From 62f95da7a5729dee16fe228b575ce8c5dbd66fd9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 21 Nov 2023 21:00:21 +0000 Subject: [PATCH] Auto-Update: 2023-11-21T21:00:17.887493+00:00 --- CVE-2015/CVE-2015-40xx/CVE-2015-4036.json | 130 +- CVE-2018/CVE-2018-25xx/CVE-2018-2579.json | 18 +- CVE-2018/CVE-2018-25xx/CVE-2018-2581.json | 18 +- CVE-2018/CVE-2018-25xx/CVE-2018-2582.json | 18 +- CVE-2018/CVE-2018-25xx/CVE-2018-2588.json | 18 +- CVE-2018/CVE-2018-25xx/CVE-2018-2599.json | 18 +- CVE-2018/CVE-2018-26xx/CVE-2018-2602.json | 22 +- CVE-2018/CVE-2018-26xx/CVE-2018-2603.json | 22 +- CVE-2018/CVE-2018-26xx/CVE-2018-2618.json | 18 +- CVE-2018/CVE-2018-26xx/CVE-2018-2627.json | 18 +- CVE-2018/CVE-2018-26xx/CVE-2018-2629.json | 18 +- CVE-2018/CVE-2018-26xx/CVE-2018-2633.json | 18 +- CVE-2018/CVE-2018-26xx/CVE-2018-2634.json | 18 +- CVE-2021/CVE-2021-275xx/CVE-2021-27502.json | 4 +- CVE-2021/CVE-2021-275xx/CVE-2021-27504.json | 4 +- CVE-2021/CVE-2021-318xx/CVE-2021-31852.json | 24 +- CVE-2021/CVE-2021-384xx/CVE-2021-38405.json | 59 + CVE-2022/CVE-2022-428xx/CVE-2022-42879.json | 118 +- CVE-2023/CVE-2023-00xx/CVE-2023-0001.json | 24 +- CVE-2023/CVE-2023-202xx/CVE-2023-20208.json | 43 + CVE-2023/CVE-2023-202xx/CVE-2023-20265.json | 43 + CVE-2023/CVE-2023-202xx/CVE-2023-20272.json | 43 + CVE-2023/CVE-2023-202xx/CVE-2023-20274.json | 43 + CVE-2023/CVE-2023-205xx/CVE-2023-20519.json | 108 +- CVE-2023/CVE-2023-205xx/CVE-2023-20596.json | 1844 ++++++++++++++++++- CVