.217",
+ "lastModified": "2023-10-25T13:05:39.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en TSplus Remote Access hasta 16.0.2.14. Las credenciales se almacenan como texto sin cifrar dentro del c\u00f3digo fuente HTML de la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"metrics": {
@@ -17,20 +21,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
- "integrityImpact": "NONE",
- "availabilityImpact": "NONE",
- "baseScore": 7.5,
- "baseSeverity": "HIGH"
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
- "impactScore": 3.6
+ "impactScore": 5.9
}
]
},
diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json
index 8b4447351b4..1361a167f8b 100644
--- a/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31084.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-31084",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-24T06:15:07.997",
- "lastModified": "2023-09-29T22:15:11.527",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:13.787",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -68,6 +68,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json b/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json
index 8d1784763fb..500a15716a5 100644
--- a/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json
+++ b/CVE-2023/CVE-2023-310xx/CVE-2023-31096.json
@@ -2,23 +2,99 @@
"id": "CVE-2023-31096",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-10T19:15:09.530",
- "lastModified": "2023-10-10T19:37:40.180",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:27:16.947",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver hasta 2.2.100.1 (tambi\u00e9n conocido como AGRSM64.sys). Hay una escalada de privilegios local al SYSTEM a trav\u00e9s de un desbordamiento de pila en RTLCopyMemory (IOCTL 0x1b2150). Un atacante puede aprovechar esto para elevar los privilegios de un proceso de integridad media al SYSTEM. Esto tambi\u00e9n se puede utilizar para omitir protecciones a nivel de kernel como AV o PPL, porque el c\u00f3digo de explotaci\u00f3n se ejecuta con privilegios de alta integridad y se puede utilizar en campa\u00f1as coordinadas de ransomware BYOVD (traiga su propio controlador vulnerable)."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:broadcom:lsi_pci-sv92ex_firmware:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.2.100.1",
+ "matchCriteriaId": "B800F3FF-2B88-4135-9E76-CDA5B582F00D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:broadcom:lsi_pci-sv92ex:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9EE609F6-C73C-4152-B748-4860C45D8BB7"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://cschwarz1.github.io/posts/0x04/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.broadcom.com",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31122.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31122.json
new file mode 100644
index 00000000000..5b03adc3795
--- /dev/null
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31122.json
@@ -0,0 +1,109 @@
+{
+ "id": "CVE-2023-31122",
+ "sourceIdentifier": "security@apache.org",
+ "published": "2023-10-23T07:15:11.103",
+ "lastModified": "2023-10-28T03:30:29.223",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de lectura fuera de l\u00edmites en mod_macro del servidor Apache HTTP. Este problema afecta al servidor Apache HTTP: hasta 2.4.57."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@apache.org",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.4.57",
+ "matchCriteriaId": "A1BE631C-0308-4AEB-93CF-757B37D2BAFA"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
+ "source": "security@apache.org",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
+ "source": "security@apache.org",
+ "tags": [
+ "Mailing List"
+ ]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0011/",
+ "source": "security@apache.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31132.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31132.json
index 8d8396d6423..e592515d367 100644
--- a/CVE-2023/CVE-2023-311xx/CVE-2023-31132.json
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31132.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-31132",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-05T22:15:08.487",
- "lastModified": "2023-10-13T04:15:11.910",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T19:52:15.093",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Cacti es un framework de monitorizaci\u00f3n operativa y gesti\u00f3n de fallos de c\u00f3digo abierto. Las versiones afectadas est\u00e1n sujetas a una vulnerabilidad de escalada de privilegios. Un usuario del sistema operativo con pocos privilegios y acceso a un host Windows en el que est\u00e9 instalado Cacti puede crear archivos PHP arbitrarios en un directorio de documentos web. El usuario puede entonces ejecutar los archivos PHP bajo el contexto de seguridad de SYSTEM. Esto permite a un atacante escalar privilegios desde una cuenta de usuario normal a SYSTEM. Este problema se ha solucionado en la versi\u00f3n 1.2.25. Se recomienda a los usuarios actualizar. No se conocen soluciones para esta vulnerabilidad. "
}
],
"metrics": {
@@ -107,11 +111,17 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31192.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31192.json
index 8f857e689e3..7eb04005089 100644
--- a/CVE-2023/CVE-2023-311xx/CVE-2023-31192.json
+++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31192.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-31192",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.760",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:59:18.633",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad ClientConnect() de SoftEther VPN 5.01.9674. Un paquete de red especialmente manipulado puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede realizar un ataque de intermediario para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-908"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,39 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31217.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31217.json
new file mode 100644
index 00000000000..bc06276015a
--- /dev/null
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31217.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-31217",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-18T13:15:08.880",
+ "lastModified": "2023-10-25T17:24:10.200",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin <=\u00a01.6 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en el complemento MyTechTalky User Location and IP en versiones <= 1.6."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:user_location_and_ip_project:user_location_and_ip:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "1.6",
+ "matchCriteriaId": "4400CD05-9795-44D3-9158-7D0533C7223B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/user-location-and-ip/wordpress-user-location-and-ip-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31416.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31416.json
new file mode 100644
index 00000000000..2a78fb255a0
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31416.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31416",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T19:15:45.270",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment."
+ },
+ {
+ "lang": "es",
+ "value": "La configuraci\u00f3n del token secreto nunca se aplica cuando se usa ECK <2.8 con APM Server>=8.0. Esto podr\u00eda dar lugar a que se acepten solicitudes an\u00f3nimas a un servidor APM y que los datos se ingieran en esta implementaci\u00f3n de APM."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/elastic-cloud-on-kubernetes-eck-2-8-security-update/343854",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json
new file mode 100644
index 00000000000..2e373082d22
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31417.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31417",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T18:15:08.500",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Elasticsearch generalmente filtra la informaci\u00f3n y las credenciales confidenciales antes de iniciar sesi\u00f3n en el registro de auditor\u00eda. Se descubri\u00f3 que este filtrado no se aplicaba cuando las solicitudes a Elasticsearch utilizan ciertos URI obsoletos para las API. El impacto de esta falla es que la informaci\u00f3n confidencial, como contrase\u00f1as y tokens, puede imprimirse en texto plano en los registros de auditor\u00eda de Elasticsearch. Tenga en cuenta que el registro de auditor\u00eda est\u00e1 deshabilitado de forma predeterminada y debe habilitarse expl\u00edcitamente e incluso cuando el registro de auditor\u00eda est\u00e1 habilitado, los cuerpos de solicitud que podr\u00edan contener informaci\u00f3n confidencial no se imprimen en el registro de auditor\u00eda a menos que se configure expl\u00edcitamente."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.5,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-532"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json
new file mode 100644
index 00000000000..61c6531b6ae
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31418.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31418",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T18:15:08.587",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild."
+ },
+ {
+ "lang": "es",
+ "value": "Se identific\u00f3 un problema con la forma en que Elasticsearch manej\u00f3 las solicitudes entrantes en la capa HTTP. Un usuario no autenticado podr\u00eda forzar la salida de un nodo de Elasticsearch con un error OutOfMemory enviando una cantidad moderada de solicitudes HTTP con formato incorrecto. El problema fue identificado por Elastic Engineering y no tenemos indicios de que se conozca o de que est\u00e9 siendo explotado en la naturaleza."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31419.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31419.json
new file mode 100644
index 00000000000..3ab66aa4393
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31419.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31419",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T18:15:08.647",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 una falla en Elasticsearch que afectaba a la API _search y permit\u00eda que una cadena de consulta especialmente manipulada provocara un desbordamiento de pila y, en \u00faltima instancia, una denegaci\u00f3n de servicio."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31421.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31421.json
new file mode 100644
index 00000000000..bdbb27037cd
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31421.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31421",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T04:15:16.000",
+ "lastModified": "2023-10-26T11:44:17.377",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que cuando actuaban como Clientes TLS, Beats, Elastic Agent, APM Server y Fleet Server no verificaban si el certificado del servidor es v\u00e1lido para la direcci\u00f3n IP de destino; sin embargo, a\u00fan se realiza la validaci\u00f3n de la firma del certificado. M\u00e1s espec\u00edficamente, cuando el cliente est\u00e1 configurado para conectarse a una direcci\u00f3n IP (en lugar de un nombre de host), no valida los valores IP SAN del certificado del servidor con esa direcci\u00f3n IP y la validaci\u00f3n del certificado falla y, por lo tanto, la conexi\u00f3n no se bloquea como se esperaba."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-295"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/beats-elastic-agent-apm-server-and-fleet-server-8-10-1-security-update-improper-certificate-validation-issue-esa-2023-16/343385",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31422.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31422.json
new file mode 100644
index 00000000000..ec475c1c16f
--- /dev/null
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31422.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-31422",
+ "sourceIdentifier": "bressers@elastic.co",
+ "published": "2023-10-26T02:15:08.340",
+ "lastModified": "2023-10-26T11:44:17.377",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users."
+ },
+ {
+ "lang": "es",
+ "value": "Elastic descubri\u00f3 un problema por el cual se registra informaci\u00f3n confidencial en los registros de Kibana en caso de error. El problema afecta solo a la versi\u00f3n 8.10.0 de Kibana cuando se inicia sesi\u00f3n en el dise\u00f1o JSON o cuando el dise\u00f1o del patr\u00f3n est\u00e1 configurado para registrar el patr\u00f3n %meta. Elastic lanz\u00f3 Kibana 8.10.1 que resuelve este problema. El objeto de error registrado en el log contiene informaci\u00f3n de solicitud, que puede incluir datos confidenciales, como credenciales de autenticaci\u00f3n, cookies, encabezados de autorizaci\u00f3n, par\u00e1metros de consulta, rutas de solicitud y otros metadatos. Algunos ejemplos de datos confidenciales que se pueden incluir en los registros son las credenciales de cuenta para los usuarios finales de kibana_system, kibana-metricbeat o Kibana."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "bressers@elastic.co",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-532"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://discuss.elastic.co/t/kibana-8-10-1-security-update/343287",
+ "source": "bressers@elastic.co"
+ },
+ {
+ "url": "https://www.elastic.co/community/security",
+ "source": "bressers@elastic.co"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-314xx/CVE-2023-31490.json b/CVE-2023/CVE-2023-314xx/CVE-2023-31490.json
index 3558ee2503d..a8396aad5d1 100644
--- a/CVE-2023/CVE-2023-314xx/CVE-2023-31490.json
+++ b/CVE-2023/CVE-2023-314xx/CVE-2023-31490.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-31490",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-09T16:15:14.757",
- "lastModified": "2023-09-19T22:15:11.297",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:52:59.363",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema encontrado en Frrouting bgpd v.8.4.2 permite a un atacante remoto causar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n bgp_attr_psid_sub()."
}
],
"metrics": {
@@ -61,6 +65,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -75,11 +104,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31580.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31580.json
new file mode 100644
index 00000000000..ca79d9cc599
--- /dev/null
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31580.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-31580",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:27.680",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token."
+ },
+ {
+ "lang": "es",
+ "value": "light-oauth2 anterior a la versi\u00f3n 2.1.27 obtiene la clave p\u00fablica sin ninguna verificaci\u00f3n. Esto podr\u00eda permitir a los atacantes autenticarse en la aplicaci\u00f3n con un token JWT manipulado."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/KANIXB/JWTIssues/blob/main/Certification%20Verification%20issue%20in%20light-oauth2.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/networknt/light-oauth2/issues/369",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json
new file mode 100644
index 00000000000..102e496fd2a
--- /dev/null
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31581.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-31581",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:27.727",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Dromara Sureness before v1.0.8 was discovered to use a hardcoded key."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que Dromara Sureness anterior a v1.0.8 utilizaba una clave codificada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/dromara/sureness/issues/164",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/xubowenW/JWTissues/blob/main/sureness%20secure%20issues.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json b/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json
new file mode 100644
index 00000000000..6bf20a66314
--- /dev/null
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31582.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-31582",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:27.777",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less."
+ },
+ {
+ "lang": "es",
+ "value": "jose4j anterior a v0.9.3 permite a los atacantes establecer un recuento bajo de iteraciones de 1000 o menos."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
index 4b34d5c0fd3..27b4412ab03 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3111.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-3111",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-05T21:15:11.377",
- "lastModified": "2023-10-10T16:45:26.057",
+ "lastModified": "2023-10-29T02:42:56.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -117,28 +117,148 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*",
- "matchCriteriaId": "27227B35-932A-4035-B39F-6A455753C0D6"
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*",
- "matchCriteriaId": "489D20B9-166F-423D-8C48-A23D3026E33B"
- },
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*",
- "matchCriteriaId": "A4AD592C-222D-4C6F-B176-8145A1A5AFEC"
- },
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*",
- "matchCriteriaId": "8603654B-A8A9-4DEB-B0DD-C82E1C885749"
- },
+ "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*",
- "matchCriteriaId": "C855C933-F271-45E6-8E85-8D7CF2EF1BE6"
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
]
}
@@ -154,6 +274,14 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3112.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3112.json
new file mode 100644
index 00000000000..cccbd41cc87
--- /dev/null
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3112.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-3112",
+ "sourceIdentifier": "psirt@lenovo.com",
+ "published": "2023-10-25T18:17:30.060",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges."
+ },
+ {
+ "lang": "es",
+ "value": "Se inform\u00f3 una vulnerabilidad en el sensor de bloqueo virtual de Elliptic Labs para ThinkPad T14 Gen 3 que podr\u00eda permitir a un atacante con acceso local ejecutar c\u00f3digo con privilegios elevados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@lenovo.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.lenovo.com/us/en/product_security/LEN-128081",
+ "source": "psirt@lenovo.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
index f01caa580b6..6b4244799ee 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3134.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3134",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-31T10:15:10.500",
- "lastModified": "2023-10-11T09:15:10.097",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:31:35.347",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json
index 8d1c67baac4..ae021f76c67 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3141.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-3141",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-09T20:15:10.327",
- "lastModified": "2023-09-28T19:03:11.420",
+ "lastModified": "2023-10-29T02:42:59.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -150,6 +150,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -177,6 +192,14 @@
"VDB Entry"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/",
"source": "secalert@redhat.com",
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3154.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3154.json
index 2d8665f8412..ca3b0dde209 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3154.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3154.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3154",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.507",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T13:22:56.277",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,7 +14,30 @@
"value": "El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 es vulnerable a PHAR Deserialization debido a la falta de validaci\u00f3n de par\u00e1metros de entrada en la funci\u00f3n `gallery_edit`, lo que permite a un atacante acceder a recursos arbitrarios en el servidor."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -27,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.39",
+ "matchCriteriaId": "0BB8ED8B-A2AF-4B3F-BEF4-7735A33AF4A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/ed099489-1db4-4b42-9f72-77de39c9e01e",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3155.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3155.json
index 705dad3173b..6430eaa0e65 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3155.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3155.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3155",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.597",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T13:19:58.947",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,10 +14,33 @@
"value": "El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 es vulnerable a la lectura y eliminaci\u00f3n arbitraria de archivos debido a la falta de validaci\u00f3n de par\u00e1metros de entrada en la funci\u00f3n `gallery_edit`, lo que permite a un atacante acceder a recursos arbitrarios en el servidor."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
{
- "source": "contact@wpscan.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -25,12 +48,44 @@
"value": "CWE-552"
}
]
+ },
+ {
+ "source": "contact@wpscan.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-552"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.39",
+ "matchCriteriaId": "0BB8ED8B-A2AF-4B3F-BEF4-7735A33AF4A8"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/5c8473f4-4b52-430b-9140-b81b0a0901da",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3187.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3187.json
index cc0d3f019d1..adac63c0bf3 100644
--- a/CVE-2023/CVE-2023-31xx/CVE-2023-3187.json
+++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3187.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3187",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-09T21:15:09.583",
- "lastModified": "2023-06-16T03:46:24.830",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T14:15:09.820",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -111,15 +111,6 @@
}
],
"references": [
- {
- "url": "http://packetstormsecurity.com/files/172909/Teachers-Record-Management-System-1.0-Validation-Bypass.html",
- "source": "cna@vuldb.com",
- "tags": [
- "Exploit",
- "Third Party Advisory",
- "VDB Entry"
- ]
- },
{
"url": "https://github.com/ctflearner/Vulnerability/blob/main/Teacher_Record_Management_System/trms.md",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32087.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32087.json
new file mode 100644
index 00000000000..67b945d850d
--- /dev/null
+++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32087.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-32087",
+ "sourceIdentifier": "security@pega.com",
+ "published": "2023-10-18T12:15:09.200",
+ "lastModified": "2023-10-25T17:31:11.327",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creaci\u00f3n de tareas"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.7.5",
+ "matchCriteriaId": "180E01BA-C5AD-471B-91D6-5A202988565F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.8.0",
+ "versionEndExcluding": "8.8.3",
+ "matchCriteriaId": "09107B04-CE0B-4E89-ADCF-47001DEF68F0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note",
+ "source": "security@pega.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32088.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32088.json
new file mode 100644
index 00000000000..581192edb66
--- /dev/null
+++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32088.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-32088",
+ "sourceIdentifier": "security@pega.com",
+ "published": "2023-10-18T12:15:09.287",
+ "lastModified": "2023-10-25T17:38:47.987",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nPega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 8.1 a Infinity 23.1.0 de Pega Platform se ven afectadas por un problema XSS con la creaci\u00f3n de casos ad-hoc"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndExcluding": "8.7.5",
+ "matchCriteriaId": "180E01BA-C5AD-471B-91D6-5A202988565F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.8.0",
+ "versionEndExcluding": "8.8.3",
+ "matchCriteriaId": "09107B04-CE0B-4E89-ADCF-47001DEF68F0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note",
+ "source": "security@pega.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-320xx/CVE-2023-32089.json b/CVE-2023/CVE-2023-320xx/CVE-2023-32089.json
new file mode 100644
index 00000000000..8878eab0fdb
--- /dev/null
+++ b/CVE-2023/CVE-2023-320xx/CVE-2023-32089.json
@@ -0,0 +1,111 @@
+{
+ "id": "CVE-2023-32089",
+ "sourceIdentifier": "security@pega.com",
+ "published": "2023-10-18T12:15:09.350",
+ "lastModified": "2023-10-25T17:10:38.400",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nPega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones 8.1 a 8.8.2 de Pega Platform se ven afectadas por un problema XSS con la descripci\u00f3n del Pin"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "security@pega.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.1.0",
+ "versionEndIncluding": "8.8.2",
+ "matchCriteriaId": "F0C5F266-348E-4416-86F3-AF292B052C3F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note",
+ "source": "security@pega.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-321xx/CVE-2023-32116.json b/CVE-2023/CVE-2023-321xx/CVE-2023-32116.json
new file mode 100644
index 00000000000..751b1b10c39
--- /dev/null
+++ b/CVE-2023/CVE-2023-321xx/CVE-2023-32116.json
@@ -0,0 +1,59 @@
+{
+ "id": "CVE-2023-32116",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-26T13:15:09.413",
+ "lastModified": "2023-10-26T15:32:27.440",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <=\u00a04.0.12 versions."
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada autenticada (con privilegios de administrador o superior) en el complemento TotalPress.Org Custom post types, Custom Fields & more en versiones <= 4.0.12."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/custom-post-types/wordpress-custom-post-types-plugin-4-0-12-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32275.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32275.json
index 32a6a5044f2..b2c5301f017 100644
--- a/CVE-2023/CVE-2023-322xx/CVE-2023-32275.json
+++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32275.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32275",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.840",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:58:18.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad CtEnumCa() de SoftEther VPN 4.41-9782-beta y 5.01.9674. Los paquetes de red especialmente manipulados pueden dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede enviar paquetes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,43 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "79C47EE5-1B55-4FDD-A5B5-E10FF3337100"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json
new file mode 100644
index 00000000000..96daff498c1
--- /dev/null
+++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32359.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-32359",
+ "sourceIdentifier": "product-security@apple.com",
+ "published": "2023-10-25T19:15:09.053",
+ "lastModified": "2023-10-25T23:15:16.043",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver."
+ },
+ {
+ "lang": "es",
+ "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2. VoiceOver puede leer en voz alta la contrase\u00f1a de un usuario."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Oct/23",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/en-us/HT213981",
+ "source": "product-security@apple.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json
index ae4ae205733..9652caa6ca0 100644
--- a/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json
+++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32434.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-32434",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:13.720",
- "lastModified": "2023-07-27T04:15:38.893",
+ "lastModified": "2023-10-25T23:15:16.097",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
@@ -123,6 +123,10 @@
}
],
"references": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Oct/20",
+ "source": "product-security@apple.com"
+ },
{
"url": "https://support.apple.com/en-us/HT213808",
"source": "product-security@apple.com",
@@ -178,6 +182,10 @@
"Release Notes",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213990",
+ "source": "product-security@apple.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json
index 6b5ad2b43ca..e4a9b7b05f1 100644
--- a/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json
+++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32559.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32559",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-24T02:15:09.210",
- "lastModified": "2023-10-06T15:15:13.657",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T17:48:55.097",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -45,7 +45,7 @@
"description": [
{
"lang": "en",
- "value": "CWE-269"
+ "value": "NVD-CWE-noinfo"
}
]
}
@@ -94,7 +94,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0006/",
- "source": "support@hackerone.com"
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32611.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32611.json
index d389c34dc82..763c2388440 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32611.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32611.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-32611",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T20:15:09.550",
- "lastModified": "2023-09-25T20:15:11.170",
+ "lastModified": "2023-10-27T15:15:13.293",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -114,6 +114,10 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html",
"source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0005/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32634.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32634.json
index 0099932d7c4..effcdae48fd 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32634.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32634.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32634",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-12T16:15:11.920",
- "lastModified": "2023-10-12T16:52:07.503",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T18:56:33.150",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en la funcionalidad CiRpcServerThread() de SoftEther VPN 5.01.9674 y 4.41-9782-beta. Un atacante puede realizar un ataque de intermediario local para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.4,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,14 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*",
+ "matchCriteriaId": "79C47EE5-1B55-4FDD-A5B5-E10FF3337100"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CF5CF13-B22F-494B-BDC0-B59371979251"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.softether.org/9-about/News/904-SEVPN202301",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32675.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32675.json
index 1479bd37076..d3f7d7d0fdd 100644
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32675.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32675.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32675",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-19T20:15:09.230",
- "lastModified": "2023-10-04T14:15:10.663",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T18:00:05.593",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,10 @@
"references": [
{
"url": "https://github.com/vyperlang/vyper/commit/02339dfda0f3caabad142060d511d10bfe93c520",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-vxmm-cwh2-q762",
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
index acf951901b1..acc8d3c9129 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32707.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-32707",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-06-01T17:15:10.117",
- "lastModified": "2023-10-13T01:05:56.517",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T15:15:13.397",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -110,6 +110,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/175386/Splunk-edit_user-Capability-Privilege-Escalation.html",
+ "source": "prodsec@splunk.com"
+ },
{
"url": "https://advisory.splunk.com/advisories/SVD-2023-0602",
"source": "prodsec@splunk.com",
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32722.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32722.json
index ba43a7b4b7c..874749571dd 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32722.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32722.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32722",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-10-12T07:15:10.217",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T15:07:53.753",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open."
+ },
+ {
+ "lang": "es",
+ "value": "El m\u00f3dulo zabbix/src/libs/zbxjson es vulnerable a un desbordamiento del b\u00fafer al analizar archivos JSON a trav\u00e9s de zbx_json_open."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -46,10 +80,54 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.0.0",
+ "versionEndIncluding": "6.0.20",
+ "matchCriteriaId": "531CCCBF-46AD-4988-8A9D-ED4FD5208C71"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.4.0",
+ "versionEndIncluding": "6.4.5",
+ "matchCriteriaId": "868F271E-2595-4D01-BF53-46460F98891A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
+ "matchCriteriaId": "93EB5757-7F98-4428-9616-C30A647A6612"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
+ "matchCriteriaId": "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*",
+ "matchCriteriaId": "98C46C92-9D86-45CD-88FE-DFBB5502BB88"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23390",
- "source": "security@zabbix.com"
+ "source": "security@zabbix.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32723.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32723.json
index cc3ce380d74..02c382839e8 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32723.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32723.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32723",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-10-12T07:15:10.620",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T15:08:25.737",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Request to LDAP is sent before user permissions are checked."
+ },
+ {
+ "lang": "es",
+ "value": "La solicitud a LDAP se env\u00eda antes de que se verifiquen los permisos del usuario."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -46,10 +80,54 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.0.0",
+ "versionEndExcluding": "4.0.19",
+ "matchCriteriaId": "F3F90B06-C5E5-4A17-8712-677CB8F23A56"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.4.0",
+ "versionEndExcluding": "4.4.7",
+ "matchCriteriaId": "67089C6F-1FB9-4F56-B0E1-3C61A26E6511"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:4.0.19:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "5EBFE946-4EA3-4709-80C5-3F19AC6E6FC1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:4.4.7:rc1:*:*:*:*:*:*",
+ "matchCriteriaId": "6B7EC65B-FDE3-479E-B3D2-8CBB408DE38C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:5.0.0:alpha3:*:*:*:*:*:*",
+ "matchCriteriaId": "2934AECC-D265-4986-BEC2-ADC43626B3B0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23230",
- "source": "security@zabbix.com"
+ "source": "security@zabbix.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32724.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32724.json
index dd5210d355c..cd709cdaafa 100644
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32724.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32724.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32724",
"sourceIdentifier": "security@zabbix.com",
"published": "2023-10-12T07:15:10.713",
- "lastModified": "2023-10-12T12:59:34.797",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T15:08:48.400",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation."
+ },
+ {
+ "lang": "es",
+ "value": "El puntero de memoria est\u00e1 en una propiedad del objeto Ducktape. Esto conduce a m\u00faltiples vulnerabilidades relacionadas con el acceso directo y la manipulaci\u00f3n de la memoria."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ },
{
"source": "security@zabbix.com",
"type": "Secondary",
@@ -46,10 +80,61 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0",
+ "versionEndIncluding": "5.0.36",
+ "matchCriteriaId": "9CAED9EA-BFA1-4BCF-8323-97AD46AC28C3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.0.0",
+ "versionEndIncluding": "6.0.20",
+ "matchCriteriaId": "531CCCBF-46AD-4988-8A9D-ED4FD5208C71"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "6.4.0",
+ "versionEndIncluding": "6.4.5",
+ "matchCriteriaId": "868F271E-2595-4D01-BF53-46460F98891A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
+ "matchCriteriaId": "93EB5757-7F98-4428-9616-C30A647A6612"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
+ "matchCriteriaId": "DA00BDB5-433F-44E5-87AC-DA01C64B5DB3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*",
+ "matchCriteriaId": "98C46C92-9D86-45CD-88FE-DFBB5502BB88"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.zabbix.com/browse/ZBX-23391",
- "source": "security@zabbix.com"
+ "source": "security@zabbix.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32738.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32738.json
new file mode 100644
index 00000000000..9594d62c0fc
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32738.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-32738",
+ "sourceIdentifier": "audit@patchstack.com",
+ "published": "2023-10-27T21:15:08.437",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <=\u00a02.1.3 versions."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 3.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "audit@patchstack.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://patchstack.com/database/vulnerability/eonet-manual-user-approve/wordpress-eonet-manual-user-approve-plugin-2-1-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
+ "source": "audit@patchstack.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32785.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32785.json
new file mode 100644
index 00000000000..14b3fdba8ac
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32785.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-32785",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-20T22:15:10.497",
+ "lastModified": "2023-10-27T21:44:09.590",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain."
+ },
+ {
+ "lang": "es",
+ "value": "En Langchain hasta 0.0.155, la inyecci\u00f3n r\u00e1pida permite la ejecuci\u00f3n de c\u00f3digo arbitrario contra el servicio SQL proporcionado por la cadena."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "0.0.155",
+ "matchCriteriaId": "02E32772-8A62-461E-A121-F894FD16B540"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gist.github.com/rharang/9c58d39db8c01db5b7c888e467c0533f",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32786.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32786.json
new file mode 100644
index 00000000000..a5ba549b1f5
--- /dev/null
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32786.json
@@ -0,0 +1,80 @@
+{
+ "id": "CVE-2023-32786",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-20T22:15:10.553",
+ "lastModified": "2023-10-27T21:44:28.833",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks."
+ },
+ {
+ "lang": "es",
+ "value": "En Langchain hasta 0.0.155, la inyecci\u00f3n r\u00e1pida permite a un atacante forzar al servicio a recuperar datos de una URL arbitraria, esencialmente proporcionando SSRF y potencialmente inyectando contenido en tareas posteriores."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-74"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "0.0.155",
+ "matchCriteriaId": "02E32772-8A62-461E-A121-F894FD16B540"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://gist.github.com/rharang/d265f46fc3161b31ac2e81db44d662e1",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32970.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32970.json
index 2927bfc0f82..0839b8f8682 100644
--- a/CVE-2023/CVE-2023-329xx/CVE-2023-32970.json
+++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32970.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32970",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:09.830",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T15:42:09.663",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de desreferencia del puntero NULL afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados lanzar un ataque de Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de una red. QES no se ve afectado. Ya se ha solucionado la vulnerabilidad en las siguientes versiones: QuTS hero h5.0.1.2515 build 20230907 y posteriores QuTS hero h5.1.0.2453 build 20230708 y posteriores QuTS hero h4.5.4.2476 build 20230728 y posteriores QuTScloud c5.1.0.2498 y posteriores QTS 5.1.0.2444 build 20230629 y posteriores QTS 4.5.4.2467 build 20230718 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-476"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -46,10 +80,74 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5.1",
+ "versionEndExcluding": "4.5.4.2467",
+ "matchCriteriaId": "01EE6DE4-F216-49F8-9961-3DF29E7D9109"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0.1716",
+ "versionEndExcluding": "5.0.1.2425",
+ "matchCriteriaId": "5512CD56-38D0-4575-B863-603523C8A020"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.1.0",
+ "versionEndExcluding": "5.1.0.2444",
+ "matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h4.5.0",
+ "versionEndExcluding": "h4.5.4.2476",
+ "matchCriteriaId": "039CB063-5347-4F85-B6DE-430A94C0B3DD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h5.0.0",
+ "versionEndExcluding": "h5.0.1.2515",
+ "matchCriteriaId": "703732BD-834B-4529-A2E8-AF956F5AD674"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h5.1.0",
+ "versionEndExcluding": "h5.1.0.2424",
+ "matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "c5.0.0.1919",
+ "versionEndExcluding": "c5.1.0.2498",
+ "matchCriteriaId": "2D504C77-393C-4298-9B8E-4408FAA067E1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-41",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32973.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32973.json
index 71c5a7ea5a0..d6e27d09d5d 100644
--- a/CVE-2023/CVE-2023-329xx/CVE-2023-32973.json
+++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32973.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32973",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:09.930",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T15:42:31.877",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una copia del b\u00fafer sin verificar el tama\u00f1o de la vulnerabilidad de entrada afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar c\u00f3digo a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.0.1.2425 build 20230609 y posteriores QTS 5.1.0.2444 build 20230629 y posteriores QTS 4.5.4.2467 build 20230718 y posteriores QuTS hero h5.0.1.2515 build 20230907 y posteriores QuTS hero h5. 1.0.2424 build 20230609 y posteriores QuTS hero h4.5.4.2476 build 20230728 y posteriores QuTScloud c5.1.0.2498 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -50,10 +84,74 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "4.5.1",
+ "versionEndExcluding": "4.5.4.2467",
+ "matchCriteriaId": "01EE6DE4-F216-49F8-9961-3DF29E7D9109"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.0.0.1716",
+ "versionEndExcluding": "5.0.1.2425",
+ "matchCriteriaId": "5512CD56-38D0-4575-B863-603523C8A020"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.1.0",
+ "versionEndExcluding": "5.1.0.2444",
+ "matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h4.5.0",
+ "versionEndExcluding": "h4.5.4.2476",
+ "matchCriteriaId": "039CB063-5347-4F85-B6DE-430A94C0B3DD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h5.0.0",
+ "versionEndExcluding": "h5.0.1.2515",
+ "matchCriteriaId": "703732BD-834B-4529-A2E8-AF956F5AD674"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h5.1.0",
+ "versionEndExcluding": "h5.1.0.2424",
+ "matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "c5.0.0.1919",
+ "versionEndExcluding": "c5.1.0.2498",
+ "matchCriteriaId": "2D504C77-393C-4298-9B8E-4408FAA067E1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-41",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32974.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32974.json
index b098167ca41..a38357aad2b 100644
--- a/CVE-2023/CVE-2023-329xx/CVE-2023-32974.json
+++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32974.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32974",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:10.007",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T15:58:32.913",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTScloud c5.1.0.2498 and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de path traversal afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios leer el contenido de archivos inesperados y exponer datos confidenciales a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.0.2444 build 20230629 y posteriores QuTS hero h5.1.0.2424 build 20230609 y posteriores QuTScloud c5.1.0.2498 y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -46,10 +80,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "5.1.0",
+ "versionEndExcluding": "5.1.0.2444",
+ "matchCriteriaId": "834347F5-87D2-479E-81BF-C5F23534E0F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "h5.1.0",
+ "versionEndExcluding": "h5.1.0.2424",
+ "matchCriteriaId": "757BF20E-81DA-447A-B90C-06D096EBACD1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:qutscloud:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "c5.0.0.1919",
+ "versionEndExcluding": "c5.1.0.2498",
+ "matchCriteriaId": "2D504C77-393C-4298-9B8E-4408FAA067E1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-42",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-329xx/CVE-2023-32976.json b/CVE-2023/CVE-2023-329xx/CVE-2023-32976.json
index 960c9de8a08..fb843fa6084 100644
--- a/CVE-2023/CVE-2023-329xx/CVE-2023-32976.json
+++ b/CVE-2023/CVE-2023-329xx/CVE-2023-32976.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-32976",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:10.077",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T19:48:00.450",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nContainer Station 2.6.7.44 and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n de comandos del Sistema Operativo afecta a Container Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores autenticados ejecutar comandos a trav\u00e9s de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versi\u00f3n: Container Station 2.6.7.44 y posteriores."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -46,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:qnap:container_station:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.6.7.44",
+ "matchCriteriaId": "71F234EC-9AD0-4965-8F8B-849B33C18061"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-44",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json
index c279203b0ae..2811c608da9 100644
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3212.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3212",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-23T20:15:09.563",
- "lastModified": "2023-09-29T22:15:11.783",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:17:44.710",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -112,6 +112,166 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -131,17 +291,34 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230929-0005/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5448",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3223.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3223.json
index 5d60f7877c9..88ff839d82b 100644
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3223.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3223.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3223",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-27T15:18:56.457",
- "lastModified": "2023-09-28T17:43:18.923",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-27T15:15:13.597",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -312,6 +312,10 @@
"Issue Tracking",
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0004/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json
new file mode 100644
index 00000000000..579a866aaf8
--- /dev/null
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3254.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-3254",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-18T05:15:07.937",
+ "lastModified": "2023-10-18T12:46:22.630",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Widgets for Google Reviews para WordPress es vulnerable a Cross-Site Request Forgery en versiones hasta la 10.9 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta dentro de setup_no_reg_header.php. Esto hace posible que atacantes no autenticados restablezcan la configuraci\u00f3n del complemento y eliminen rese\u00f1as mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer click en un enlace."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2980022%40wp-reviews-plugin-for-google%2Ftrunk&old=2977531%40wp-reviews-plugin-for-google%2Ftrunk&sfp_email=&sfph_mail=#file8",
+ "source": "security@wordfence.com"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc?source=cve",
+ "source": "security@wordfence.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3255.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3255.json
index fa5ed3869e7..8ba31c19776 100644
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3255.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3255.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-3255",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:09.877",
- "lastModified": "2023-09-15T19:10:53.080",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.750",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una falla en el servidor VNC integrado de QEMU al procesar mensajes ClientCutText. Una condici\u00f3n de salida incorrecta puede provocar un bucle infinito al inflar un b\u00fafer zlib controlado por un atacante en la funci\u00f3n `inflate_buffer`. Esto podr\u00eda permitir que un cliente remoto autenticado que pueda enviar un portapapeles al servidor VNC active una denegaci\u00f3n de servicio."
}
],
"metrics": {
@@ -135,6 +139,10 @@
"Patch",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231020-0008/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json
index 5bd04158496..48104dd6711 100644
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3268.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3268",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-16T19:15:14.707",
- "lastModified": "2023-08-24T19:15:40.330",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:23:07.813",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -72,20 +72,64 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Release Notes"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43ec16f1450f4936025a9bdf1a273affdb9732c1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/",
@@ -99,15 +143,24 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0006/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5448",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3279.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3279.json
index aad8198a577..194e8270fc3 100644
--- a/CVE-2023/CVE-2023-32xx/CVE-2023-3279.json
+++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3279.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3279",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.690",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:27:40.983",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,7 +14,30 @@
"value": "El complemento WordPress Gallery Plugin para WordPress anterior a 3.39 no valida algunos atributos de bloque antes de usarlos para generar rutas pasadas para incluir funciones, lo que permite a los usuarios administradores realizar ataques LFI"
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -27,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.39",
+ "matchCriteriaId": "0BB8ED8B-A2AF-4B3F-BEF4-7735A33AF4A8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/3b7a7070-8d61-4ff8-b003-b4ff06221635",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33517.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33517.json
new file mode 100644
index 00000000000..d68040be27a
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33517.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-33517",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T23:15:38.980",
+ "lastModified": "2023-10-24T12:45:02.747",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System)."
+ },
+ {
+ "lang": "es",
+ "value": "carRental 1.0 es vulnerable a un control de acceso incorrecto (lectura arbitraria de archivos en el Back-end System)."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://gist.github.com/wushigudan/288ab32566615d8897c1da7ce7204838",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33558.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33558.json
new file mode 100644
index 00000000000..55fa457b273
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33558.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33558",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T21:15:07.767",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el componente users-grid-data.php de Ocomon anterior a v4.0.1 permite a los atacantes obtener informaci\u00f3n confidencial como correos electr\u00f3nicos y nombres de usuarios."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/ninj4c0d3r/OcoMon-Research",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-335xx/CVE-2023-33559.json b/CVE-2023/CVE-2023-335xx/CVE-2023-33559.json
new file mode 100644
index 00000000000..a95a3ae974f
--- /dev/null
+++ b/CVE-2023/CVE-2023-335xx/CVE-2023-33559.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-33559",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T21:15:07.810",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de inclusi\u00f3n de archivo local a trav\u00e9s del par\u00e1metro lang en OcoMon anterior a v4.0.1 permite a los atacantes ejecutar c\u00f3digo arbitrario proporcionando un archivo PHP manipulado."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/ninj4c0d3r/OcoMon-Research",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://github.com/ninj4c0d3r/OcoMon-Research/commit/7459ff397f48b5356930c16c522331e39158461dv",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json
index c1976495024..6e8b6e21946 100644
--- a/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-33836",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T01:15:09.670",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T16:27:02.050",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 contiene credenciales codificadas, como una contrase\u00f1a o clave criptogr\u00e1fica, que utiliza para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 256016."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-798"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndExcluding": "10.0.2",
+ "matchCriteriaId": "2F71600E-74AE-4A57-B9F6-2773CBD8761D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047640",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33837.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33837.json
new file mode 100644
index 00000000000..332c63075a5
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33837.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-33837",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-23T20:15:08.910",
+ "lastModified": "2023-10-28T03:33:15.203",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 no cifra informaci\u00f3n confidencial o cr\u00edtica antes del almacenamiento o la transmisi\u00f3n. ID de IBM X-Force: 256020."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.5,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-311"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8497FD1-40B6-4BA1-B536-E2138D0AFA80"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256020",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7057377",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33839.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33839.json
new file mode 100644
index 00000000000..b0b17ab173e
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33839.json
@@ -0,0 +1,123 @@
+{
+ "id": "CVE-2023-33839",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-23T20:15:08.983",
+ "lastModified": "2023-10-28T03:31:20.867",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema enviando una solicitud especialmente manipulada. ID de IBM X-Force: 256036."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8497FD1-40B6-4BA1-B536-E2138D0AFA80"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BFFE5199-0FDA-476D-A93F-BFD4172EC20F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256036",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7057377",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33840.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33840.json
new file mode 100644
index 00000000000..24546df8e0b
--- /dev/null
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33840.json
@@ -0,0 +1,123 @@
+{
+ "id": "CVE-2023-33840",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-23T20:15:09.057",
+ "lastModified": "2023-10-28T03:32:15.907",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 256037."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A8497FD1-40B6-4BA1-B536-E2138D0AFA80"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:10.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BFFE5199-0FDA-476D-A93F-BFD4172EC20F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/256037",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7057377",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3301.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3301.json
index 95246e774a0..353f27c87b8 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3301.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3301.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-3301",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-13T17:15:10.063",
- "lastModified": "2023-09-15T19:22:46.217",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.847",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una falla en QEMU. La naturaleza as\u00edncrona de la desconexi\u00f3n en caliente permite un escenario de ejecuci\u00f3n en el que el backend del dispositivo de red se borra antes de que se haya desconectado el frontend pci de virtio-net. Un invitado malintencionado podr\u00eda utilizar esta ventana de tiempo para desencadenar una aserci\u00f3n y provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
@@ -120,6 +124,10 @@
"Issue Tracking",
"Third Party Advisory"
]
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231020-0008/",
+ "source": "secalert@redhat.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json
index 44041e8fae5..c04f11d9e9a 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3338.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3338",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-30T22:15:10.270",
- "lastModified": "2023-08-24T19:15:40.833",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:27:37.137",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,8 +75,44 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
- "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
+ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5",
+ "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
+ "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
@@ -102,6 +138,15 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "secalert@redhat.com",
"tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
"Third Party Advisory"
]
},
@@ -116,11 +161,17 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0005/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3354.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3354.json
index 8f34313dfdc..fc1130f1baa 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3354.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3354.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3354",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-11T17:15:13.387",
- "lastModified": "2023-08-29T03:15:08.197",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-24T12:56:24.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,8 +75,9 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*",
- "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F"
+ "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "8.1.0",
+ "matchCriteriaId": "A178AFEF-359C-427C-99C6-EC003039FF3B"
}
]
}
@@ -116,6 +117,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -136,7 +152,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R/",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3375.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3375.json
index 53ad4c265f1..fc7ddab8e15 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3375.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3375.json
@@ -2,18 +2,22 @@
"id": "CVE-2023-3375",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-09-05T17:15:09.497",
- "lastModified": "2023-09-08T14:26:17.933",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-18T08:15:07.840",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de carga de archivos sin restricciones con tipo peligroso en Unisign Bookreen permite la inyecci\u00f3n de comandos en el sistema operativo. Este problema afecta a Bookreen anterior a la versi\u00f3n 3.0.0. "
}
],
"metrics": {
"cvssMetricV31": [
{
- "source": "nvd@nist.gov",
+ "source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -33,24 +37,24 @@
"impactScore": 5.9
},
{
- "source": "cve@usom.gov.tr",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
- "scope": "CHANGED",
+ "scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 9.1,
- "baseSeverity": "CRITICAL"
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
},
- "exploitabilityScore": 2.3,
- "impactScore": 6.0
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
}
]
},
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
index 7b385f26567..c7664cb9613 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-3389",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-06-28T20:15:09.773",
- "lastModified": "2023-09-11T19:15:43.383",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:28:28.367",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de use-after-free en el subsistema de io_uring del kernel de Linux puede ser explotada para lograr la escalada de privilegios locales. Ejecutar una solicitud de io_uring cancelar sondeo con un tiempo de espera vinculado puede provocar una UAF en un hrtimer. Recomendamos actualizar al commit anterior ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 para 5.10 stable y 0e388fce7aec40992eadee654193cad345d62663 para 5.15 stable)."
}
],
"metrics": {
@@ -100,12 +104,71 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04",
@@ -152,13 +215,27 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230731-0001/",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3392.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3392.json
index 94f2b2bf276..b2ee31e86d7 100644
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3392.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3392.json
@@ -2,15 +2,42 @@
"id": "CVE-2023-3392",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T09:15:10.337",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T19:58:05.917",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento Read More & Accordion de WordPress anterior a la versi\u00f3n 3.2.7 deserializa la entrada del usuario proporcionada a trav\u00e9s de la configuraci\u00f3n, lo que podr\u00eda permitir a los usuarios con altos privilegios, como el administrador, realizar la inyecci\u00f3n de objetos PHP cuando hay un dispositivo adecuado presente."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -23,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:edmonsoft:read_more_\\&_accordion:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "3.2.7",
+ "matchCriteriaId": "2D87CFCE-A1DA-48E9-A4CE-BAC386FABC4B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/1e733ccf-8026-4831-9863-e505c2aecba6",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34039.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34039.json
index 92aec67480b..c0d931959ad 100644
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34039.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34039.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34039",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-29T18:15:08.680",
- "lastModified": "2023-09-02T15:15:27.437",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-25T18:17:27.823",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -90,6 +90,10 @@
"url": "http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html",
"source": "security@vmware.com"
},
+ {
+ "url": "http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html",
+ "source": "security@vmware.com"
+ },
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html",
"source": "security@vmware.com",
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34040.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34040.json
index aa99272cd32..ae0c5220f1f 100644
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34040.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34040.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-34040",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-24T13:15:07.453",
- "lastModified": "2023-08-29T15:58:37.853",
+ "lastModified": "2023-10-18T17:56:38.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -85,17 +85,17 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:vmware:spring:*:*:*:*:*:apache_kafka:*:*",
+ "criteria": "cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.8.1",
"versionEndIncluding": "2.9.10",
- "matchCriteriaId": "1361B78E-D74D-4364-8FEC-B0AC38BD6F83"
+ "matchCriteriaId": "64FF6651-21A4-4403-A1EF-69338BC1AA08"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:vmware:spring:*:*:*:*:*:apache_kafka:*:*",
+ "criteria": "cpe:2.3:a:vmware:spring_for_apache_kafka:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndIncluding": "3.0.9",
- "matchCriteriaId": "1C465BBD-271A-4B82-84E0-3DF61690CAAB"
+ "matchCriteriaId": "A5C022D3-095C-4E35-A0EF-70906F307169"
}
]
}
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34044.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34044.json
new file mode 100644
index 00000000000..9f5f6efc292
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34044.json
@@ -0,0 +1,130 @@
+{
+ "id": "CVE-2023-34044",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-20T09:15:12.600",
+ "lastModified": "2023-10-28T03:34:06.763",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u00a0A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine."
+ },
+ {
+ "lang": "es",
+ "value": "VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 13.5) contienen una vulnerabilidad de lectura fuera de l\u00edmites que existe en la funcionalidad para compartir dispositivos Bluetooth host con la m\u00e1quina virtual. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede leer informaci\u00f3n privilegiada contenida en la memoria del hipervisor desde una m\u00e1quina virtual."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.0,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.5,
+ "impactScore": 4.0
+ },
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 4.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "17.0.0",
+ "versionEndExcluding": "17.5",
+ "matchCriteriaId": "118254F1-8F14-4573-B3A4-56EE365A41ED"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "13.0.0",
+ "versionEndExcluding": "13.5",
+ "matchCriteriaId": "F574C812-1E1F-4991-9442-74E799DACAD8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html",
+ "source": "security@vmware.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34045.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34045.json
new file mode 100644
index 00000000000..ca75136d619
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34045.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-34045",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-20T10:15:12.787",
+ "lastModified": "2023-10-28T03:34:24.963",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Fusion(13.x prior to 13.5)\u00a0contains a local privilege escalation vulnerability that occurs during \ninstallation for the first time (the user needs to drag or copy the \napplication to a folder from the '.dmg' volume) or when installing an \nupgrade.\u00a0A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time."
+ },
+ {
+ "lang": "es",
+ "value": "VMware Fusion (13.x anterior a 13.5) contiene una vulnerabilidad de escalada de privilegios local que ocurre durante la instalaci\u00f3n por primera vez (el usuario necesita arrastrar o copiar la aplicaci\u00f3n a una carpeta desde el volumen '.dmg') o al instalar una actualizaci\u00f3n. Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion est\u00e1 instalado o donde se instala por primera vez."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "13.0.0",
+ "versionEndExcluding": "13.5",
+ "matchCriteriaId": "F574C812-1E1F-4991-9442-74E799DACAD8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html",
+ "source": "security@vmware.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34046.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34046.json
new file mode 100644
index 00000000000..54318c54441
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34046.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-34046",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-20T09:15:12.717",
+ "lastModified": "2023-10-28T03:34:15.293",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) \nvulnerability that occurs during installation for the first time (the \nuser needs to drag or copy the application to a folder from the '.dmg' \nvolume) or when installing an upgrade.\u00a0A malicious actor with local non-administrative user privileges may \nexploit this vulnerability to escalate privileges to root on the system \nwhere Fusion is installed or being installed for the first time."
+ },
+ {
+ "lang": "es",
+ "value": "VMware Fusion (13.x anterior a 13.5) contiene una vulnerabilidad TOCTOU (Tiempo de verificaci\u00f3n, Tiempo de uso) que ocurre durante la instalaci\u00f3n por primera vez (el usuario debe arrastrar o copiar la aplicaci\u00f3n a una carpeta desde ' .dmg' volume) o al instalar una actualizaci\u00f3n. Un actor malicioso con privilegios de usuario local no administrativo puede aprovechar esta vulnerabilidad para escalar privilegios a root en el System donde Fusion est\u00e1 instalado o donde se instala por primera vez."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 5.9
+ },
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-367"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "13.0.0",
+ "versionEndExcluding": "13.5",
+ "matchCriteriaId": "F574C812-1E1F-4991-9442-74E799DACAD8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html",
+ "source": "security@vmware.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34047.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34047.json
index af90bf5e904..3806422bff2 100644
--- a/CVE-2023/CVE-2023-340xx/CVE-2023-34047.json
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34047.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-34047",
"sourceIdentifier": "security@vmware.com",
"published": "2023-09-20T10:15:14.247",
- "lastModified": "2023-09-26T14:13:48.703",
+ "lastModified": "2023-10-18T18:04:30.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -79,17 +79,17 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:spring:spring:*:*:*:*:*:graphql:*:*",
+ "criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.0",
"versionEndIncluding": "1.1.5",
- "matchCriteriaId": "A6102CDA-D93F-4EE2-9B63-DC3254FB705B"
+ "matchCriteriaId": "49D2097C-3900-4B29-9308-9F9649B2EF1C"
},
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:spring:spring:*:*:*:*:*:graphql:*:*",
+ "criteria": "cpe:2.3:a:vmware:spring_for_graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.2.0",
"versionEndIncluding": "1.2.2",
- "matchCriteriaId": "BE140B29-6DCE-43FA-BF2D-C61A8D8F7C76"
+ "matchCriteriaId": "6FE36EDA-2CA3-4390-BF83-E532BAEA7807"
}
]
}
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json
new file mode 100644
index 00000000000..0ea820a2f1e
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34048.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-34048",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-25T18:17:27.897",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol.\u00a0A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution."
+ },
+ {
+ "lang": "es",
+ "value": "vCenter Server contiene una vulnerabilidad de escritura fuera de los l\u00edmites en la implementaci\u00f3n del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los l\u00edmites que podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34050.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34050.json
new file mode 100644
index 00000000000..995b129d05a
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34050.json
@@ -0,0 +1,109 @@
+{
+ "id": "CVE-2023-34050",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-19T08:15:08.357",
+ "lastModified": "2023-10-25T16:54:31.770",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\n\n\n\nIn spring AMQP versions 1.0.0 to\n2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class\nnames were added to Spring AMQP, allowing users to lock down deserialization of\ndata in messages from untrusted sources; however by default, when no allowed\nlist was provided, all classes could be deserialized.\n\n\n\nSpecifically, an application is\nvulnerable if\n\n\n\n\n * the\n SimpleMessageConverter or SerializerMessageConverter is used\n\n * the user\n does not configure allowed list patterns\n\n * untrusted\n message originators gain permissions to write messages to the RabbitMQ\n broker to send malicious content\n\n\n\n\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "En las versiones Spring AMQP 1.0.0 a 2.4.16 y 3.0.0 a 3.0.9, se agregaron a Spring AMQP patrones de listas permitidas para nombres de clases deserializables, lo que permite a los usuarios bloquear la deserializaci\u00f3n de datos en mensajes de fuentes no confiables; sin embargo, de forma predeterminada, cuando no se proporcionaba una lista permitida, se pod\u00edan deserializar todas las clases. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si * se utiliza SimpleMessageConverter o SerializerMessageConverter * el usuario no configura los patrones de lista permitidos * los originadores de mensajes que no son de confianza obtienen permisos para escribir mensajes al agente RabbitMQ para enviar contenido malicioso"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.0,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.7,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.0.0",
+ "versionEndExcluding": "2.4.16",
+ "matchCriteriaId": "4750D156-5059-46DE-A787-62DA3319F372"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "3.0.0",
+ "versionEndExcluding": "3.0.9",
+ "matchCriteriaId": "D7E11342-A840-4A93-822A-2DAC86B9D4A5"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://spring.io/security/cve-2023-34050",
+ "source": "security@vmware.com",
+ "tags": [
+ "Mitigation",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34051.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34051.json
new file mode 100644
index 00000000000..97c072767c7
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34051.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34051",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-20T05:15:07.943",
+ "lastModified": "2023-10-20T11:27:23.627",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Aria Operations for Logs contains an authentication bypass vulnerability.\u00a0An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.\n"
+ },
+ {
+ "lang": "es",
+ "value": "VMware Aria Operations for Logs contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n. Un actor malicioso no autenticado puede inyectar archivos en el sistema operativo de un dispositivo afectado, lo que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0021.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34052.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34052.json
new file mode 100644
index 00000000000..e0c7f02561d
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34052.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-34052",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-20T05:15:08.420",
+ "lastModified": "2023-10-20T11:27:23.627",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Aria Operations for Logs contains a deserialization vulnerability.\u00a0A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication bypass.\n"
+ },
+ {
+ "lang": "es",
+ "value": "VMware Aria Operations for Logs contiene una vulnerabilidad de deserializaci\u00f3n. Un actor malintencionado con acceso no administrativo al sistema local puede desencadenar la deserializaci\u00f3n de datos, lo que podr\u00eda provocar una omisi\u00f3n de autenticaci\u00f3n."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0021.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json
new file mode 100644
index 00000000000..6053b5a34a7
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34056.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-34056",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-25T18:17:27.953",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "vCenter Server contains a partial information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data."
+ },
+ {
+ "lang": "es",
+ "value": "vCenter Server contiene una vulnerabilidad de divulgaci\u00f3n parcial de informaci\u00f3n. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34057.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34057.json
new file mode 100644
index 00000000000..9d305bce67c
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34057.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-34057",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-27T05:15:38.837",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Tools contains a local privilege escalation vulnerability.\u00a0A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.\n\n\n\n\n\n\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "VMware Tools contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso de usuario local a una m\u00e1quina virtual invitada puede elevar los privilegios dentro de la m\u00e1quina virtual."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34058.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34058.json
new file mode 100644
index 00000000000..7b5fbde8b9a
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34058.json
@@ -0,0 +1,51 @@
+{
+ "id": "CVE-2023-34058",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-27T05:15:38.957",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "VMware Tools contains a SAML token signature bypass vulnerability.\u00a0A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html \u00a0in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html ."
+ },
+ {
+ "lang": "es",
+ "value": "VMware Tools contiene una vulnerabilidad de omisi\u00f3n de firma de token SAML. Un actor malicioso al que se le han otorgado privilegios de operaci\u00f3n de invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una m\u00e1quina virtual de destino es posible que pueda elevar sus privilegios si a esa m\u00e1quina virtual de destino se le ha asignado un Alias de Invitado m\u00e1s privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/27/1",
+ "source": "security@vmware.com"
+ },
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34059.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34059.json
new file mode 100644
index 00000000000..a4b0b257c54
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34059.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2023-34059",
+ "sourceIdentifier": "security@vmware.com",
+ "published": "2023-10-27T05:15:39.013",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper.\u00a0A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs."
+ },
+ {
+ "lang": "es",
+ "value": "open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permiti\u00e9ndole simular las entradas del usuario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security@vmware.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.4,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.4,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/27/2",
+ "source": "security@vmware.com"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/27/3",
+ "source": "security@vmware.com"
+ },
+ {
+ "url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html",
+ "source": "security@vmware.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json
new file mode 100644
index 00000000000..24dc3e79561
--- /dev/null
+++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34085.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34085",
+ "sourceIdentifier": "responsible-disclosure@pingidentity.com",
+ "published": "2023-10-25T18:17:28.010",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request\n"
+ },
+ {
+ "lang": "es",
+ "value": "Cuando se utiliza una tabla de AWS DynamoDB para el almacenamiento de atributos de usuario, es posible recuperar los atributos de otro usuario mediante una solicitud manipulada con fines malintencionados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 2.6,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-359"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244",
+ "source": "responsible-disclosure@pingidentity.com"
+ },
+ {
+ "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
+ "source": "responsible-disclosure@pingidentity.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34207.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34207.json
index 8e79ece92bd..dd36ba364d4 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34207.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34207.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34207",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-10-17T04:15:11.937",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:09:10.790",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -50,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:easyuse:mailhunter_ultimate:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "94D027C5-7AB4-4652-A7E8-4F979194ED01"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-04",
- "source": "ART@zuso.ai"
+ "source": "ART@zuso.ai",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34208.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34208.json
index 8a9de0eac5b..bc0c75ef9e4 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34208.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34208.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34208",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-10-17T04:15:12.077",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:09:22.363",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -50,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:easyuse:mailhunter_ultimate:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "94D027C5-7AB4-4652-A7E8-4F979194ED01"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-05",
- "source": "ART@zuso.ai"
+ "source": "ART@zuso.ai",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34209.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34209.json
index 1229ae91360..29081d76778 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34209.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34209.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34209",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-10-17T05:15:50.207",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:09:35.410",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -50,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:easyuse:mailhunter_ultimate:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "94D027C5-7AB4-4652-A7E8-4F979194ED01"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-06",
- "source": "ART@zuso.ai"
+ "source": "ART@zuso.ai",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34210.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34210.json
index 1c21e355b6b..021d5fef51a 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34210.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34210.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34210",
"sourceIdentifier": "ART@zuso.ai",
"published": "2023-10-17T05:15:50.300",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-20T18:10:16.097",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "ART@zuso.ai",
"type": "Secondary",
@@ -50,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:easyuse:mailhunter_ultimate:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023",
+ "matchCriteriaId": "94D027C5-7AB4-4652-A7E8-4F979194ED01"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://zuso.ai/Advisory/ZA-2023-07",
- "source": "ART@zuso.ai"
+ "source": "ART@zuso.ai",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
index aebe4fe7b15..36338c1ed39 100644
--- a/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
+++ b/CVE-2023/CVE-2023-342xx/CVE-2023-34256.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34256",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T20:15:10.817",
- "lastModified": "2023-07-27T21:15:13.920",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:13.867",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -123,6 +123,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://syzkaller.appspot.com/bug?extid=8785e41224a3afd04321",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json
index 7959ddce97d..360cbbedd20 100644
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34319.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-34319",
"sourceIdentifier": "security@xen.org",
"published": "2023-09-22T14:15:45.627",
- "lastModified": "2023-09-26T16:11:56.963",
+ "lastModified": "2023-10-29T02:42:22.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -66,13 +66,29 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
- "url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
+ "url": "https://xenbits.xenproject.org/xsa/advisory-432.html",
"source": "security@xen.org",
"tags": [
+ "Mitigation",
"Patch",
"Vendor Advisory"
]
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34354.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34354.json
index 30e6dcb3676..52f360ebfb7 100644
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34354.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34354.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-34354",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.233",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T20:43:40.507",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en la funcionalidad upload_brand.cgi de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de JavaScript arbitrario en el navegador de otro usuario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34356.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34356.json
index 835b9ad92b8..dc148a43c19 100644
--- a/CVE-2023/CVE-2023-343xx/CVE-2023-34356.json
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34356.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-34356",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.320",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:59:43.587",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad data.cgi xfer_dns de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede conducir a la ejecuci\u00f3n de un comando. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34366.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34366.json
new file mode 100644
index 00000000000..f9f36493fc5
--- /dev/null
+++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34366.json
@@ -0,0 +1,207 @@
+{
+ "id": "CVE-2023-34366",
+ "sourceIdentifier": "talos-cna@cisco.com",
+ "published": "2023-10-19T18:15:08.983",
+ "lastModified": "2023-10-25T14:30:07.750",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de use-after-free en la funcionalidad de an\u00e1lisis de flujo de figuras de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar da\u00f1os en la memoria, lo que resulta en la ejecuci\u00f3n de c\u00f3digo arbitrario. La v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar esta vulnerabilidad."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1758",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34437.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34437.json
new file mode 100644
index 00000000000..faef21efa16
--- /dev/null
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34437.json
@@ -0,0 +1,122 @@
+{
+ "id": "CVE-2023-34437",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-19T00:15:16.053",
+ "lastModified": "2023-10-25T14:04:18.780",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains\u00a0a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device."
+ },
+ {
+ "lang": "es",
+ "value": "Baker Hughes en Bently Nevada 3500 System TDI Firmware versi\u00f3n 5.05 contiene una vulnerabilidad en su funcionalidad de recuperaci\u00f3n de contrase\u00f1as que podr\u00eda permitir a un atacante acceder a las contrase\u00f1as almacenadas en el dispositivo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_firmware:5.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9329A00C-D768-442F-9CDE-0027886D9F3E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:bakerhughes:bentley_nevada_3500_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDE17D85-8ABE-45B6-9FFB-66B74CCFF1CD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34441.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34441.json
new file mode 100644
index 00000000000..6c283b851a4
--- /dev/null
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34441.json
@@ -0,0 +1,122 @@
+{
+ "id": "CVE-2023-34441",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-19T00:15:16.130",
+ "lastModified": "2023-10-25T14:14:16.710",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains\u00a0a cleartext transmission vulnerability which could allow an attacker to \n\nsteal the authentication secret from communication traffic to the device and reuse it for arbitrary requests.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Baker Hughes en Bently Nevada 3500 System TDI Firmware versi\u00f3n 5.05 contiene una vulnerabilidad de transmisi\u00f3n de texto plano que podr\u00eda permitir a un atacante robar el secreto de autenticaci\u00f3n del tr\u00e1fico de comunicaci\u00f3n al dispositivo y reutilizarlo para solicitudes arbitrarias."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 4.2
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 4.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_firmware:5.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9329A00C-D768-442F-9CDE-0027886D9F3E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:bakerhughes:bentley_nevada_3500_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDE17D85-8ABE-45B6-9FFB-66B74CCFF1CD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json
new file mode 100644
index 00000000000..31ade4dcfef
--- /dev/null
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34446.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-34446",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.077",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.\n"
+ },
+ {
+ "lang": "es",
+ "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI basada en web y de c\u00f3digo abierto. Antes de las versiones 3.0.4 y 3.1.0, al mostrar `pages/preferences.php`, era posible realizar Cross-Site Scripting (XSS). Este problema se solucion\u00f3 en las versiones 3.0.4 y 3.1.0."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Combodo/iTop/commit/e3ba826e5dfd3b724f1ee97bebfd20ded3c70b10",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-q4pp-j46r-gm68",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json
new file mode 100644
index 00000000000..2e6dbab80ed
--- /dev/null
+++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34447.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-34447",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.147",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0."
+ },
+ {
+ "lang": "es",
+ "value": "iTop es una plataforma de gesti\u00f3n de servicios de TI basada en web y de c\u00f3digo abierto. Antes de las versiones 3.0.4 y 3.1.0, en `pages/UI.php`, era posible realizar Cross-Site Scripting (XSS). Este problema se solucion\u00f3 en las versiones 3.0.4 y 3.1.0."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/Combodo/iTop/commit/519751faa10b2fc5b75ea4516a1b8ef13ca35b33",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/Combodo/iTop/commit/b8f61362f570e1ef8127175331012b7fc8aba802",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-6rfm-2rwg-mj7p",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json
index c4ad2c67aba..b25442797a2 100644
--- a/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34969.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-34969",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-08T03:15:08.970",
- "lastModified": "2023-06-24T03:15:09.013",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-23T16:15:08.950",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -95,6 +95,10 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00033.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34975.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34975.json
index f30071f290f..27c766a074f 100644
--- a/CVE-2023/CVE-2023-349xx/CVE-2023-34975.json
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34975.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-34975",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:10.153",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T19:54:57.237",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.7.0 (2023/07/27) y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -46,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "5.7.0",
+ "matchCriteriaId": "41493329-139C-4B96-9C16-19DCF1698ACC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-52",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34976.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34976.json
index e7176d22d60..f8646a1f942 100644
--- a/CVE-2023/CVE-2023-349xx/CVE-2023-34976.json
+++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34976.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-34976",
"sourceIdentifier": "security@qnapsecurity.com.tw",
"published": "2023-10-13T20:15:10.230",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T19:56:09.990",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n"
+ },
+ {
+ "lang": "es",
+ "value": "Se ha informado que una vulnerabilidad de inyecci\u00f3n SQL afecta a Video Station. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios autenticados inyectar c\u00f3digo malicioso a trav\u00e9s de una red. Ya se ha solucionado la vulnerabilidad en la siguiente versi\u00f3n: Video Station 5.7.0 (2023/07/27) y posteriores"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ },
{
"source": "security@qnapsecurity.com.tw",
"type": "Secondary",
@@ -46,10 +80,31 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:qnap:video_station:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "5.7.0",
+ "matchCriteriaId": "41493329-139C-4B96-9C16-19DCF1698ACC"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-52",
- "source": "security@qnapsecurity.com.tw"
+ "source": "security@qnapsecurity.com.tw",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3487.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3487.json
new file mode 100644
index 00000000000..3e53e57585c
--- /dev/null
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3487.json
@@ -0,0 +1,125 @@
+{
+ "id": "CVE-2023-3487",
+ "sourceIdentifier": "product-security@silabs.com",
+ "published": "2023-10-20T15:15:11.967",
+ "lastModified": "2023-10-27T18:50:10.740",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nAn integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Un desbordamiento de enteros en Silicon Labs Gecko Bootloader versi\u00f3n 4.3.1 y anteriores permite acceso ilimitado a la memoria al leer o escribir en ranuras de almacenamiento."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "product-security@silabs.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.7,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.5,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ },
+ {
+ "source": "product-security@silabs.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:silabs:gecko_bootloader:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "4.3.1",
+ "matchCriteriaId": "CC6CEA66-303E-4E36-8F75-6AFF06A17639"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV",
+ "source": "product-security@silabs.com",
+ "tags": [
+ "Permissions Required"
+ ]
+ },
+ {
+ "url": "https://github.com/SiliconLabs/gecko_sdk/releases",
+ "source": "product-security@silabs.com",
+ "tags": [
+ "Release Notes"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json
index 580f0342422..e1b8f0060fe 100644
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-35013",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T00:15:10.420",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T16:42:30.197",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0, Identity Manager podr\u00eda permitir que un usuario privilegiado local obtenga informaci\u00f3n confidencial del c\u00f3digo fuente. ID de IBM X-Force: 257769."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndExcluding": "10.0.2",
+ "matchCriteriaId": "2F71600E-74AE-4A57-B9F6-2773CBD8761D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257769",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7050358",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json
index 7bede96e857..7b41e9600bd 100644
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-35018",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T00:15:10.510",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T16:20:10.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Security Verify Governance 10.0 podr\u00eda permitir un uso privilegiado para cargar archivos arbitrarios debido a una validaci\u00f3n de archivos incorrecta. ID de IBM X-Force: 259382."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,41 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:security_verify_governance:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0",
+ "versionEndExcluding": "10.0.2",
+ "matchCriteriaId": "2F71600E-74AE-4A57-B9F6-2773CBD8761D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259382",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7050358",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35024.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35024.json
index c4c425a96e8..8ca5d994fe1 100644
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35024.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35024.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-35024",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-14T16:15:10.670",
- "lastModified": "2023-10-14T17:32:28.813",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T21:04:02.917",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Cloud Pak para Automatizaci\u00f3n Empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1 y 22.0.2 son vulnerables a Cross-Site Scripting (XSS). Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 258349."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.6,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 4.7
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -46,14 +80,104 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C27956AA-CCEE-4073-A8D7-D1B9575EE25C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "12A70646-ADD3-4CF7-A591-8BE96FBEF5A9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DF6CB2C4-800F-487A-B0E5-8A0A9718549D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D52711AA-0F11-47E7-8EE8-6B8D65403F8A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CE2C6F84-C83F-4AE1-B0A7-740568F52C04"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
+ "matchCriteriaId": "250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C5B7FA4-A27C-40CA-AA53-183909D18C13"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BA799229-3577-409F-BFCC-0ABA541EA710"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/258349",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047198",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
index 0bd74c3eb07..5bc6289054b 100644
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35074.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-35074",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.800",
- "lastModified": "2023-10-14T03:15:09.803",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:09:02.390",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -96,6 +96,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -117,15 +132,27 @@
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/3",
- "source": "product-security@apple.com"
+ "source": "product-security@apple.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/8",
- "source": "product-security@apple.com"
+ "source": "product-security@apple.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/9",
- "source": "product-security@apple.com"
+ "source": "product-security@apple.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/28/3",
@@ -136,7 +163,10 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/",
- "source": "product-security@apple.com"
+ "source": "product-security@apple.com",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://support.apple.com/en-us/HT213936",
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35083.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35083.json
new file mode 100644
index 00000000000..cfdb885111a
--- /dev/null
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35083.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-35083",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-18T04:15:10.900",
+ "lastModified": "2023-10-25T00:14:42.067",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information."
+ },
+ {
+ "lang": "es",
+ "value": "Permite que un atacante autenticado con acceso a la red lea archivos arbitrarios en Endpoint Manager descubierto recientemente en 2022 SU3 y todas las versiones anteriores, lo que podr\u00eda provocar la fuga de informaci\u00f3n confidencial."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2022",
+ "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
+ "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
+ "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
+ "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
+ "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://forums.ivanti.com/s/article/SA-2023-06-20-CVE-2023-35083?language=en_US",
+ "source": "support@hackerone.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-350xx/CVE-2023-35084.json b/CVE-2023/CVE-2023-350xx/CVE-2023-35084.json
new file mode 100644
index 00000000000..e1dfdcd14a2
--- /dev/null
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35084.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-35084",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-18T04:15:11.027",
+ "lastModified": "2023-10-25T00:17:27.200",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely."
+ },
+ {
+ "lang": "es",
+ "value": "La Deserializaci\u00f3n Insegura de la Entrada del Usuario podr\u00eda provocar la ejecuci\u00f3n de operaciones no autorizadas en Ivanti Endpoint Manager 2022 su3 y todas las versiones anteriores, lo que podr\u00eda permitir a un atacante ejecutar comandos de forma remota."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2022",
+ "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*",
+ "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*",
+ "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*",
+ "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*",
+ "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://forums.ivanti.com/s/article/SA-2023-08-08-CVE-2023-35084?language=en_US",
+ "source": "support@hackerone.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35126.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35126.json
new file mode 100644
index 00000000000..934cc8ca5f9
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35126.json
@@ -0,0 +1,215 @@
+{
+ "id": "CVE-2023-35126",
+ "sourceIdentifier": "talos-cna@cisco.com",
+ "published": "2023-10-19T17:15:10.000",
+ "lastModified": "2023-10-25T14:48:30.890",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An out-of-bounds write vulnerability exists within the parsers for both the \"DocumentViewStyles\" and \"DocumentEditStyles\" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites dentro de los analizadores para las secuencias \"DocumentViewStyles\" y \"DocumentEditStyles\" de Ichitaro 2023 1.0.1.59372 al procesar los tipos 0x0000-0x0009 de un registro de estilo con el tipo 0x2008. Un documento especialmente manipulado puede provocar da\u00f1os en la memoria, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-129"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1825",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35180.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35180.json
new file mode 100644
index 00000000000..c26c16d6e07
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35180.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35180",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:08.823",
+ "lastModified": "2023-10-25T17:38:08.880",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows authenticated users to abuse SolarWinds ARM API."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite a los usuarios autenticados abusar de la API ARM de SolarWinds."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35180",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35181.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35181.json
new file mode 100644
index 00000000000..d1f9f1237ad
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35181.json
@@ -0,0 +1,110 @@
+{
+ "id": "CVE-2023-35181",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:08.983",
+ "lastModified": "2023-10-25T19:14:40.357",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows users to abuse incorrect folder permission resulting in Privilege Escalation."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios abusar de permisos de carpeta incorrectos, lo que resulta en una escalada de privilegios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35181",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35182.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35182.json
new file mode 100644
index 00000000000..64e7a36426e
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35182.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35182",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.070",
+ "lastModified": "2023-10-25T19:17:56.583",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability can be abused by unauthenticated users on SolarWinds ARM Server."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad puede ser aprovechada por usuarios no autenticados en SolarWinds ARM Server."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35182",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35183.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35183.json
new file mode 100644
index 00000000000..f0cf06e62cb
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35183.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-35183",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.157",
+ "lastModified": "2023-10-25T19:28:54.903",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. This vulnerability allows authenticated users to abuse local resources to Privilege Escalation."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de escalada de privilegios. Esta vulnerabilidad permite a los usuarios autenticados abusar de los recursos locales para escalar privilegios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35183",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35184.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35184.json
new file mode 100644
index 00000000000..dfc1005474a
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35184.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35184",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.247",
+ "lastModified": "2023-10-25T19:29:44.983",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario no autenticado abuse de un servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35184",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35185.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35185.json
new file mode 100644
index 00000000000..86e8def129b
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35185.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35185",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.330",
+ "lastModified": "2023-10-25T20:19:07.667",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. "
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code utilizando privilegios de SYSTEM."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35185",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35186.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35186.json
new file mode 100644
index 00000000000..49018356f9f
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35186.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35186",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.410",
+ "lastModified": "2023-10-25T19:39:42.820",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an authenticated user to abuse SolarWinds service resulting in remote code execution."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario autenticado abuse del servicio SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-502"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35186",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35187.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35187.json
new file mode 100644
index 00000000000..a3106e13078
--- /dev/null
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35187.json
@@ -0,0 +1,108 @@
+{
+ "id": "CVE-2023-35187",
+ "sourceIdentifier": "psirt@solarwinds.com",
+ "published": "2023-10-19T15:15:09.500",
+ "lastModified": "2023-10-25T19:43:00.663",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability allows an unauthenticated user to achieve the Remote Code Execution."
+ },
+ {
+ "lang": "es",
+ "value": "SolarWinds Access Rights Manager era susceptible a una vulnerabilidad de Directory Traversal Remote Code. Esta vulnerabilidad permite que un usuario no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "psirt@solarwinds.com",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2023.2.0.73",
+ "matchCriteriaId": "D2286244-6B0B-40D7-BC8B-8F843005B66B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Release Notes",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35187",
+ "source": "psirt@solarwinds.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35193.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35193.json
index 778e75ea416..32a4ac7c90c 100644
--- a/CVE-2023/CVE-2023-351xx/CVE-2023-35193.json
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35193.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-35193",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.723",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:59:29.847",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad api.cgi cmd.mvpn.x509.write de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede conducir a la ejecuci\u00f3n de un comando. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad es espec\u00edficamente para la llamada \"system\" en el archivo \"/web/MANGA/cgi-bin/api.cgi\" para la versi\u00f3n de firmware 6.3.5 en el desplazamiento 0x4bddb8."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35194.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35194.json
index 8e498e14068..a3063789897 100644
--- a/CVE-2023/CVE-2023-351xx/CVE-2023-35194.json
+++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35194.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-35194",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2023-10-11T16:15:13.797",
- "lastModified": "2023-10-11T16:37:00.913",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:59:10.533",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la funcionalidad api.cgi cmd.mvpn.x509.write de peplink Surf SOHO HW1 v6.3.5 (en QEMU). Una solicitud HTTP especialmente manipulada puede conducir a la ejecuci\u00f3n de un comando. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad. Esta vulnerabilidad es espec\u00edficamente para la llamada del `system` en el archivo `/web/MANGA/cgi-bin/api.cgi` para la versi\u00f3n de firmware 6.3.5 en el desplazamiento `0x4bde44 `."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
+ },
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@@ -46,10 +80,44 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F47DB73-DEB9-4191-9C70-BFD620575394"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2313EA09-B0EA-4591-B4EA-2B80E7C60422"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
- "source": "talos-cna@cisco.com"
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Product",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35649.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35649.json
index 23851e4af1e..630aea95e48 100644
--- a/CVE-2023/CVE-2023-356xx/CVE-2023-35649.json
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35649.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-35649",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.140",
- "lastModified": "2023-10-11T21:04:47.110",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T14:17:02.757",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "En varias funciones de los archivos del m\u00f3dem Exynos, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo con los privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35656.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35656.json
new file mode 100644
index 00000000000..6ca93e27d82
--- /dev/null
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35656.json
@@ -0,0 +1,79 @@
+{
+ "id": "CVE-2023-35656",
+ "sourceIdentifier": "security@android.com",
+ "published": "2023-10-18T20:15:08.933",
+ "lastModified": "2023-10-25T10:02:58.693",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": " In multiple functions of protocolembmsadapter.cpp, there is a possible out\n of bounds read due to a missing bounds check. This could lead to remote\n information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation."
+ },
+ {
+ "lang": "es",
+ "value": "En m\u00faltiples funciones de protocolembmsadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35660.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35660.json
index 7ad15a731a2..446880015e4 100644
--- a/CVE-2023/CVE-2023-356xx/CVE-2023-35660.json
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35660.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-35660",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.380",
- "lastModified": "2023-10-11T21:04:47.110",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T01:42:58.543",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "En lwis_transaction_client_cleanup de lwis_transaction.c, existe una posible forma de da\u00f1ar la memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35661.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35661.json
index 619d4aaa464..a16e43dd11a 100644
--- a/CVE-2023/CVE-2023-356xx/CVE-2023-35661.json
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35661.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-35661",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.427",
- "lastModified": "2023-10-11T21:04:47.110",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T01:45:44.173",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "En ProfSixDecomTcpSACKoption de RohcPacketCommon.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35662.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35662.json
index eb884201749..aee489971c7 100644
--- a/CVE-2023/CVE-2023-356xx/CVE-2023-35662.json
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35662.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-35662",
"sourceIdentifier": "security@android.com",
"published": "2023-10-11T20:15:10.477",
- "lastModified": "2023-10-11T21:04:47.110",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T01:49:22.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento del b\u00fafer. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de actuaci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
- "source": "security@android.com"
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-356xx/CVE-2023-35663.json b/CVE-2023/CVE-2023-356xx/CVE-2023-35663.json
new file mode 100644
index 00000000000..5253b3ab80c
--- /dev/null
+++ b/CVE-2023/CVE-2023-356xx/CVE-2023-35663.json
@@ -0,0 +1,79 @@
+{
+ "id": "CVE-2023-35663",
+ "sourceIdentifier": "security@android.com",
+ "published": "2023-10-18T20:15:08.993",
+ "lastModified": "2023-10-25T10:33:09.410",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": " In Init of protocolnetadapter.cpp, there is a possible out of bounds read\n due to a missing bounds check. This could lead to remote information\n disclosure with no additional execution privileges needed. User interaction\n is not needed for exploitation."
+ },
+ {
+ "lang": "es",
+ "value": "En el inicio de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
+ "source": "security@android.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json
index d82bffefdfa..48f4556d185 100644
--- a/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json
+++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35788.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-35788",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.340",
- "lastModified": "2023-09-11T19:15:42.757",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-20T00:15:14.027",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en fl_set_geneve_opt en net/sched/cls_flower.c en el kernel de Linux antes de 6.3.7. Permite una escritura fuera de los l\u00edmites en el c\u00f3digo flower classifier a trav\u00e9s de paquetes TCA_FLOWER_KEY_ENC_OPTS_GENEVE. Esto puede resultar en denegaci\u00f3n de servicio o escalada de privilegios.\n"
}
],
"metrics": {
@@ -246,6 +250,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230714-0002/",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35794.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35794.json
new file mode 100644
index 00000000000..0bc0ad18d05
--- /dev/null
+++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35794.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-35794",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-27T21:15:08.513",
+ "lastModified": "2023-10-29T01:44:42.707",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/Dodge-MPTC/CVE-2023-35794-WebSSH-Hijacking",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://www.cassianetworks.com/products/iot-access-controller/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-357xx/CVE-2023-35796.json b/CVE-2023/CVE-2023-357xx/CVE-2023-35796.json
index fd91738c696..3cec6e91330 100644
--- a/CVE-2023/CVE-2023-357xx/CVE-2023-35796.json
+++ b/CVE-2023/CVE-2023-357xx/CVE-2023-35796.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-35796",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:11.733",
- "lastModified": "2023-10-10T12:16:32.703",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-24T12:25:01.420",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "productcert@siemens.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 6.0
+ },
+ {
+ "source": "productcert@siemens.com",
+ "type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
@@ -50,10 +70,30 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:siemens:sinema_server:14.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "85D4624C-8FF6-43E7-9098-5BD106EF6972"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594373.pdf",
- "source": "productcert@siemens.com"
+ "source": "productcert@siemens.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json
index ad06c3b63fc..b62bce11c9e 100644
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35823.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-35823",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-18T22:15:09.187",
- "lastModified": "2023-08-03T15:15:26.330",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:42:43.460",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -66,6 +66,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -87,7 +102,19 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/",
@@ -105,7 +132,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json b/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json
index 185d1cd95dd..56c7d7d6780 100644
--- a/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json
+++ b/CVE-2023/CVE-2023-358xx/CVE-2023-35824.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-35824",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-18T22:15:09.240",
- "lastModified": "2023-08-03T15:15:26.610",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:42:48.027",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -66,6 +66,21 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -87,7 +102,19 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00030.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/",
@@ -105,7 +132,10 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0002/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json
index 01a0e74272c..a074b58a1a4 100644
--- a/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json
+++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35945.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-35945",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-13T21:15:08.880",
- "lastModified": "2023-07-25T18:36:37.267",
+ "lastModified": "2023-10-24T17:26:30.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -113,6 +113,22 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nghttp2:nghttp2:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "1.55.1",
+ "matchCriteriaId": "2BE13342-76A9-4B62-941D-39C1FE18E19D"
+ }
+ ]
+ }
+ ]
}
],
"references": [
diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35986.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35986.json
new file mode 100644
index 00000000000..fa3235fc280
--- /dev/null
+++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35986.json
@@ -0,0 +1,111 @@
+{
+ "id": "CVE-2023-35986",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-19T18:15:09.320",
+ "lastModified": "2023-10-25T14:28:44.120",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nSante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Sante DICOM Viewer Pro carece de una validaci\u00f3n adecuada de los datos proporcionados por el usuario al analizar archivos DICOM. Esto podr\u00eda provocar un desbordamiento del b\u00fafer basado en pila. Un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:santesoft:dicom_viewer_pro:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "12.2.6",
+ "matchCriteriaId": "5D4EC8EE-4148-43B2-8E1A-EAE05484DDF4"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-285-01",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json
index 400605f8dcb..0078e6bbbfc 100644
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3567.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:12.990",
- "lastModified": "2023-10-11T19:15:10.337",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-26T18:08:49.270",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -132,12 +132,51 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3567",
diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3575.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3575.json
index 6ac62d6832c..5a52f5b372a 100644
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3575.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3575.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3575",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-07T15:15:11.460",
- "lastModified": "2023-10-11T09:15:10.320",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:31:30.007",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -75,7 +75,10 @@
},
{
"url": "https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json
index 141ec77ce1f..22126357083 100644
--- a/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json
+++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3589.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3589",
"sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-10-09T09:15:10.507",
- "lastModified": "2023-10-13T10:15:10.090",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-20T20:22:07.120",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,7 +11,7 @@
},
{
"lang": "es",
- "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x permite a un atacante enviar una consulta espec\u00edficamente manipulada al servidor."
+ "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x podr\u00eda permitir, con algunas condiciones muy espec\u00edficas, que un atacante env\u00ede una consulta espec\u00edficamente manipulada al servidor."
}
],
"metrics": {
@@ -21,19 +21,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
- "attackComplexity": "LOW",
+ "attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 8.8,
+ "baseScore": 7.5,
"baseSeverity": "HIGH"
},
- "exploitabilityScore": 2.8,
+ "exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json
index 7372a91b4b7..0fc242eafc6 100644
--- a/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json
+++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36053.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36053",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T13:15:09.737",
- "lastModified": "2023-10-15T04:15:11.993",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-23T04:15:11.267",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -116,6 +116,10 @@
"Mailing List"
]
},
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NRDGTUN4LTI6HG4TWR3JYLSFVXPZT42A/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5DYKPNDCEHJQ3TKPJQO7QGSR4FAYMS/",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36054.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36054.json
index d2a880f2433..3f19f8ecb3c 100644
--- a/CVE-2023/CVE-2023-360xx/CVE-2023-36054.json
+++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36054.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36054",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-07T19:15:09.840",
- "lastModified": "2023-09-08T17:15:27.567",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-22T23:15:07.923",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -96,6 +96,10 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0004/",
"source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json
new file mode 100644
index 00000000000..ee7f3be2eba
--- /dev/null
+++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36085.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-36085",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T18:17:28.223",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its \"/sisqualIdentityServer/core/\" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources."
+ },
+ {
+ "lang": "es",
+ "value": "SisqualWFM 7.1.319.103 a 7.1.319.111 para Android tiene una vulnerabilidad de inyecci\u00f3n de encabezado de host en su endpoint \"/sisqualIdentityServer/core/\". Al modificar el encabezado del host HTTP, un atacante puede cambiar los enlaces de las p\u00e1ginas web e incluso redirigir a los usuarios a ubicaciones arbitrarias o maliciosas. Esto puede provocar ataques de phishing, distribuci\u00f3n de malware y acceso no autorizado a recursos confidenciales."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/omershaik0/Handmade_Exploits/tree/main/SISQUALWFM-Host-Header-Injection-CVE-2023-36085",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36193.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36193.json
index d30b5bd88db..aacd44c0d71 100644
--- a/CVE-2023/CVE-2023-361xx/CVE-2023-36193.json
+++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36193.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-36193",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-23T02:15:09.703",
- "lastModified": "2023-06-30T17:31:02.620",
+ "lastModified": "2023-10-24T16:06:23.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:gifsicle_project:gifsicle:1.93:*:*:*:*:*:*:*",
- "matchCriteriaId": "A319ACEB-3148-493D-B050-FF4E6D3C4156"
+ "criteria": "cpe:2.3:a:lcdf:gifsicle:1.93:*:*:*:*:*:*:*",
+ "matchCriteriaId": "14BC6A04-1F0C-48A3-BB79-9113D6CFB96F"
}
]
}
diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36321.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36321.json
new file mode 100644
index 00000000000..ebfb89806b9
--- /dev/null
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36321.json
@@ -0,0 +1,88 @@
+{
+ "id": "CVE-2023-36321",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-17T23:15:11.513",
+ "lastModified": "2023-10-24T23:40:13.823",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered to contain a buffer overflow via the component /shared/dlt_common.c."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que Connected Vehicle Systems Alliance (COVESA) hasta v2.18.8 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del componente /shared/dlt_common.c."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:covesa:dlt-daemon:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.18.8",
+ "matchCriteriaId": "66004448-7EF2-4593-88DC-D85CB481BD06"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/COVESA/dlt-daemon/issues/436",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking"
+ ]
+ },
+ {
+ "url": "https://github.com/michael-methner/dlt-daemon/commit/8ac9a080bee25e67e49bd138d81c992ce7b6d899",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Patch"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36340.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36340.json
index 734e1e25b27..965403e29d5 100644
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36340.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36340.json
@@ -2,19 +2,91 @@
"id": "CVE-2023-36340",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T05:15:49.633",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:01.763",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que TOTOLINK NR1800X V9.1.0u.6279_B20210910 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro http_host en la funci\u00f3n loginAuth."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:nr1800x_firmware:9.1.0u.6279_b20210910:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5CFB91EF-6C07-45CB-AA17-A3D937FC9D7C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:nr1800x:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B4D2D0E8-2678-4238-8229-83450ECA1153"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/TOTOLINK-NR1800X.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36380.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36380.json
index 62c569ff35d..76b7154aaed 100644
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36380.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36380.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36380",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-10-10T11:15:11.817",
- "lastModified": "2023-10-10T12:16:32.703",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T14:23:25.010",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "productcert@siemens.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "productcert@siemens.com",
+ "type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@@ -50,10 +70,72 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:siemens:cp-8050_firmware:*:*:*:*:cpci85:*:*:*",
+ "versionEndExcluding": "05.11",
+ "matchCriteriaId": "5DDCBDDD-3936-462A-A93A-696AAEBB4EBA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:siemens:cp-8050:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "929EF3DE-C8E6-49DA-98C0-13AB4C966AA7"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:siemens:cp-8031_firmware:*:*:*:*:cpci85:*:*:*",
+ "versionEndExcluding": "05.11",
+ "matchCriteriaId": "36A1AC2A-A6D1-4C2F-9439-FA093EB6B44D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:siemens:cp-8031:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D24F9EDC-DA14-477D-B9C1-C9BF56E9B057"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-134651.pdf",
- "source": "productcert@siemens.com"
+ "source": "productcert@siemens.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json
index a791e80faab..23c4a691b3e 100644
--- a/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json
+++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36387.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36387",
"sourceIdentifier": "security@apache.org",
"published": "2023-09-06T13:15:08.537",
- "lastModified": "2023-10-17T08:15:09.210",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T18:47:21.623",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -60,7 +60,7 @@
},
"weaknesses": [
{
- "source": "security@apache.org",
+ "source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@@ -70,12 +70,12 @@
]
},
{
- "source": "nvd@nist.gov",
+ "source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-281"
+ "value": "CWE-863"
}
]
}
@@ -101,7 +101,10 @@
"references": [
{
"url": "https://github.com/apache/superset/pull/24185",
- "source": "security@apache.org"
+ "source": "security@apache.org",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3",
diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36478.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36478.json
index 0704d91d42a..de4cb0889c5 100644
--- a/CVE-2023/CVE-2023-364xx/CVE-2023-36478.json
+++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36478.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-36478",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-10T17:15:11.737",
- "lastModified": "2023-10-10T17:52:17.703",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-27T19:12:19.247",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to\nexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295\nwill overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds."
+ },
+ {
+ "lang": "es",
+ "value": "Eclipse Jetty proporciona un servidor web y un contenedor de servlets. En las versiones 11.0.0 a 11.0.15, 10.0.0 a 10.0.15 y 9.0.0 a 9.4.52, un desbordamiento de enteros en `MetaDataBuilder.checkSize` permite que los valores del encabezado HTTP/2 HPACK excedan su l\u00edmite de tama\u00f1o. `MetaDataBuilder.java` determina si el nombre o valor de un encabezado excede el l\u00edmite de tama\u00f1o y genera una excepci\u00f3n si se excede el l\u00edmite. Sin embargo, cuando la longitud es muy grande y Huffman es verdadera, la multiplicaci\u00f3n por 4 en la l\u00ednea 295 se desbordar\u00e1 y la longitud se volver\u00e1 negativa. `(_size+length)` ahora ser\u00e1 negativo y la verificaci\u00f3n en la l\u00ednea 296 no se activar\u00e1. Adem\u00e1s, `MetaDataBuilder.checkSize` permite que los tama\u00f1os de los valores del encabezado HPACK ingresados por el usuario sean negativos, lo que podr\u00eda generar una asignaci\u00f3n de b\u00fafer muy grande m\u00e1s adelante cuando el tama\u00f1o ingresado por el usuario se multiplique por 2. Esto significa que si un usuario proporciona un tama\u00f1o con valor de longitud negativo (o, m\u00e1s precisamente, un valor de longitud que, cuando se multiplica por el factor de manipulaci\u00f3n 4/3, es negativo), y este valor de longitud es un n\u00famero positivo muy grande cuando se multiplica por 2, entonces el usuario puede causar un valor de longitud muy grande de b\u00fafer que se asignar\u00e1 en el servidor. Los usuarios de HTTP/2 pueden verse afectados por un ataque remoto de denegaci\u00f3n de servicio. El problema se solucion\u00f3 en las versiones 11.0.16, 10.0.16 y 9.4.53. No se conocen workarounds."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -36,8 +60,18 @@
},
"weaknesses": [
{
- "source": "security-advisories@github.com",
+ "source": "nvd@nist.gov",
"type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ },
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
"description": [
{
"lang": "en",
@@ -50,26 +84,106 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.3.0",
+ "versionEndExcluding": "9.4.53",
+ "matchCriteriaId": "0780793A-2F4A-452B-BCC8-1945E57C3C49"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0.0",
+ "versionEndExcluding": "10.0.16",
+ "matchCriteriaId": "1D15B5CF-CDFA-4303-8A9F-CF2FAD8E10CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.0.0",
+ "versionEndExcluding": "11.0.16",
+ "matchCriteriaId": "9153C468-135C-49C4-B33B-1828E37AF483"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
+ "versionEndExcluding": "2.414.3",
+ "matchCriteriaId": "16B24AD0-318F-4E5D-B2BF-DD61A7C033CF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*",
+ "versionEndExcluding": "2.428",
+ "matchCriteriaId": "156AD017-ABC8-49EC-BB4F-79C55D6B2BC1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4",
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://github.com/eclipse/jetty.project/pull/9634",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json
index 8e54f074a4b..21cd29a25f5 100644
--- a/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json
+++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36559.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-36559",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-10-13T21:15:51.583",
- "lastModified": "2023-10-13T21:31:49.997",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T20:01:09.807",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
+ },
+ {
+ "lang": "es",
+ "value": "Vulnerabilidad de Suplantaci\u00f3n de Identidad en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@@ -34,10 +38,44 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "118.0.2088.46",
+ "matchCriteriaId": "14DD85C8-A45D-4A05-82D4-F7C614177054"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36559",
- "source": "secure@microsoft.com"
+ "source": "secure@microsoft.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36806.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36806.json
index 99e73998b6e..e29e6585261 100644
--- a/CVE-2023/CVE-2023-368xx/CVE-2023-36806.json
+++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36806.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-25T19:15:11.550",
- "lastModified": "2023-08-02T15:59:40.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-21T01:15:07.817",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -127,6 +127,10 @@
"tags": [
"Vendor Advisory"
]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/usd-2023-0020/",
+ "source": "security-advisories@github.com"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36841.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36841.json
index 07d711c8b73..9f785935630 100644
--- a/CVE-2023/CVE-2023-368xx/CVE-2023-36841.json
+++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36841.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-36841",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-12T23:15:10.967",
- "lastModified": "2023-10-13T12:47:48.873",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T16:03:01.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).\n\nAn attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.\n\nThis issue affects interfaces with PPPoE configured and tcp-mss enabled.\n\nThis issue affects Juniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una verificaci\u00f3n inadecuada de la vulnerabilidad de condiciones inusuales o excepcionales en Packet Forwarding Engine (pfe) de Juniper Networks Junos OS en la serie MX permite que un atacante basado en red no autenticado provoque un bucle infinito, lo que resulta en una Denegaci\u00f3n de Servicio (DoS). Un atacante que env\u00eda tr\u00e1fico TCP con formato incorrecto a trav\u00e9s de una interfaz configurada con PPPoE provoca un bucle infinito en el PFE respectivo. Esto da como resultado el consumo de todos los recursos y es necesario un reinicio manual para recuperarse. Este problema afecta a las interfaces con PPPoE configurado y tcp-mss habilitado. Este problema afecta a Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S7; * 21.1 versi\u00f3n 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S3; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3; * Versiones 22.3 anteriores a 22.3R2-S2; * Versiones 22.4 anteriores a 22.4R2;"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -46,10 +80,446 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20.4",
+ "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "D49FFB60-BA71-4902-9404-E67162919ADC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "EFF72FCA-C440-4D43-9BDB-F712DB413717"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73172",
- "source": "sirt@juniper.net"
+ "source": "sirt@juniper.net",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36843.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36843.json
index e86fb801143..9e11e63c086 100644
--- a/CVE-2023/CVE-2023-368xx/CVE-2023-36843.json
+++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36843.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-36843",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-12T23:15:11.053",
- "lastModified": "2023-10-13T12:47:48.873",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-17T15:58:59.760",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).\n\nUpon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device.\n\nThis issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via \u2018security-metadata-streaming policy\u2019).\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8, 20.4R3-S9;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n\n\n\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de manejo inadecuado de elementos especiales inconsistentes en el m\u00f3dulo Junos Services Framework (jsf) de Juniper Networks Junos OS permite que un atacante basado en red no autenticado cause una falla en Packet Forwarding Engine (pfe) y, por lo tanto, resulte en una Denegaci\u00f3n de Servicio (DoS). ). Al recibir tr\u00e1fico SSL con formato incorrecto, el PFE falla. Ser\u00e1 necesario un reinicio manual para recuperar el dispositivo. Este problema solo afecta a los dispositivos con Juniper Networks Advanced Threat Prevention (ATP) Cloud habilitado con Encrypted Traffic Insights (configurado a trav\u00e9s de la 'pol\u00edtica de transmisi\u00f3n de metadatos de seguridad'). Este problema afecta a Juniper Networks Junos OS: * Todas las versiones anteriores a 20.4R3-S8, 20.4R3-S9; * 21.1 versi\u00f3n 21.1R1 y versiones posteriores; * Versiones 21.2 anteriores a 21.2R3-S6; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R2-S2, 22.3R3; * Versiones 22.4 anteriores a 22.4R2-S1, 22.4R3;"
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ },
{
"source": "sirt@juniper.net",
"type": "Secondary",
@@ -46,10 +80,481 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20.4",
+ "matchCriteriaId": "E3A96966-5060-4139-A124-D4E2C879FD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "3D361B23-A3C2-444B-BEB8-E231DA950567"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "20DDC6B7-BFC4-4F0B-8E68-442C23765BF2"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "037BA01C-3F5C-4503-A633-71765E9EF774"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C54B047C-4B38-40C0-9855-067DCF7E48BD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "38984199-E332-4A9C-A4C0-78083D052E15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "AA6526FB-2941-4D18-9B2E-472AD5A62A53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "09876787-A40A-4340-9C12-8628C325353B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "41615104-C17E-44DA-AB0D-6E2053BD4EF4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1981DE38-36B5-469D-917E-92717EE3ED53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "AFA68ACD-AAE5-4577-B734-23AAF77BC85A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "65948ABC-22BB-46D5-8545-0806EDB4B86E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "283E41CB-9A90-4521-96DC-F31AA592CFD8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "14EEA504-CBC5-4F6F-889A-D505EC4BB5B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "977DEF80-0DB5-4828-97AC-09BB3111D585"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:20.4:r3-s9:*:*:*:*:*:*",
+ "matchCriteriaId": "0CED6FFE-1854-4BB0-8DB5-D2D756E68CAC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "72E2DDF6-01DF-4880-AB60-B3DA3281E88D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54010163-0810-4CF5-95FE-7E62BC6CA4F9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "5C1C3B09-3800-493E-A319-57648305FE6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "4BFDCC2B-FAB5-4164-8D70-28E4DFF052AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "E596ABD9-6ECD-48DC-B770-87B7E62EA345"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "71745D02-D226-44DC-91AD-678C85F5E6FC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "39E44B09-7310-428C-8144-AE9DB0484D1F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "53938295-8999-4316-9DED-88E24D037852"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.2:r3-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "2307BF56-640F-49A8-B060-6ACB0F653A61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "57E08E70-1AF3-4BA5-9A09-06DFE9663ADE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "255B6F20-D32F-42C1-829C-AE9C7923558A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "90AE30DB-C448-4FE9-AC11-FF0F27CDA227"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "93F324AE-65D3-4CFC-AEAB-898CE1BD05CD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.3:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "3CCBB2F4-F05B-4CC5-9B1B-ECCB798D0483"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "9AD697DF-9738-4276-94ED-7B9380CD09F5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "09FF5818-0803-4646-A386-D7C645EE58A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2229FA59-EB24-49A2-85CE-F529A8DE6BA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "0CB280D8-C5D8-4B51-A879-496ACCDE4538"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5F3F54F1-75B3-400D-A735-2C27C8CEBE79"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "476A49E7-37E9-40F9-BF2D-9BBFFAA1DFFC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "0A5B196A-2AF1-4AE5-9148-A75A572807BC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:21.4:r3-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "3B457616-2D91-4913-9A7D-038BBF8F1F66"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "E117E493-F4E1-4568-88E3-F243C74A2662"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "01E3E308-FD9C-4686-8C35-8472A0E99F0D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "3683A8F5-EE0E-4936-A005-DF7F6B75DED3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1B615DBA-8C53-41D4-B264-D3EED8578471"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "B3124DD0-9E42-4896-9060-CB7DD07FC342"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.1:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "44F6FD6C-03AF-4D2C-B411-A753DE12A2DA"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "E949B21B-AD62-4022-9088-06313277479E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "8D862E6F-0D01-4B25-8340-888C30F75A2F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2F28F73E-8563-41B9-A313-BBAAD5B57A67"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "E37D4694-C80B-475E-AB5B-BB431F59C5E1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5EC0D2D2-4922-4675-8A2C-57A08D7BE334"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "9EC91F9D-DEDA-46B4-A39F-59A2CDB86C2E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "591AA3E6-62A2-4A1A-A04C-E808F71D8B6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.2:r3-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "786F993E-32CB-492A-A7CC-A7E4F48EA8B9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "19519212-51DD-4448-B115-8A20A40192CC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "5CC9909E-AE9F-414D-99B1-83AA04D5297B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "FDE9E767-4713-4EA2-8D00-1382975A4A15"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "59DDA54E-6845-47EB-AE3C-5EC6BD33DFA7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "574730B0-56C8-4A03-867B-1737148ED9B1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.3:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "FB4C0FBF-8813-44E5-B71A-22CBAA603E2F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "28E42A41-7965-456B-B0AF-9D3229CE4D4C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "CB1A77D6-D3AD-481B-979C-8F778530B175"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "3A064B6B-A99B-4D8D-A62D-B00C7870BC30"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "40813417-A938-4F74-A419-8C5188A35486"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "7E5688D6-DCA4-4550-9CD1-A3D792252129"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://supportportal.juniper.net/JSA73174",
- "source": "sirt@juniper.net"
+ "source": "sirt@juniper.net",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-368xx/CVE-2023-36857.json b/CVE-2023/CVE-2023-368xx/CVE-2023-36857.json
new file mode 100644
index 00000000000..f8f385a5f04
--- /dev/null
+++ b/CVE-2023/CVE-2023-368xx/CVE-2023-36857.json
@@ -0,0 +1,122 @@
+{
+ "id": "CVE-2023-36857",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-19T00:15:16.203",
+ "lastModified": "2023-10-25T14:28:53.610",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\nBaker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.05\n\n contains\u00a0a replay vulnerability which could allow an attacker to \n\n\n\nreplay older captured packets of traffic to the device to gain access.\n\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Baker Hughes en Bently Nevada 3500 System TDI Firmware versi\u00f3n 5.05 contiene una vulnerabilidad de reproducci\u00f3n que podr\u00eda permitir a un atacante reproducir paquetes de tr\u00e1fico capturados m\u00e1s antiguos en el dispositivo para obtener acceso."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-294"
+ }
+ ]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-294"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:bakerhughes:bentley_nevada_3500_system_firmware:5.0.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9329A00C-D768-442F-9CDE-0027886D9F3E"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:bakerhughes:bentley_nevada_3500_system:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CDE17D85-8ABE-45B6-9FFB-66B74CCFF1CD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-269-05",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json
index 2623aed6126..9a45bbc2967 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36947.json
@@ -2,19 +2,118 @@
"id": "CVE-2023-36947",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T05:15:49.740",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:15.513",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 conten\u00edan un desbordamiento de pila a trav\u00e9s del par\u00e1metro File en la funci\u00f3n UploadCustomModule."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/UploadCustomModule.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json
index faeb67f7b64..410360c0ab4 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36950.json
@@ -2,19 +2,118 @@
"id": "CVE-2023-36950",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T06:15:10.253",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:37.533",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que TOTOLINK X5000R V9.1.0u.6118_B20201102 y TOTOLINK A7000R V9.1.0u.6115_B20201022 conten\u00edan un desbordamiento de pila a trav\u00e9s del par\u00e1metro http_host en la funci\u00f3n loginAuth."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:x5000r_firmware:9.1.0u.6118_b20201102:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AFCC3B52-0985-4F61-BBCC-16A271E15CD4"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:x5000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BC45BFB0-0CF0-4F9E-B19D-D274B17F1591"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:a7000r_firmware:9.1.0u.6115_b20201022:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A5BB152D-5E33-4158-BFFD-68AED6A174E2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:a7000r:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "603DA206-05D4-48FD-A506-F3BD8B4383B2"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/loginauth.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36952.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36952.json
index 652fd165ec3..18d01fac648 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36952.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36952.json
@@ -2,19 +2,91 @@
"id": "CVE-2023-36952",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T05:15:49.787",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:31.540",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que TOTOLINK CP300+ V5.2cu.7594_B20200910 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro pingIp en la funci\u00f3n setDiagnosisCfg."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:cp300\\+_firmware:5.2cu.7594_b20200910:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD24E6CF-29AF-4828-8219-9EB5A54D62F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:cp300\\+:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B07884CE-EB34-46ED-9361-F0228D3EB758"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_1.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36953.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36953.json
index 24c0968f472..ed8714d544e 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36953.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36953.json
@@ -2,19 +2,91 @@
"id": "CVE-2023-36953",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T06:15:10.713",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:43.373",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection."
+ },
+ {
+ "lang": "es",
+ "value": "TOTOLINK CP300+ V5.2cu.7594_B20200910 y anteriores son vulnerables a la inyecci\u00f3n de comandos."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:cp300\\+_firmware:5.2cu.7594_b20200910:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD24E6CF-29AF-4828-8219-9EB5A54D62F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:cp300\\+:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B07884CE-EB34-46ED-9361-F0228D3EB758"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_2.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36954.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36954.json
index ad2c160dbc7..223dfe9f9ab 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36954.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36954.json
@@ -2,19 +2,91 @@
"id": "CVE-2023-36954",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T06:15:10.937",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:10:49.327",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection."
+ },
+ {
+ "lang": "es",
+ "value": "TOTOLINK CP300+ V5.2cu.7594_B20200910 y anteriores son vulnerables a la inyecci\u00f3n de comandos."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:cp300\\+_firmware:5.2cu.7594_b20200910:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BD24E6CF-29AF-4828-8219-9EB5A54D62F2"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:cp300\\+:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B07884CE-EB34-46ED-9361-F0228D3EB758"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_3.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-369xx/CVE-2023-36955.json b/CVE-2023/CVE-2023-369xx/CVE-2023-36955.json
index 0a8715dbe23..1d88d8bb15d 100644
--- a/CVE-2023/CVE-2023-369xx/CVE-2023-36955.json
+++ b/CVE-2023/CVE-2023-369xx/CVE-2023-36955.json
@@ -2,19 +2,92 @@
"id": "CVE-2023-36955",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-16T06:15:11.217",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T11:11:05.543",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que TOTOLINK CP300+ en versiones <=V5.2cu.7594_B20200910 conten\u00eda un desbordamiento de pila a trav\u00e9s del par\u00e1metro File en la funci\u00f3n UploadCustomModule."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:totolink:cp300\\+_firmware:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "5.2cu.7594_b20200910",
+ "matchCriteriaId": "41D56968-7E76-458C-A545-BA7425C63D86"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:totolink:cp300\\+:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B07884CE-EB34-46ED-9361-F0228D3EB758"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/Archerber/bug_submit/blob/main/TOTOLINK/CP300%2B_4.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json
index 299427a7749..7bb30eb8b79 100644
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3609.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3609",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-07-21T21:15:11.743",
- "lastModified": "2023-10-11T19:15:10.437",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-26T18:15:13.193",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -123,12 +123,36 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc",
@@ -146,13 +170,27 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0005/",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json
index 2f0d5fd5eda..6e86484d7b6 100644
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3611.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3611",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-07-21T21:15:11.897",
- "lastModified": "2023-09-10T12:15:45.677",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:28:57.463",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -98,6 +98,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -118,17 +143,34 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0002/",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json
index 72cb606614f..97313ca6025 100644
--- a/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json
+++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3635.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-3635",
"sourceIdentifier": "reefs@jfrog.com",
"published": "2023-07-12T19:15:08.983",
- "lastModified": "2023-07-26T16:24:46.917",
+ "lastModified": "2023-10-25T15:17:42.170",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -90,8 +90,16 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squareup:okio:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "0.5.0",
+ "versionEndExcluding": "1.17.6",
+ "matchCriteriaId": "03403B65-FE42-46FB-B8DA-2AAFAD29C5F4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:squareup:okio:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.0",
"versionEndExcluding": "3.4.0",
- "matchCriteriaId": "BA7992EF-23C5-476A-854B-562FE1C3742A"
+ "matchCriteriaId": "CC8A3FE6-BD81-4D3D-9568-E364F5D35668"
}
]
}
diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json
new file mode 100644
index 00000000000..c554a3675a1
--- /dev/null
+++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37283.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-37283",
+ "sourceIdentifier": "responsible-disclosure@pingidentity.com",
+ "published": "2023-10-25T18:17:28.270",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter\n"
+ },
+ {
+ "lang": "es",
+ "value": "Bajo una configuraci\u00f3n muy espec\u00edfica y altamente no recomendada, la omisi\u00f3n de autenticaci\u00f3n es posible en PingFederate Identifier First Adapter"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244",
+ "source": "responsible-disclosure@pingidentity.com"
+ },
+ {
+ "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
+ "source": "responsible-disclosure@pingidentity.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37502.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37502.json
new file mode 100644
index 00000000000..68b49fa5851
--- /dev/null
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37502.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-37502",
+ "sourceIdentifier": "psirt@hcl.com",
+ "published": "2023-10-18T23:15:08.230",
+ "lastModified": "2023-10-25T10:32:58.407",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "HCL Compass is vulnerable to lack of file upload security. \u00a0An attacker could upload files containing active code that can be executed by the server or by a user's web browser.\n"
+ },
+ {
+ "lang": "es",
+ "value": "HCL Compass es vulnerable a la falta de seguridad en la carga de archivos. Un atacante podr\u00eda cargar archivos que contengan c\u00f3digo activo que pueda ser ejecutado por el servidor o por el navegador web de un usuario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@hcl.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.0",
+ "versionEndIncluding": "2.0.3",
+ "matchCriteriaId": "165427EA-5DFF-4A41-B983-4729032F0B61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.2.0",
+ "versionEndExcluding": "2.2.3",
+ "matchCriteriaId": "E6F50039-8D68-43FC-B45C-8FF9187A8244"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:2.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC1BF706-4767-4FEB-81A5-E498DEDAC90C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107510",
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37503.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37503.json
new file mode 100644
index 00000000000..4c9c1d4afd1
--- /dev/null
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37503.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-37503",
+ "sourceIdentifier": "psirt@hcl.com",
+ "published": "2023-10-19T03:15:08.163",
+ "lastModified": "2023-10-25T10:14:41.613",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the password and gain access to user accounts.\n"
+ },
+ {
+ "lang": "es",
+ "value": "HCL Compass es vulnerable a requisitos de contrase\u00f1a inseguros. Un atacante podr\u00eda adivinar f\u00e1cilmente la contrase\u00f1a y obtener acceso a las cuentas de usuario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@hcl.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-521"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.0",
+ "versionEndIncluding": "2.0.3",
+ "matchCriteriaId": "165427EA-5DFF-4A41-B983-4729032F0B61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.2.0",
+ "versionEndExcluding": "2.2.3",
+ "matchCriteriaId": "E6F50039-8D68-43FC-B45C-8FF9187A8244"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:2.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC1BF706-4767-4FEB-81A5-E498DEDAC90C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107512",
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37504.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37504.json
new file mode 100644
index 00000000000..1db4cdabd2d
--- /dev/null
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37504.json
@@ -0,0 +1,113 @@
+{
+ "id": "CVE-2023-37504",
+ "sourceIdentifier": "psirt@hcl.com",
+ "published": "2023-10-19T01:15:08.117",
+ "lastModified": "2023-10-25T10:15:03.807",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "HCL Compass is vulnerable to failure to invalidate sessions. The application does not invalidate authenticated sessions when the log out functionality is called. \u00a0If the session identifier can be discovered, it could be replayed to the application and used to impersonate the user.\n"
+ },
+ {
+ "lang": "es",
+ "value": "HCL Compass es vulnerable a no invalidar las sesiones. La aplicaci\u00f3n no invalida las sesiones autenticadas cuando se llama a la funci\u00f3n de cierre de sesi\u00f3n. Si se puede descubrir el identificador de sesi\u00f3n, podr\u00eda reproducirse en la aplicaci\u00f3n y usarse para hacerse pasar por el usuario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 2.5
+ },
+ {
+ "source": "psirt@hcl.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 4.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-613"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.0.0",
+ "versionEndIncluding": "2.0.3",
+ "matchCriteriaId": "165427EA-5DFF-4A41-B983-4729032F0B61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.2.0",
+ "versionEndExcluding": "2.2.3",
+ "matchCriteriaId": "E6F50039-8D68-43FC-B45C-8FF9187A8244"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:hcl_compass:2.1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC1BF706-4767-4FEB-81A5-E498DEDAC90C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107511",
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37532.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37532.json
new file mode 100644
index 00000000000..1fa7b450e2e
--- /dev/null
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37532.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-37532",
+ "sourceIdentifier": "psirt@hcl.com",
+ "published": "2023-10-23T17:15:08.450",
+ "lastModified": "2023-10-23T18:18:33.750",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.\n"
+ },
+ {
+ "lang": "es",
+ "value": "El servidor HCL Commerce Remote Store podr\u00eda permitir que un atacante remoto, utilizando una URL especialmente manipulada, lea archivos arbitrarios en el system."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "psirt@hcl.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108094",
+ "source": "psirt@hcl.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37536.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37536.json
index eda592c58b8..af94af745cc 100644
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37536.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37536.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-37536",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T07:15:10.580",
- "lastModified": "2023-10-11T12:54:12.883",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-23T04:15:11.837",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,60 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:3.2.3:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D12DE323-B495-4294-B491-D18A2134D3E3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "9.0.0",
+ "versionEndExcluding": "9.5.23",
+ "matchCriteriaId": "C944AE77-DEF5-4AF7-A900-F82CB023F5FD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:bigfix_platform:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "10.0.0",
+ "versionEndExcluding": "10.0.10",
+ "matchCriteriaId": "5D9C29D2-7B7C-4040-9451-BAB1FB5E4D28"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
- "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791",
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/",
"source": "psirt@hcl.com"
+ },
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791",
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37537.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37537.json
new file mode 100644
index 00000000000..adad2248216
--- /dev/null
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37537.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-37537",
+ "sourceIdentifier": "psirt@hcl.com",
+ "published": "2023-10-17T15:15:10.953",
+ "lastModified": "2023-10-24T20:39:25.043",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. \n"
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de ruta de servicio no citada en HCL AppScan Presence, implementada como un servicio de Windows en HCL AppScan on Cloud (ASoC), puede permitir que un atacante local obtenga privilegios elevados."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "psirt@hcl.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-428"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:appscan_presence:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.1.37",
+ "matchCriteriaId": "0A9D8BFA-DD07-4B30-88DE-C3576BBBEDBB"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108018",
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37538.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37538.json
index adf86194db8..0fcca8456f1 100644
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37538.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37538.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-37538",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-10-11T13:15:09.557",
- "lastModified": "2023-10-11T14:23:06.207",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T16:40:26.580",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\n"
+ },
+ {
+ "lang": "es",
+ "value": "HCL Digital Experience es susceptible a Cross-Site Scripting (XSS). Un subcomponente es vulnerable al XSS reflejado. En XSS reflejado, un atacante debe inducir a la v\u00edctima a hacer click en una URL manipulada desde alg\u00fan mecanismo de entrega (correo electr\u00f3nico, otro sitio web)."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -34,10 +58,53 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:digital_experience:8.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C66F09E2-2B02-4968-AEE7-7AC61F49E770"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:digital_experience:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "48F32E9E-34AA-4009-AE1E-593D37CAD690"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:digital_experience:9.5:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E62500C2-18E4-437C-952C-5012C52B2888"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108006",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37635.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37635.json
new file mode 100644
index 00000000000..42acd19711b
--- /dev/null
+++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37635.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-37635",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T21:15:08.757",
+ "lastModified": "2023-10-24T12:45:02.747",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application."
+ },
+ {
+ "lang": "es",
+ "value": "UVDesk Community Skeleton v1.1.1 permite a atacantes no autenticados realizar ataques de fuerza bruta en la p\u00e1gina de inicio de sesi\u00f3n para obtener acceso a la aplicaci\u00f3n."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-37635-login-bruteforce/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json
new file mode 100644
index 00000000000..b4274b51483
--- /dev/null
+++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37636.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-37636",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-23T21:15:08.800",
+ "lastModified": "2023-10-24T12:45:02.747",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenada en UVDesk Community Skeleton v1.1.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado que se inyecta en el campo Mensaje al crear un ticket."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting/",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37744.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37744.json
index dc60ea3ea21..52e25e55b70 100644
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37744.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37744.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-37744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T16:15:09.163",
- "lastModified": "2023-07-21T15:09:47.617",
+ "lastModified": "2023-10-18T15:32:55.333",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:maid_hiring_management_system_project:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "DDE79296-E232-4F02-AF0D-9EB087E31689"
+ "criteria": "cpe:2.3:a:anujkumar:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81E4116-3C7C-4A40-A247-E9ADCE473738"
}
]
}
diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37745.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37745.json
index 8b7bae49ce1..85d0389fe18 100644
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37745.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37745.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-37745",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T16:15:09.217",
- "lastModified": "2023-07-21T14:48:36.520",
+ "lastModified": "2023-10-18T15:17:12.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -55,8 +55,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:maid_hiring_management_system_project:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "DDE79296-E232-4F02-AF0D-9EB087E31689"
+ "criteria": "cpe:2.3:a:anujkumar:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81E4116-3C7C-4A40-A247-E9ADCE473738"
}
]
}
diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37746.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37746.json
index 920e8039c5a..8ec867b2675 100644
--- a/CVE-2023/CVE-2023-377xx/CVE-2023-37746.json
+++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37746.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-37746",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T17:15:09.340",
- "lastModified": "2023-07-21T15:03:32.790",
+ "lastModified": "2023-10-18T15:19:56.723",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -59,8 +59,8 @@
"cpeMatch": [
{
"vulnerable": true,
- "criteria": "cpe:2.3:a:maid_hiring_management_system_project:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
- "matchCriteriaId": "DDE79296-E232-4F02-AF0D-9EB087E31689"
+ "criteria": "cpe:2.3:a:anujkumar:maid_hiring_management_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C81E4116-3C7C-4A40-A247-E9ADCE473738"
}
]
}
diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37824.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37824.json
new file mode 100644
index 00000000000..3a5bb4f8cc3
--- /dev/null
+++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37824.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2023-37824",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-20T20:15:09.367",
+ "lastModified": "2023-10-28T03:47:39.197",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 que Sitolog sitologapplicationconnect v7.8.a y anteriores conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /activate_hook.php."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "cve@mitre.org",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:sitolog:sitolog_application_connect:*:*:*:*:*:prestashop:*:*",
+ "versionEndIncluding": "7.8.a",
+ "matchCriteriaId": "5D31D88F-9B95-4C22-BCF5-C6785E3A40EE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.friendsofpresta.org/modules/2023/10/11/sitologapplicationconnect.html",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37908.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37908.json
new file mode 100644
index 00000000000..c3ba890bd17
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37908.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-37908",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.333",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Rendering es un sistema de renderizado gen\u00e9rico que convierte la entrada de texto en una sintaxis determinada en otra sintaxis. La limpieza de atributos durante la representaci\u00f3n XHTML, introducida en la versi\u00f3n 14.6-rc-1, permiti\u00f3 la inyecci\u00f3n de c\u00f3digo HTML arbitrario y, por lo tanto, Cross-Site Scripting (XSS) a trav\u00e9s de nombres de atributos no v\u00e1lidos. Esto se puede explotar, por ejemplo, a trav\u00e9s de la sintaxis de enlace en cualquier contenido que admita la sintaxis XWiki, como comentarios en XWiki. Cuando un usuario mueve el mouse sobre un enlace malicioso, el c\u00f3digo JavaScript malicioso se ejecuta en el contexto de la sesi\u00f3n del usuario. Cuando este usuario es un usuario privilegiado que tiene derechos de programaci\u00f3n, esto permite la ejecuci\u00f3n de c\u00f3digo del lado del servidor con derechos de programaci\u00f3n, lo que afecta la confidencialidad, integridad y disponibilidad de la instancia de XWiki. Si bien este atributo se reconoci\u00f3 correctamente como no permitido, a\u00fan as\u00ed se imprimi\u00f3 con un prefijo `data-xwiki-translated-attribute-` sin m\u00e1s limpieza o validaci\u00f3n. Este problema se solucion\u00f3 en XWiki 14.10.4 y 15.0 RC1 eliminando caracteres no permitidos en los atributos de datos y luego validando el atributo limpio nuevamente. No se conocen workarounds aparte de actualizar a una versi\u00f3n que incluya la soluci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-83"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/xwiki/xwiki-rendering/commit/f4d5acac451dccaf276e69f0b49b72221eef5d2f",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-663w-2xp3-5739",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-6gf5-c898-7rxp",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XRENDERING-697",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37909.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37909.json
new file mode 100644
index 00000000000..c4e082df474
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37909.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-37909",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.407",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. A partir de la versi\u00f3n 5.1-rc-1 y antes de las versiones 14.10.8 y 15.3-rc-1, cualquier usuario que pueda editar su propio perfil de usuario puede ejecutar macros de script arbitrarias, incluidas macros Groovy y Python, que permiten la ejecuci\u00f3n remota de c\u00f3digo, incluida la lectura y visualizaci\u00f3n sin restricciones. acceso de escritura a todos los contenidos de la wiki. Esto se ha parcheado en XWiki 14.10.8 y 15.3-rc-1 agregando un escape adecuado. Como workaround, el parche se puede aplicar manualmente al documento `Menu.UIExtensionSheet`; s\u00f3lo es necesario cambiar tres l\u00edneas."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-95"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20746",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37910.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37910.json
new file mode 100644
index 00000000000..cdcb5cad3eb
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37910.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-37910",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.477",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. A partir de la introducci\u00f3n de la compatibilidad con el movimiento de archivos adjuntos en la versi\u00f3n 14.0-rc-1 y antes de las versiones 14.4.8, 14.10.4 y 15.0-rc-1, un atacante con acceso de edici\u00f3n a cualquier documento (puede ser el perfil de usuario que est\u00e1 editable de forma predeterminada) puede mover cualquier archivo adjunto de cualquier otro documento a este documento controlado por el atacante. Esto permite al atacante acceder y posiblemente publicar cualquier archivo adjunto cuyo nombre se conozca, independientemente de si el atacante tiene derechos de visualizaci\u00f3n o edici\u00f3n sobre el documento fuente de este archivo adjunto. Adem\u00e1s, el archivo adjunto se elimina del documento fuente. Esta vulnerabilidad ha sido parcheada en XWiki 14.4.8, 14.10.4 y 15.0 RC1. No existe otro workaround aparte de actualizar a una versi\u00f3n fija."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20334",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37911.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37911.json
new file mode 100644
index 00000000000..bce541651c7
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37911.json
@@ -0,0 +1,79 @@
+{
+ "id": "CVE-2023-37911",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.543",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. A partir de la versi\u00f3n 9.4-rc-1 y anteriores a las versiones 14.10.8 y 15.3-rc-1, cuando un documento se elimina y se vuelve a crear, es posible que los usuarios con derecho de visualizaci\u00f3n en el documento recreado pero no en el documento eliminado para ver el contenido del documento eliminado. Esta situaci\u00f3n podr\u00eda surgir cuando se agregaron derechos al documento eliminado. Esto se puede explotar a trav\u00e9s de la funci\u00f3n de diferenciaci\u00f3n y, parcialmente, a trav\u00e9s de la API REST mediante el uso de versiones como `deleted:1` (donde el n\u00famero cuenta las eliminaciones en la wiki y, por lo tanto, se puede adivinar). Con derechos suficientes, el atacante tambi\u00e9n puede volver a crear el documento eliminado, ampliando as\u00ed el alcance a cualquier documento eliminado siempre que el atacante tenga derecho de edici\u00f3n en la ubicaci\u00f3n del documento eliminado. Esta vulnerabilidad se ha solucionado en XWiki 14.10.8 y 15.3 RC1 comprobando correctamente los derechos cuando se accede a revisiones eliminadas de un documento. El \u00fanico workaround es limpiar peri\u00f3dicamente los documentos eliminados para minimizar la posible exposici\u00f3n. Se debe tener especial cuidado al eliminar documentos confidenciales que est\u00e1n protegidos individualmente (y no, por ejemplo, al colocarlos en un espacio protegido) o al eliminar un espacio protegido en su totalidad."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-668"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20684",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20685",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20817",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37912.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37912.json
new file mode 100644
index 00000000000..934a99c9b5e
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37912.json
@@ -0,0 +1,67 @@
+{
+ "id": "CVE-2023-37912",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.613",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Rendering es un sistema de renderizado gen\u00e9rico que convierte la entrada de texto en una sintaxis determinada en otra sintaxis. Antes de la versi\u00f3n 14.10.6 de `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` y `org.xwiki.platform:xwiki-rendering-macro-footnotes` y antes de la versi\u00f3n 15.1-rc-1 de `org.xwiki.platform:xwiki-rendering-macro-footnotes`, la macro de nota al pie ejecut\u00f3 su contenido en un contexto potencialmente diferente a aquel en el que se defini\u00f3. En particular, en combinaci\u00f3n con la macro de inclusi\u00f3n, esto permite escalar privilegios desde una simple cuenta de usuario en XWiki hasta derechos de programaci\u00f3n y, por lo tanto, ejecuci\u00f3n remota de c\u00f3digo, lo que afecta la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.6 y 15.1-rc-1. No existe otro workaround aparte de actualizar a una versi\u00f3n fija de la macro de notas al pie."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-270"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XRENDERING-688",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json
new file mode 100644
index 00000000000..1a0512136c4
--- /dev/null
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37913.json
@@ -0,0 +1,71 @@
+{
+ "id": "CVE-2023-37913",
+ "sourceIdentifier": "security-advisories@github.com",
+ "published": "2023-10-25T18:17:28.687",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter."
+ },
+ {
+ "lang": "es",
+ "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. A partir de la versi\u00f3n 3.5-milestone-1 y antes de las versiones 14.10.8 y 15.3-rc-1, activar el convertidor de Office con un nombre de archivo especialmente manipulado permite escribir el contenido del archivo adjunto en una ubicaci\u00f3n controlada por el atacante en el servidor siempre que el proceso Java tiene acceso de escritura a esa ubicaci\u00f3n. En particular, en la combinaci\u00f3n con el movimiento de archivos adjuntos, una caracter\u00edstica introducida en XWiki 14.0, esto es f\u00e1cil de reproducir pero tambi\u00e9n es posible reproducir en versiones tan antiguas como XWiki 3.5 cargando el archivo adjunto a trav\u00e9s de la API REST que no elimina `/` o `\\` del nombre del archivo. Como el tipo mime del archivo adjunto no importa para la explotaci\u00f3n, esto podr\u00eda usarse, por ejemplo, para reemplazar el archivo `jar` por una extensi\u00f3n que permitir\u00eda ejecutar c\u00f3digo Java arbitrario y, por lo tanto, afectar\u00eda la confidencialidad, integridad y disponibilidad de la instalaci\u00f3n de XWiki. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.8 y 15.3RC1. No se conocen workarounds aparte de desactivar el convertidor de Office."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.9,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "security-advisories@github.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-23"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m",
+ "source": "security-advisories@github.com"
+ },
+ {
+ "url": "https://jira.xwiki.org/browse/XWIKI-20715",
+ "source": "security-advisories@github.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json
index 6934b67c56f..ee4c81b1835 100644
--- a/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37988.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-37988",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-08-10T11:15:12.427",
- "lastModified": "2023-10-03T18:15:10.247",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T20:27:48.007",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -87,7 +87,12 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174896/WordPress-Contact-Form-Generator-2.5.5-Cross-Site-Scripting.html",
- "source": "audit@patchstack.com"
+ "source": "audit@patchstack.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://patchstack.com/database/vulnerability/contact-form-generator/wordpress-contact-form-generator-plugin-2-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3706.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3706.json
index 8145b2d0eae..212a025d90a 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3706.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3706.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3706",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.780",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:56:56.103",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,7 +14,30 @@
"value": "El complemento ActivityPub de WordPress anterior a 1.0.0 no garantiza que los t\u00edtulos de las publicaciones que se mostrar\u00e1n sean p\u00fablicos y pertenezcan al complemento, lo que permite a cualquier usuario autenticado, como un suscriptor, recuperar el t\u00edtulo de una publicaci\u00f3n arbitraria (como borrador y privada) a trav\u00e9s de un IDOR vector"
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -27,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.0.0",
+ "matchCriteriaId": "78ADABE4-21BE-4F20-BE6D-BB12EDBCD26F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/daa4d93a-f8b1-4809-a18e-8ab63a05de5a",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3707.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3707.json
index 0b7af6eb3bb..4dbb1272678 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3707.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3707.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3707",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:14.883",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:57:04.757",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,7 +14,30 @@
"value": "El complemento ActivityPub de WordPress anterior a 1.0.0 no garantiza que los contenidos de las publicaciones que se mostrar\u00e1n sean p\u00fablicos y pertenezcan al complemento, lo que permite a cualquier usuario autenticado, como un suscriptor, recuperar el contenido de una publicaci\u00f3n arbitraria (como borrador y privada) a trav\u00e9s de un IDOR vector. Las publicaciones protegidas con contrase\u00f1a no se ven afectadas por este problema."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -27,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.0.0",
+ "matchCriteriaId": "78ADABE4-21BE-4F20-BE6D-BB12EDBCD26F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/541bbe4c-3295-4073-901d-763556269f48",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3746.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3746.json
index ff4904a2737..22038bf74df 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3746.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3746.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3746",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-10-16T20:15:15.010",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T17:57:14.660",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,7 +14,30 @@
"value": "El complemento ActivityPub de WordPress anterior a 1.0.0 no sanitiza ni escapa algunos datos del contenido de la publicaci\u00f3n, lo que podr\u00eda permitir que el colaborador y el rol superior realicen ataques de Cross-Site Scripting almacenados."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ }
+ ]
+ },
"weaknesses": [
{
"source": "contact@wpscan.com",
@@ -27,10 +50,32 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:automattic:activitypub:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "1.0.0",
+ "matchCriteriaId": "78ADABE4-21BE-4F20-BE6D-BB12EDBCD26F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/c15a6032-6495-47a8-828c-37e55ed9665a",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json
index 169f83f57bd..47684b98e2b 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3772.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3772",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-25T16:15:11.660",
- "lastModified": "2023-09-10T12:15:48.350",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:43:04.247",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -116,16 +116,45 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/10/1",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/10/3",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3772",
@@ -142,9 +171,20 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5492",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json
index f155023ebec..a5e44184d6b 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3773.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3773",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-25T16:15:11.733",
- "lastModified": "2023-09-10T12:15:53.767",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-29T02:43:12.200",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -116,6 +116,26 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -134,9 +154,20 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5492",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json
index f843a3a180d..535d81c36e8 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3776.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3776",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-07-21T21:15:11.973",
- "lastModified": "2023-10-11T19:15:10.583",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-26T18:09:58.733",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -98,12 +98,41 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f",
@@ -122,13 +151,27 @@
"Vendor Advisory"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3777.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3777.json
index bc68f7a6756..d8cdd4e46e7 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3777.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3777.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3777",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-09-06T14:15:10.860",
- "lastModified": "2023-10-11T19:15:10.677",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-24T15:01:41.440",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -118,12 +118,51 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
+ "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
+ "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE"
+ }
+ ]
+ }
+ ]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html",
- "source": "cve-coordination@google.com"
+ "source": "cve-coordination@google.com",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8",
diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3781.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3781.json
index 23c6b659632..90abe3b9578 100644
--- a/CVE-2023/CVE-2023-37xx/CVE-2023-3781.json
+++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3781.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-3781",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2023-10-11T21:15:09.733",
- "lastModified": "2023-10-11T22:13:59.567",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-18T01:58:47.227",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "Existe una posible escritura de use-after-free debido a un bloqueo inadecuado. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-667"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2023-10-01",
- "source": "dsap-vuln-management@google.com"
+ "source": "dsap-vuln-management@google.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json
new file mode 100644
index 00000000000..0115d420689
--- /dev/null
+++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38041.json
@@ -0,0 +1,47 @@
+{
+ "id": "CVE-2023-38041",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-25T18:17:28.757",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system."
+ },
+ {
+ "lang": "es",
+ "value": "Un usuario que haya iniciado sesi\u00f3n puede elevar sus permisos abusando de una condici\u00f3n de ejecuci\u00f3n de Tiempo de Check a Tiempo de Uso (TOCTOU). Cuando se inicia un flujo de proceso particular, un atacante puede aprovechar esta condici\u00f3n para obtener privilegios elevados no autorizados en el sistema afectado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV30": [
+ {
+ "source": "support@hackerone.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://forums.ivanti.com/s/article/CVE-2023-38041-New-client-side-release-to-address-a-privilege-escalation-on-Windows-user-machines?language=en_US",
+ "source": "support@hackerone.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38059.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38059.json
index 211b1996055..20aa636f482 100644
--- a/CVE-2023/CVE-2023-380xx/CVE-2023-38059.json
+++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38059.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-38059",
"sourceIdentifier": "security@otrs.com",
"published": "2023-10-16T09:15:10.243",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T17:42:44.373",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La carga de im\u00e1genes externas no se bloquea, incluso si est\u00e1 configurada, si el atacante utiliza una URL relativa al protocolo en el payload. Esto se puede utilizar para recuperar la IP del usuario. Este problema afecta a OTRS: desde 7.0.X anterior a 7.0.47, desde 8.0.X anterior a 8.0.37; ((OTRS)) Community Edition: desde la versi\u00f3n 6.0.X hasta la 6.0.34."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
{
"source": "security@otrs.com",
"type": "Secondary",
@@ -35,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "security@otrs.com",
"type": "Secondary",
@@ -46,10 +80,46 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*",
+ "versionStartIncluding": "6.0.0",
+ "versionEndIncluding": "6.0.34",
+ "matchCriteriaId": "F933EBB8-2E51-4E24-BB9E-64FBE0FCBFDB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.0.0",
+ "versionEndExcluding": "7.0.47",
+ "matchCriteriaId": "B1C07539-E637-4A14-97EE-9FE4CB60644F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "8.0.0",
+ "versionEndExcluding": "8.0.37",
+ "matchCriteriaId": "400DD972-B06D-44C6-BD88-737BA162B3E1"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-08/",
- "source": "security@otrs.com"
+ "source": "security@otrs.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38127.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38127.json
new file mode 100644
index 00000000000..b8e5a5ad47b
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38127.json
@@ -0,0 +1,207 @@
+{
+ "id": "CVE-2023-38127",
+ "sourceIdentifier": "talos-cna@cisco.com",
+ "published": "2023-10-19T18:15:09.467",
+ "lastModified": "2023-10-25T14:28:34.877",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An integer overflow exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe un desbordamiento de enteros en el analizador de flujo \"HyperLinkFrame\" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede hacer que el analizador realice una asignaci\u00f3n de tama\u00f1o insuficiente, lo que posteriormente puede permitir la corrupci\u00f3n de la memoria, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-190"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1808",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38128.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38128.json
new file mode 100644
index 00000000000..1a60e7585fa
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38128.json
@@ -0,0 +1,215 @@
+{
+ "id": "CVE-2023-38128",
+ "sourceIdentifier": "talos-cna@cisco.com",
+ "published": "2023-10-19T18:15:09.560",
+ "lastModified": "2023-10-25T14:05:11.827",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An out-of-bounds write vulnerability exists in the \"HyperLinkFrame\" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Existe una vulnerabilidad de escritura fuera de l\u00edmites en el analizador de flujo \"HyperLinkFrame\" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar confusi\u00f3n de tipos, lo que puede provocar da\u00f1os en la memoria y, finalmente, la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "talos-cna@cisco.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-843"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:easy_postcard_max:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D68E98B0-38CA-4148-825D-CF7C8AABB5BE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2021:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1755383C-2B74-4DD7-9C9B-DB19C12CA94D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2022:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1274E0AB-BDE0-45FB-B3A2-522E3AE4E41A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_2023:1.0.1.59372:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15B1DC82-380D-4CF4-AF35-4AF2A1CBF778"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7A1C403A-6787-4347-AF6F-69F225944011"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_8:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E401B098-6551-4101-9906-19C2AB7A5504"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_government_9:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "65A56D02-7438-4319-BFD1-64FB11BC758C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "36AE4633-5418-4009-B51D-4A1F542B1A88"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "21A4F85C-EA95-4853-9A8C-C3C9142243A8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:ichitaro_pro_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "76FAE0E6-1037-45AC-A277-8F32338A50AD"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "552D41EF-A5DB-4ED0-B404-FF2649969B11"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "1F61D3C1-0011-4D78-83F8-2349D46AFE59"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_government_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FC99A5A2-32B0-4F38-A2B1-FAC50A05FBEF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7814DB96-4078-47B8-93B2-5066029B6F65"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0D8E2A1A-7C06-491F-8A28-BE70EFCDDFFF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_office_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DD6F3523-7059-4591-9D04-97D287128D6E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_3:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5ED46089-ED5B-4314-B079-A8932377475E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_4:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C3B6B97E-B202-4B1F-9B81-367CB7172DEB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:justsystems:just_police_5:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6B5D80C5-5821-416E-A3E3-ADC7F221B093"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://jvn.jp/en/jp/JVN28846531/index.html",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1809",
+ "source": "talos-cna@cisco.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38169.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38169.json
index 7bb43768f9a..4e0f5ea3c60 100644
--- a/CVE-2023/CVE-2023-381xx/CVE-2023-38169.json
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38169.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-38169",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-08-08T18:15:22.267",
- "lastModified": "2023-08-10T20:40:02.710",
+ "lastModified": "2023-10-24T17:27:34.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
@@ -203,11 +203,6 @@
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7339F59F-31A7-4D03-B081-5C76C49F357A"
},
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.3.1:*:*:*:*:*:*:*",
- "matchCriteriaId": "7F536A7A-9E9C-4F3C-A861-B1ECEC25A00C"
- },
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*",
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38190.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38190.json
new file mode 100644
index 00000000000..f25f29f04d9
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38190.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2023-38190",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-21T01:15:07.907",
+ "lastModified": "2023-10-28T03:46:57.377",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en SuperWebMailer 9.00.0.01710. Permite exportar inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de tama\u00f1o."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B48093A-AD48-46E4-9838-2CA4FBC9D5E0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/usd-2023-0014/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38191.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38191.json
new file mode 100644
index 00000000000..afeac02df61
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38191.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2023-38191",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-20T22:15:10.597",
+ "lastModified": "2023-10-27T21:44:41.353",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en SuperWebMailer 9.00.0.01710. Permite spamtest_external.php XSS a trav\u00e9s de un nombre de archivo manipulado."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B48093A-AD48-46E4-9838-2CA4FBC9D5E0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/usd-2023-0012/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38192.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38192.json
new file mode 100644
index 00000000000..56ffbe86b3a
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38192.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2023-38192",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-21T01:15:07.953",
+ "lastModified": "2023-10-28T03:46:20.463",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en SuperWebMailer 9.00.0.01710. Permite superadmincreate.php XSS a trav\u00e9s de contrase\u00f1as incorrectas manipuladas."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B48093A-AD48-46E4-9838-2CA4FBC9D5E0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/usd-2023-0011/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38193.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38193.json
new file mode 100644
index 00000000000..e5fb3ac80d6
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38193.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2023-38193",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-21T01:15:08.000",
+ "lastModified": "2023-10-28T03:45:50.750",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en SuperWebMailer 9.00.0.01710. Permite la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de una l\u00ednea de comando de sendmail manipulada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-77"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B48093A-AD48-46E4-9838-2CA4FBC9D5E0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://herolab.usd.de/en/security-advisories/usd-2023-0015/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-381xx/CVE-2023-38194.json b/CVE-2023/CVE-2023-381xx/CVE-2023-38194.json
new file mode 100644
index 00000000000..013740c3ef2
--- /dev/null
+++ b/CVE-2023/CVE-2023-381xx/CVE-2023-38194.json
@@ -0,0 +1,87 @@
+{
+ "id": "CVE-2023-38194",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-21T01:15:08.047",
+ "lastModified": "2023-10-28T03:46:10.970",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en SuperWebMailer 9.00.0.01710. Permite keepalive.php XSS a trav\u00e9s de un par\u00e1metro GET."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:superwebmailer:superwebmailer:9.00.0.01710:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0B48093A-AD48-46E4-9838-2CA4FBC9D5E0"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://herolab.usd.de/security-advisories/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://herolab.usd.de/security-advisories/usd-2023-0013/",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json
index 90933a978b6..c4eafbce89a 100644
--- a/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json
+++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38218.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-38218",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-10-13T07:15:40.047",
- "lastModified": "2023-10-14T01:47:06.707",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-25T18:17:28.803",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
- "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation."
+ "value": "Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation."
+ },
+ {
+ "lang": "es",
+ "value": "Las versiones de Adobe Commerce 2.4.7-beta1 (y anteriores), 2.4.6-p2 (y anteriores), 2.4.5-p4 (y anteriores) y 2.4.4-p5 (y anteriores) se ven afectadas por una Autorizaci\u00f3n Incorrecta. Un atacante autenticado puede aprovechar esto para lograr exposici\u00f3n de informaci\u00f3n y escalada de privilegios."
}
],
"metrics": {
@@ -36,22 +40,22 @@
},
"weaknesses": [
{
- "source": "nvd@nist.gov",
+ "source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
- "value": "CWE-639"
+ "value": "CWE-863"
}
]
},
{
- "source": "psirt@adobe.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
- "value": "CWE-20"
+ "value": "CWE-639"
}
]
}
diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38275.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38275.json
new file mode 100644
index 00000000000..fff10b65f85
--- /dev/null
+++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38275.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-38275",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-22T01:15:08.887",
+ "lastModified": "2023-10-27T19:33:05.517",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone informaci\u00f3n confidencial en im\u00e1genes de contenedores que podr\u00edan provocar m\u00e1s ataques contra el system. ID de IBM X-Force: 260730."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cognos_dashboards_on_cloud_pak_for_data:4.7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "83B9126A-A851-4AF1-B2BD-E6EEB36DC22A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260735",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7031207",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38276.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38276.json
new file mode 100644
index 00000000000..69d63d3d2a4
--- /dev/null
+++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38276.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-38276",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-22T02:15:07.533",
+ "lastModified": "2023-10-27T19:32:30.057",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 expone informaci\u00f3n confidencial en variables de entorno que podr\u00edan ayudar en futuros ataques contra el system. ID de IBM X-Force: 260736."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-319"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cognos_dashboards_on_cloud_pak_for_data:4.7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "83B9126A-A851-4AF1-B2BD-E6EEB36DC22A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260736",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7031207",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json
index c2c3319e39f..7c41990d9ce 100644
--- a/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json
+++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38280.json
@@ -2,16 +2,40 @@
"id": "CVE-2023-38280",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T02:15:47.757",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T17:41:44.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740."
+ },
+ {
+ "lang": "es",
+ "value": "IBM HMC (Hardware Management Console) 10.1.1010.0 y 10.2.1030.0 podr\u00eda permitir a un usuario local escalar sus privilegios al acceso root en un shell restringido. ID de IBM X-Force: 260740."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -34,14 +58,56 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:hardware_management_console:10.1.1010.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C22A3289-99CC-4B5B-BFC2-9D74B0D9AE4C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:hardware_management_console:10.2.1030.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "47B6C836-94F8-4436-BC18-EC7ABB82148B"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/260740",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047713",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38312.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38312.json
index da663231587..4618f7d9d20 100644
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38312.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38312.json
@@ -2,19 +2,78 @@
"id": "CVE-2023-38312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-15T19:15:09.397",
- "lastModified": "2023-10-16T11:58:00.980",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:18:26.410",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable."
+ },
+ {
+ "lang": "es",
+ "value": "Una vulnerabilidad de cruce de directorio en Valve Counter-Strike 8684 permite a un cliente (con acceso de control remoto a un servidor de juegos) leer archivos arbitrarios del servidor subyacente a trav\u00e9s de la variable de consola motdfile."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:valvesoftware:counter-strike:8684:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C69CF3D9-09FE-4E38-BA45-288024A57189"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38328.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38328.json
new file mode 100644
index 00000000000..f4c6545415e
--- /dev/null
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38328.json
@@ -0,0 +1,24 @@
+{
+ "id": "CVE-2023-38328",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-26T22:15:08.613",
+ "lastModified": "2023-10-27T12:41:08.827",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password."
+ },
+ {
+ "lang": "es",
+ "value": "Se descubri\u00f3 un problema en eGroupWare 17.1.20190111. Una vulnerabilidad de almacenamiento de contrase\u00f1as incorrectas afecta el panel de configuraci\u00f3n en setup/manageheader.php, lo que permite a atacantes remotos autenticados con credenciales de administrador leer una contrase\u00f1a de base de datos en texto plano."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://www.gruppotim.it/it/footer/red-team.html",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38403.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38403.json
index 58087396e45..ebb7ee81764 100644
--- a/CVE-2023/CVE-2023-384xx/CVE-2023-38403.json
+++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38403.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-38403",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T21:15:09.800",
- "lastModified": "2023-08-18T14:15:28.227",
+ "lastModified": "2023-10-26T00:15:10.167",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -112,6 +112,14 @@
}
],
"references": [
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Oct/24",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2023/Oct/26",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://bugs.debian.org/1040830",
"source": "cve@mitre.org",
@@ -175,6 +183,14 @@
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0016/",
"source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213984",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://support.apple.com/kb/HT213985",
+ "source": "cve@mitre.org"
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json
new file mode 100644
index 00000000000..822983ee66c
--- /dev/null
+++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38545.json
@@ -0,0 +1,90 @@
+{
+ "id": "CVE-2023-38545",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-18T04:15:11.077",
+ "lastModified": "2023-10-28T03:15:08.207",
+ "vulnStatus": "Modified",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy\nhandshake.\n\nWhen curl is asked to pass along the host name to the SOCKS5 proxy to allow\nthat to resolve the address instead of it getting done by curl itself, the\nmaximum length that host name can be is 255 bytes.\n\nIf the host name is detected to be longer, curl switches to local name\nresolving and instead passes on the resolved address only. Due to this bug,\nthe local variable that means \"let the host resolve the name\" could get the\nwrong value during a slow SOCKS5 handshake, and contrary to the intention,\ncopy the too long host name to the target buffer instead of copying just the\nresolved address there.\n\nThe target buffer being a heap based buffer, and the host name coming from the\nURL that curl has been told to operate with.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Esta falla hace que curl desborde un b\u00fafer basado en el protocolo de enlace del proxy SOCKS5. Cuando se le pide a curl que pase el nombre de host al proxy SOCKS5 para permitir que resuelva la direcci\u00f3n en lugar de que lo haga curl mismo, la longitud m\u00e1xima que puede tener el nombre de host es 255 bytes. Si se detecta que el nombre de host es m\u00e1s largo, curl cambia a la resoluci\u00f3n de nombres local y en su lugar pasa solo la direcci\u00f3n resuelta. Debido a este error, la variable local que significa \"dejar que el host resuelva el nombre\" podr\u00eda obtener el valor incorrecto durante un protocolo de enlace SOCKS5 lento y, contrariamente a la intenci\u00f3n, copiar el nombre del host demasiado largo al b\u00fafer de destino en lugar de copiar solo la direcci\u00f3n resuelta all\u00ed. El b\u00fafer de destino es un b\u00fafer basado en mont\u00f3n y el nombre de host proviene de la URL con la que se le ha dicho a curl que opere."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.69.0",
+ "versionEndExcluding": "8.4.0",
+ "matchCriteriaId": "CDB9B842-1D18-4026-B62C-EEBF6F97C908"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://curl.se/docs/CVE-2023-38545.html",
+ "source": "support@hackerone.com",
+ "tags": [
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0009/",
+ "source": "support@hackerone.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json
new file mode 100644
index 00000000000..bc88d9f8a3b
--- /dev/null
+++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38546.json
@@ -0,0 +1,86 @@
+{
+ "id": "CVE-2023-38546",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-18T04:15:11.137",
+ "lastModified": "2023-10-28T03:15:08.267",
+ "vulnStatus": "Modified",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "This flaw allows an attacker to insert cookies at will into a running program\nusing libcurl, if the specific series of conditions are met.\n\nlibcurl performs transfers. In its API, an application creates \"easy handles\"\nthat are the individual handles for single transfers.\n\nlibcurl provides a function call that duplicates en easy handle called\n[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).\n\nIf a transfer has cookies enabled when the handle is duplicated, the\ncookie-enable state is also cloned - but without cloning the actual\ncookies. If the source handle did not read any cookies from a specific file on\ndisk, the cloned version of the handle would instead store the file name as\n`none` (using the four ASCII letters, no quotes).\n\nSubsequent use of the cloned handle that does not explicitly set a source to\nload cookies from would then inadvertently load cookies from a file named\n`none` - if such a file exists and is readable in the current directory of the\nprogram using libcurl. And if using the correct file format of course.\n"
+ },
+ {
+ "lang": "es",
+ "value": "Esta falla permite a un atacante insertar cookies a voluntad en un programa en ejecuci\u00f3n usando libcurl, si se cumple una serie espec\u00edfica de condiciones. libcurl realiza transferencias. En su API, una aplicaci\u00f3n crea \"easy handles\" que son identificadores individuales para transferencias individuales. libcurl proporciona una llamada de funci\u00f3n que duplica un identificador sencillo llamado [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). Si una transferencia tiene cookies habilitadas cuando el identificador est\u00e1 duplicado, el estado de habilitaci\u00f3n de cookies tambi\u00e9n se clona, pero sin clonar las cookies reales. Si el identificador de origen no ley\u00f3 ninguna cookie de un archivo espec\u00edfico en el disco, la versi\u00f3n clonada del identificador almacenar\u00eda el nombre del archivo como \"none\" (usando las cuatro letras ASCII, sin comillas). El uso posterior del identificador clonado que no establece expl\u00edcitamente una fuente desde la cual cargar cookies cargar\u00eda inadvertidamente cookies desde un archivo llamado \"none\", si dicho archivo existe y es legible en el directorio actual del programa usando libcurl. Y si utiliza el formato de archivo correcto, por supuesto."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.7,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "7.9.1",
+ "versionEndExcluding": "8.4.0",
+ "matchCriteriaId": "9058709C-7DD0-44D7-8224-535363E103A9"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://curl.se/docs/CVE-2023-38546.html",
+ "source": "support@hackerone.com",
+ "tags": [
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/",
+ "source": "support@hackerone.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38552.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38552.json
new file mode 100644
index 00000000000..8a3a80074de
--- /dev/null
+++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38552.json
@@ -0,0 +1,104 @@
+{
+ "id": "CVE-2023-38552",
+ "sourceIdentifier": "support@hackerone.com",
+ "published": "2023-10-18T04:15:11.200",
+ "lastModified": "2023-10-26T05:15:25.183",
+ "vulnStatus": "Undergoing Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check.\nImpacts:\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x.\nPlease note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js."
+ },
+ {
+ "lang": "es",
+ "value": "Cuando la funci\u00f3n de pol\u00edtica de Node.js verifica la integridad de un recurso con un manifiesto confiable, la aplicaci\u00f3n puede interceptar la operaci\u00f3n y devolver una suma de verificaci\u00f3n falsificada a la implementaci\u00f3n de la pol\u00edtica del nodo, deshabilitando as\u00ed efectivamente la verificaci\u00f3n de integridad. Impactos: esta vulnerabilidad afecta a todos los usuarios que utilizan el mecanismo de pol\u00edtica experimental en todas las l\u00edneas de versiones activas: 18.x y 20.x. Tenga en cuenta que en el momento en que se emiti\u00f3 este CVE, el mecanismo de pol\u00edtica era una caracter\u00edstica experimental de Node.js."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-345"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "18.0.0",
+ "versionEndIncluding": "18.18.1",
+ "matchCriteriaId": "F7BFC09F-B97D-4C45-939A-6EB3B1F41850"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "20.1.0",
+ "versionEndIncluding": "20.8.0",
+ "matchCriteriaId": "30646F94-FCFC-4E0C-A791-CDAF1FB0498A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://hackerone.com/reports/2094235",
+ "source": "support@hackerone.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
+ "source": "support@hackerone.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
+ "source": "support@hackerone.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-385xx/CVE-2023-38584.json b/CVE-2023/CVE-2023-385xx/CVE-2023-38584.json
new file mode 100644
index 00000000000..056ffc929a5
--- /dev/null
+++ b/CVE-2023/CVE-2023-385xx/CVE-2023-38584.json
@@ -0,0 +1,298 @@
+{
+ "id": "CVE-2023-38584",
+ "sourceIdentifier": "ics-cert@hq.dhs.gov",
+ "published": "2023-10-19T20:15:09.047",
+ "lastModified": "2023-10-26T14:26:11.107",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\n\n\n\n\n\n\nIn Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "En el dispositivo cMT3000 HMI Web CGI de Weintek, cgi-bin command_wb.cgi contiene un desbordamiento de b\u00fafer basado en pila, que podr\u00eda permitir a un atacante an\u00f3nimo secuestrar el flujo de control y evitar la autenticaci\u00f3n de inicio de sesi\u00f3n."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "ics-cert@hq.dhs.gov",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt-fhd_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210212",
+ "matchCriteriaId": "33538560-F796-4D1D-AA52-63DB5FD817BF"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt-fhd:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A132B170-A1FC-4D38-9965-0FF47B944FD5"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt-hdm_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210206",
+ "matchCriteriaId": "52502356-D835-4468-BCA6-875177B562F8"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt-hdm:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E08E3518-A03F-486D-B67A-013F67026D78"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt3071_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210220",
+ "matchCriteriaId": "210A03BC-C9BB-4832-BDB2-2EB5E87FD13A"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt3071:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A4DE53C8-09D5-4D5E-97EE-A89E1478CD65"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt3072_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210220",
+ "matchCriteriaId": "17422509-5131-48A3-8C9A-ECA4332C33F0"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt3072:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E3F83A8D-1489-48AA-911B-5BA561A57896"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt3090_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210220",
+ "matchCriteriaId": "3E5B9225-364C-46BD-BCB4-E151923855CC"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt3090:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "79C1F694-08A2-46E7-95C2-8DFA3D64423B"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt3103_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210220",
+ "matchCriteriaId": "3651EA3F-5C3F-4893-AF82-E7FDBBAF5EAA"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt3103:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F607716E-7B7B-4620-819C-F44341B8C37F"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:weintek:cmt3151_firmware:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "20210220",
+ "matchCriteriaId": "82F72B48-B2CE-4580-B4CC-49879CA6074B"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:weintek:cmt3151:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FF5326B-5E33-4C11-9AC6-A90357078FCA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://dl.weintek.com/public/Document/TEC/TEC23005E_cMT_Web_Security_Update.pdf",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-285-12",
+ "source": "ics-cert@hq.dhs.gov",
+ "tags": [
+ "Third Party Advisory",
+ "US Government Resource"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json
index e7502793954..077e68ed7fd 100644
--- a/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38719.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-38719",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-17T00:15:10.797",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:33:59.800",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,61 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.5.8:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5512DD6A-9E57-4741-8F66-1C7AC7C6B593"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261607",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047558",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json
index f715e6f828d..b4041938f0c 100644
--- a/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38720.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-38720",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T21:15:10.720",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:05:54.967",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,98 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.5",
+ "versionEndExcluding": "11.5.8",
+ "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/261616",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38722.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38722.json
new file mode 100644
index 00000000000..34f1fc2c712
--- /dev/null
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38722.json
@@ -0,0 +1,143 @@
+{
+ "id": "CVE-2023-38722",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-23T18:15:09.940",
+ "lastModified": "2023-10-28T03:32:31.233",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0 y 6.2.2 es vulnerable a cross-site scripting almacenado. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 262174."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:essentials:*:*:*",
+ "matchCriteriaId": "3E32C714-33CB-408E-8907-FC929D751588"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.1.2:*:*:*:standard:*:*:*",
+ "matchCriteriaId": "95F70DD2-71D1-4C6F-BE21-AA2A99E46AE9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:essentials:*:*:*",
+ "matchCriteriaId": "6325F8BC-B7D6-4601-A2D1-B61D77BC227C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.0:*:*:*:standard:*:*:*",
+ "matchCriteriaId": "EEE81D1F-446F-4CA2-A2B1-3EF1298C80EC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:essentials:*:*:*",
+ "matchCriteriaId": "430CC017-4619-4C54-883E-210221268529"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:sterling_partner_engagement_manager:6.2.2:*:*:*:standard:*:*:*",
+ "matchCriteriaId": "D391DA86-9F9B-416A-9406-5003938E7BD8"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262174",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7057407",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json
index f1bf12f043c..577093b313b 100644
--- a/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38728.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-38728",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:11.957",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:34:59.273",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,165 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.5",
+ "versionEndExcluding": "11.5.8",
+ "matchCriteriaId": "65161064-A4A3-48E5-AC0A-388429FF2F53"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:-:*:*:*:*:*:*",
+ "matchCriteriaId": "190AE881-F7BF-486E-BDAE-197337D70CDB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "8D1BAA43-4C77-4AC7-8561-93EDE0AED000"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp10:*:*:*:*:*:*",
+ "matchCriteriaId": "F6FDF4D8-1822-43E6-AE65-3E4F8743D3A3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "87C39880-D0E9-4487-9A80-B4D1A999032F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "8842A8B6-E470-4536-AB5D-DA1C62A05F58"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp3a:*:*:*:*:*:*",
+ "matchCriteriaId": "92BF0482-E4FE-454E-84DD-27074097F3F3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "3705A79B-7903-4055-9CDC-55D60D2AC2E4"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "CBDFCE61-EE04-4901-844D-61B8966C1B81"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "53A23363-413D-4785-B8C1-9AC2F96000EB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp7:*:*:*:*:*:*",
+ "matchCriteriaId": "6E22D884-A33F-41D7-84CB-B6360A39863F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp8:*:*:*:*:*:*",
+ "matchCriteriaId": "4DA56D35-93E9-4659-B180-2FD636A39BAB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:10.5:fp9:*:*:*:*:*:*",
+ "matchCriteriaId": "6E7F0B02-EA0B-4BD1-AA0C-2A4735221963"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "7F91EC14-CD9A-42EB-9D81-6025A1D74749"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp1:*:*:*:*:*:*",
+ "matchCriteriaId": "5D098641-0833-4718-BB6A-273E1CA0F887"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp2:*:*:*:*:*:*",
+ "matchCriteriaId": "8B451F96-2A58-4758-86E6-F8A030805C51"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp3:*:*:*:*:*:*",
+ "matchCriteriaId": "69CBC98E-BECE-41A4-A0D9-9F3AC1602ABE"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp4:*:*:*:*:*:*",
+ "matchCriteriaId": "20386F14-BC32-4174-9F3A-F7406486976A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp5:*:*:*:*:*:*",
+ "matchCriteriaId": "DD0DD54B-AB2E-4C56-B348-FF87C174270A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:11.1.4:fp6:*:*:*:*:*:*",
+ "matchCriteriaId": "CC14EF40-FE00-47F9-8A78-98713F903D9C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262258",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7047478",
+ "source": "nvd@nist.gov",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Not Applicable"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38735.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38735.json
new file mode 100644
index 00000000000..97bddeefa04
--- /dev/null
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38735.json
@@ -0,0 +1,118 @@
+{
+ "id": "CVE-2023-38735",
+ "sourceIdentifier": "psirt@us.ibm.com",
+ "published": "2023-10-22T02:15:07.887",
+ "lastModified": "2023-10-27T19:32:01.610",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482."
+ },
+ {
+ "lang": "es",
+ "value": "IBM Cognos Dashboards en Cloud Pak for Data 4.7.0 podr\u00eda permitir a un atacante remoto omitir las restricciones de seguridad, causadas por una falla de tabulaci\u00f3n inversa. Un atacante podr\u00eda aprovechar esta vulnerabilidad y redirigir a la v\u00edctima a un sitio de phishing. ID de IBM X-Force: 262482."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ },
+ {
+ "source": "psirt@us.ibm.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-287"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:cognos_dashboards_on_cloud_pak_for_data:4.7.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "83B9126A-A851-4AF1-B2BD-E6EEB36DC22A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262482",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7031207",
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json b/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json
index 9b1cd558a8a..9d4704c27b1 100644
--- a/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json
+++ b/CVE-2023/CVE-2023-387xx/CVE-2023-38740.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-38740",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-10-16T22:15:12.057",
- "lastModified": "2023-10-17T12:38:17.143",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2023-10-19T14:34:48.020",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@@ -50,14 +80,70 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "11.5",
+ "versionEndIncluding": "11.5.8",
+ "matchCriteriaId": "8966D805-3817-488E-B692-D15838AD3469"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/262613",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "VDB Entry",
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.ibm.com/support/pages/node/7047489",
- "source": "psirt@us.ibm.com"
+ "source": "psirt@us.ibm.com",
+ "tags": [
+ "Not Applicable"
+ ]
+ },
+ {
+ "url": "https://www.ibm.com/support/pages/node/7047554",
+ "source": "nvd@nist.gov",
+ "tags": [
+ "Patch",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json
index 84cf947c7db..1022205caa6 100644
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38802.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-38802",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-29T16:15:09.113",
- "lastModified": "2023-09-19T22:15:11.407",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T19:52:48.063",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation)."
+ },
+ {
+ "lang": "es",
+ "value": "FRRouting FRR 7.5.1 a 9.0 y Pica8 PICOS 4.3.3.2 permiten a un atacante remoto causar una denegaci\u00f3n de servicio a trav\u00e9s de una actualizaci\u00f3n BGP manipulada con un atributo da\u00f1ado 23 (encapsulaci\u00f3n de t\u00fanel)."
}
],
"metrics": {
@@ -68,6 +72,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -82,7 +111,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00020.html",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://news.ycombinator.com/item?id=37305800",
@@ -93,7 +126,10 @@
},
{
"url": "https://www.debian.org/security/2023/dsa-5495",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38817.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38817.json
index 128fe9a3274..13da9d56e29 100644
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38817.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38817.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-38817",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-11T19:15:10.180",
- "lastModified": "2023-10-13T17:15:09.577",
- "vulnStatus": "Undergoing Analysis",
+ "lastModified": "2023-10-18T17:03:03.400",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,14 +11,71 @@
},
{
"lang": "es",
- "value": "Un problema en Inspect Element Ltd Echo.ac v.5.2.1.0 permite a un atacante local obtener privilegios mediante un comando manipulado para el componente echo_driver.sys."
+ "value": "Un problema en Inspect Element Ltd Echo.ac v.5.2.1.0 permite a un atacante local obtener privilegios mediante un comando manipulado para el componente echo_driver.sys. NOTA: la posici\u00f3n del proveedor es que la capacidad informada de que las aplicaciones en modo de usuario ejecuten c\u00f3digo como NT AUTHORITY\\SYSTEM fue \"desactivada por el propio Microsoft\"."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-269"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:echo:anti_cheat_tool:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "5.2.1.0",
+ "matchCriteriaId": "4C2BF749-66DF-4071-9BEA-97CC696379CB"
+ }
+ ]
+ }
+ ]
}
],
- "metrics": {},
"references": [
{
"url": "https://ioctl.fail/echo-ac-writeup/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38831.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38831.json
index ca411890ef7..1df5e422ab1 100644
--- a/CVE-2023/CVE-2023-388xx/CVE-2023-38831.json
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38831.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-38831",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-23T17:15:43.863",
- "lastModified": "2023-09-08T23:15:11.670",
+ "lastModified": "2023-10-23T01:15:07.550",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-08-24",
"cisaActionDue": "2023-09-14",
@@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
- "value": "RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023."
+ "value": "RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023."
}
],
"metrics": {
@@ -73,6 +73,10 @@
"url": "http://packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
+ {
+ "url": "https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/",
+ "source": "cve@mitre.org"
+ },
{
"url": "https://news.ycombinator.com/item?id=37236100",
"source": "cve@mitre.org",
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38845.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38845.json
new file mode 100644
index 00000000000..f52cc4356be
--- /dev/null
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38845.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-38845",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T22:15:09.227",
+ "lastModified": "2023-10-25T23:05:15.713",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Anglaise Company Anglaise.Company v.13.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38845.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://liff.line.me/1657030660-8nDEQNbe",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38846.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38846.json
new file mode 100644
index 00000000000..d79384d0e90
--- /dev/null
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38846.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-38846",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T22:15:09.290",
+ "lastModified": "2023-10-25T23:05:15.713",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Marbre Lapin Line v.13.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38846.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://liff.line.me/1657925980-KmmGkje5",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38847.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38847.json
new file mode 100644
index 00000000000..1029f163397
--- /dev/null
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38847.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-38847",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T22:15:09.340",
+ "lastModified": "2023-10-25T23:05:15.713",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en CHRISTINA JAPAN Line v.13.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38847.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://liff.line.me/1657631315-oX5J26Ak",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38848.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38848.json
new file mode 100644
index 00000000000..e26ca3867ea
--- /dev/null
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38848.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-38848",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T22:15:09.383",
+ "lastModified": "2023-10-25T23:05:15.713",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en rmc R Beauty CLINIC Line v.13.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38848.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://liff.line.me/1657640647-Wk2xYj38",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38849.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38849.json
new file mode 100644
index 00000000000..27a93752db6
--- /dev/null
+++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38849.json
@@ -0,0 +1,28 @@
+{
+ "id": "CVE-2023-38849",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2023-10-25T22:15:09.430",
+ "lastModified": "2023-10-25T23:05:15.713",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request."
+ },
+ {
+ "lang": "es",
+ "value": "Un problema en Tire-Sales Line v.13.6.1 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud GET manipulada."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-38849.md",
+ "source": "cve@mitre.org"
+ },
+ {
+ "url": "https://liff.line.me/1657203739-yvGg5PjN",
+ "source": "cve@mitre.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3801.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3801.json
index c7813e96290..9add28d6203 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3801.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3801.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3801",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-21T00:15:10.453",
- "lastModified": "2023-08-01T20:14:27.200",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T19:15:11.057",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -121,13 +121,6 @@
}
],
"references": [
- {
- "url": "http://web.archive.org/web/20230722143348/https://github.com/funnn7/cve/blob/main/sql.md",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
- },
{
"url": "https://github.com/Wkingxc/CVE/blob/master/ibos_OA_1.md",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3814.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3814.json
index ee1fddf5a2e..f0009031c10 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3814.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3814.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-3814",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-09-04T12:15:09.570",
- "lastModified": "2023-09-15T19:15:09.380",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-19T01:15:53.927",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento de WordPress Advanced File Manager anterior a 5.1.1 no autoriza adecuadamente su uso en instalaciones multisitio, lo que permite a los usuarios administradores del sitio enumerar y leer archivos y carpetas arbitrarios en el servidor."
}
],
"metrics": {
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json
index 51811d51123..e47770984d0 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3817.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-3817",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2023-07-31T16:15:10.497",
- "lastModified": "2023-09-23T00:15:19.610",
+ "lastModified": "2023-10-27T15:15:13.733",
"vulnStatus": "Modified",
"descriptions": [
{
@@ -475,6 +475,10 @@
"url": "https://security.netapp.com/advisory/ntap-20230818-0014/",
"source": "openssl-security@openssl.org"
},
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20231027-0008/",
+ "source": "openssl-security@openssl.org"
+ },
{
"url": "https://www.openssl.org/news/secadv/20230731.txt",
"source": "openssl-security@openssl.org",
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json
index 0da03ff5825..c530c58b30e 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3823",
"sourceIdentifier": "security@php.net",
"published": "2023-08-11T06:15:09.283",
- "lastModified": "2023-09-05T23:15:07.383",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-27T18:58:56.457",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -91,8 +91,38 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
- "versionEndExcluding": "8.2.8",
- "matchCriteriaId": "32E9658B-C729-4A49-98BE-CD0F8E782667"
+ "versionEndExcluding": "8.2.9",
+ "matchCriteriaId": "75AD1BDB-02D7-4727-8F08-8E1F794DB842"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -110,18 +140,24 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html",
- "source": "security@php.net"
+ "source": "security@php.net",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/",
"source": "security@php.net",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/",
- "source": "security@php.net"
+ "source": "security@php.net",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
index 1847a5c33d5..87b775414a5 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3824",
"sourceIdentifier": "security@php.net",
"published": "2023-08-11T06:15:10.560",
- "lastModified": "2023-09-05T23:15:07.883",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-27T18:58:24.280",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -101,8 +101,38 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.2.0",
- "versionEndExcluding": "8.2.8",
- "matchCriteriaId": "32E9658B-C729-4A49-98BE-CD0F8E782667"
+ "versionEndExcluding": "8.2.9",
+ "matchCriteriaId": "75AD1BDB-02D7-4727-8F08-8E1F794DB842"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@@ -120,18 +150,24 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html",
- "source": "security@php.net"
+ "source": "security@php.net",
+ "tags": [
+ "Mailing List"
+ ]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA/",
"source": "security@php.net",
"tags": [
- "Third Party Advisory"
+ "Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230825-0001/",
- "source": "security@php.net"
+ "source": "security@php.net",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json
index d9adaeb5c45..ced4092fa44 100644
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-3863",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T15:15:09.397",
- "lastModified": "2023-09-10T12:16:18.967",
- "vulnStatus": "Modified",
+ "lastModified": "2023-10-26T20:29:30.773",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -82,6 +82,31 @@
]
}
]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
+ }
+ ]
+ }
+ ]
}
],
"references": [
@@ -108,13 +133,27 @@
"Patch"
]
},
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
{
"url": "https://www.debian.org/security/2023/dsa-5480",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
},
{
"url": "https://www.debian.org/security/2023/dsa-5492",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3869.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3869.json
new file mode 100644
index 00000000000..e370d7db172
--- /dev/null
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3869.json
@@ -0,0 +1,117 @@
+{
+ "id": "CVE-2023-3869",
+ "sourceIdentifier": "security@wordfence.com",
+ "published": "2023-10-20T08:15:12.073",
+ "lastModified": "2023-10-26T14:58:22.130",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment."
+ },
+ {
+ "lang": "es",
+ "value": "El complemento wpDiscuz para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de autorizaci\u00f3n en la funci\u00f3n voteOnComment en versiones hasta la 7.6.3 incluida. Esto hace posible que atacantes no autenticados aumenten o disminuyan la calificaci\u00f3n de un comentario."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-862"
+ }
+ ]
+ },
+ {
+ "source": "security@wordfence.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:*",
+ "versionEndIncluding": "7.6.3",
+ "matchCriteriaId": "B283E8CD-2054-4D79-A517-8D7228A3AE66"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/utils/class.WpdiscuzHelperAjax.php#L681",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=cve",
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json
index 837d9f7cc68..fdbf5097d6c 100644
--- a/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json
+++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39193.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-39193",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-09T18:15:10.303",
- "lastModified": "2023-10-11T20:46:48.450",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-23T15:15:08.620",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
- "privilegesRequired": "HIGH",
+ "privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
- "baseScore": 5.1,
+ "baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
- "exploitabilityScore": 0.8,
+ "exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39219.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39219.json
new file mode 100644
index 00000000000..52368a291f4
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39219.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-39219",
+ "sourceIdentifier": "responsible-disclosure@pingidentity.com",
+ "published": "2023-10-25T18:17:28.973",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests\n"
+ },
+ {
+ "lang": "es",
+ "value": "La dependencia de la consola administrativa de PingFederate contiene una debilidad donde la consola deja de responder con solicitudes de enumeraci\u00f3n de carga de clases Java manipuladas"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244",
+ "source": "responsible-disclosure@pingidentity.com"
+ },
+ {
+ "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
+ "source": "responsible-disclosure@pingidentity.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39231.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39231.json
new file mode 100644
index 00000000000..820e39b86dc
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39231.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2023-39231",
+ "sourceIdentifier": "responsible-disclosure@pingidentity.com",
+ "published": "2023-10-25T18:17:29.030",
+ "lastModified": "2023-10-25T20:32:16.527",
+ "vulnStatus": "Awaiting Analysis",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials."
+ },
+ {
+ "lang": "es",
+ "value": "PingFederate utilizando el adaptador PingOne MFA permite emparejar un nuevo dispositivo MFA sin requerir autenticaci\u00f3n de segundo factor de un dispositivo registrado existente. Un actor de amenazas puede aprovechar esta vulnerabilidad para registrar su propio dispositivo MFA si tiene conocimiento de las credenciales del primer factor del usuario v\u00edctima."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "responsible-disclosure@pingidentity.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-288"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394",
+ "source": "responsible-disclosure@pingidentity.com"
+ },
+ {
+ "url": "https://www.pingidentity.com/en/resources/downloads/pingid.html",
+ "source": "responsible-disclosure@pingidentity.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39276.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39276.json
new file mode 100644
index 00000000000..8d722ce1fa6
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39276.json
@@ -0,0 +1,503 @@
+{
+ "id": "CVE-2023-39276",
+ "sourceIdentifier": "PSIRT@sonicwall.com",
+ "published": "2023-10-17T23:15:11.573",
+ "lastModified": "2023-10-19T16:44:59.707",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de desbordamiento del b\u00fafer de autenticaci\u00f3n posterior de SonicOS en el endpoint de la URL getBookmarkList.json provoca una falla del firewall."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "PSIRT@sonicwall.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0.1-5145",
+ "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.4-44v-21-2340",
+ "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.13-105n",
+ "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012",
+ "source": "PSIRT@sonicwall.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39277.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39277.json
new file mode 100644
index 00000000000..af533ceaab7
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39277.json
@@ -0,0 +1,503 @@
+{
+ "id": "CVE-2023-39277",
+ "sourceIdentifier": "PSIRT@sonicwall.com",
+ "published": "2023-10-17T23:15:11.660",
+ "lastModified": "2023-10-19T16:44:50.013",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "\nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de desbordamiento del b\u00fafer de autenticaci\u00f3n posterior de SonicOS en los endpoints de URL sonicflow.csv y appflowsessions.csv provoca una falla del firewall."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "PSIRT@sonicwall.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0.1-5145",
+ "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.4-44v-21-2340",
+ "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.13-105n",
+ "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012",
+ "source": "PSIRT@sonicwall.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39278.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39278.json
new file mode 100644
index 00000000000..640ac00e061
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39278.json
@@ -0,0 +1,503 @@
+{
+ "id": "CVE-2023-39278",
+ "sourceIdentifier": "PSIRT@sonicwall.com",
+ "published": "2023-10-17T23:15:11.727",
+ "lastModified": "2023-10-19T16:44:45.767",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n"
+ },
+ {
+ "lang": "es",
+ "value": "La falla de aserci\u00f3n del usuario posterior a la autenticaci\u00f3n de SonicOS conduce a una vulnerabilidad de desbordamiento del b\u00fafer a trav\u00e9s de main.cgi que provoca una falla del firewall."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "PSIRT@sonicwall.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0.1-5145",
+ "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.4-44v-21-2340",
+ "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.13-105n",
+ "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012",
+ "source": "PSIRT@sonicwall.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39279.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39279.json
new file mode 100644
index 00000000000..4f8d8be6c9d
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39279.json
@@ -0,0 +1,503 @@
+{
+ "id": "CVE-2023-39279",
+ "sourceIdentifier": "PSIRT@sonicwall.com",
+ "published": "2023-10-17T23:15:11.790",
+ "lastModified": "2023-10-19T16:44:41.193",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash."
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de desbordamiento del b\u00fafer basado posterior a la autenticaci\u00f3n de SonicOS en el endpoint de URL getPacketReplayData.json provoca una falla del firewall."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "PSIRT@sonicwall.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0.1-5145",
+ "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.4-44v-21-2340",
+ "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.13-105n",
+ "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012",
+ "source": "PSIRT@sonicwall.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39280.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39280.json
new file mode 100644
index 00000000000..aeb2fdc28d4
--- /dev/null
+++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39280.json
@@ -0,0 +1,503 @@
+{
+ "id": "CVE-2023-39280",
+ "sourceIdentifier": "PSIRT@sonicwall.com",
+ "published": "2023-10-17T23:15:11.853",
+ "lastModified": "2023-10-19T16:44:36.887",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n"
+ },
+ {
+ "lang": "es",
+ "value": "La vulnerabilidad de desbordamiento del b\u00fafer posterior a la autenticaci\u00f3n de SonicOS en los endpoints de URL ssoStats-s.xml y ssoStats-s.wri provoca una falla del firewall."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-787"
+ }
+ ]
+ },
+ {
+ "source": "PSIRT@sonicwall.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-121"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "7.0.1-5145",
+ "matchCriteriaId": "2C7049FD-8088-4FCE-886A-F4CF5E287D1C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa2700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4AFAFCEC-A61E-40EB-87B9-7449751CCAF8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa3700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7BC4F132-D29A-4974-86DA-6E35AB05327C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa4700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CBE365CF-DBE9-4C84-AB0C-0CAB7C74ED40"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa5700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "016BB564-CEFC-4E0C-9D38-D9C4C8B2E492"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa6700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5D95DCC6-6F48-4A79-A9F6-BDB1AEFA2180"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp10700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "15F2741F-3C32-4075-A224-BE272B50E3D9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp11700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AC883B32-987C-4D34-8BBF-39E2C57A62EE"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp13700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C72EA66A-320C-4D5E-B3F6-6D5F8733E2F1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nssp15700:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F8B4A33E-8456-451E-AAF4-7F48BEDACF45"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "70340DD4-687B-402C-85AF-C2B80D0F1600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz270w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "52847BA2-470B-4078-A79B-52095DB9214B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9853AE3A-B0EA-4249-AA7D-1F2051C9BF91"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz370w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4DBDD10C-F89D-4051-BC70-67B41167FF9B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "6C23940E-2F9D-447B-A740-42035ED5D400"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz470w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "90C790AD-C40E-4527-8F83-D278282A9600"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C7DF76E0-8E3D-4E0D-A3BB-F5AE05A4C7C9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "352DFCF9-E333-41C0-8033-91265768FD8E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz570w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4C882C38-9DA5-4C03-BB23-AB2B448E3307"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz670:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "AEEA6065-48D3-4EC7-BD94-CBAE3D1010FF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.4-44v-21-2340",
+ "matchCriteriaId": "9B91638E-FB80-4C65-8A37-827488CB3E2C"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv10:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8F5B29EE-9D04-44CC-BB1F-C3C6130D2708"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv100:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DB6153BB-7B2C-4307-ABE0-0E7E1745DEC7"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv1600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "93914C8C-69ED-480C-80F2-4334C00788D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FE26ECE3-9E17-456F-A416-E23A758C9E4C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv25:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "67EEA85D-8F9E-4E41-B8B3-119738375A84"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv270:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DACDCE12-74C2-4F3C-8421-9191700514C5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F0D33997-0D65-464E-8AA5-043499C667D1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13CD6CF-B048-4214-AAA8-AB58BE6C6C5E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv470:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "3AF1ECB1-6257-41E3-A050-6467063F4807"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv50:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BA838CC7-083A-4BF1-9C95-BED6F5A2992C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv800:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D0171D69-14A6-4AB0-8377-C233F5E192D8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsv870:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0883D805-1BA9-49CE-AEC7-51C9D9A69C5C"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "6.5.4.13-105n",
+ "matchCriteriaId": "0D74A465-1A72-4A02-8A54-FD502BD28119"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F86D13F9-D41E-4230-9116-A781FFAEF00D"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B7BCDFEE-DC5A-44B8-85DF-8BFC02B1A973"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8A24BCC0-CE41-49AF-B03D-D4FCB422503B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_3650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "043858A6-26AC-4EB0-A240-A43AD08C6AD5"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "8FD73880-DC60-467F-99B6-69807D58A840"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_4650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "73BB9452-A014-4A68-9662-63E6C60EEAD2"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B0CF683A-7E83-464B-8A0D-4CC641377FA6"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_5650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FAAEBB4-F180-4195-BA7F-591AB02EEDC9"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CD9C3F77-2F1A-4C4F-A8F8-CDBFB7B87891"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:nsa_6650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "676B05B2-716E-4DC4-BEE8-0E3BCCA5DB27"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9200:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FEF2B435-957C-4BBE-937D-23E4F33189EF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0CE4FE75-10AD-47D4-AF87-E4C294F89EA8"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B485C543-DFCF-4481-92B4-F7198EE4FBD1"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9450:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "928C1C0D-7AF7-4076-B5B2-207DFF3AD6A4"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F030C5AB-36CA-445E-AC87-8DEE18DBB40E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sm_9650:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1F9D940-8AE2-4B92-B69D-9FF6F48DF16C"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9FDE64E9-44DD-4B7C-BA34-FE2C79E3FAED"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:soho_250w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "4E8F3935-89B4-4091-9B8C-442C02FD4F3A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:sohow:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7268E89B-FF46-45AD-82FF-333505EF957B"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "0804FADE-57F7-452F-86B3-079701059D37"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "9956F726-6D62-4616-B60A-4D3DD6F32105"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_300w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "29F4D403-F20A-4802-AAE9-9582486EB436"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_350:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "675F28A7-0BB3-4CDA-855E-7EFC650B512E"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "5983C650-84F6-4B2E-A27E-9E83EA1DDC02"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_400w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "BDD4B412-7967-477F-929E-8F12A39186FF"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A1D996FA-52D1-47C2-87E6-682EEC9CA532"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_500w:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B9DEF6EE-000D-407D-AA2B-E039BA306A2A"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C0B8BFA4-2E15-4318-B7A9-DBDE801D0CF0"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:sonicwall:tz_600p:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DCB8CDE6-8052-40F7-950F-05329499A58A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0012",
+ "source": "PSIRT@sonicwall.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39318.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39318.json
index 78d7ab655fb..b07fc1a9132 100644
--- a/CVE-2023/CVE-2023-393xx/CVE-2023-39318.json
+++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39318.json
@@ -2,12 +2,16 @@
"id": "CVE-2023-39318",
"sourceIdentifier": "security@golang.org",
"published": "2023-09-08T17:15:27.823",
- "lastModified": "2023-09-12T15:09:57.040",
- "vulnStatus": "Analyzed",
+ "lastModified": "2023-10-20T15:15:11.337",
+ "vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability."
+ },
+ {
+ "lang": "es",
+ "value": "Se encontr\u00f3 una vulnerabilidad en CodeAstro Internet Banking System 1.0. Ha sido declarada problem\u00e1tica. Una funci\u00f3n desconocida del archivo pages_reset_pwd.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento email con la entrada testing%40example.com'%26%25alert(9860) conduce a cross site scripting. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-243133."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ],
+ "cvssMetricV30": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 1.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+ "accessVector": "NETWORK",
+ "accessComplexity": "LOW",
+ "authentication": "SINGLE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.0
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.0,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ },
+ {
+ "source": "cna@vuldb.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:martmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "FD0AF461-CF49-4FCA-BDCC-935CE159A06A"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://github.com/E1CHO/cve_hub/blob/main/Internet%20Banking%20System/Internet%20Banking%20System%20-%20vuln%203.pdf",
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.243133",
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://vuldb.com/?id.243133",
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5696.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5696.json
new file mode 100644
index 00000000000..372c4670519
--- /dev/null
+++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5696.json
@@ -0,0 +1,152 @@
+{
+ "id": "CVE-2023-5696",
+ "sourceIdentifier": "cna@vuldb.com",
+ "published": "2023-10-22T23:15:08.260",
+ "lastModified": "2023-10-28T03:43:53.283",
+ "vulnStatus": "Analyzed",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928-->alert(9206)alert(1234)alert(9523)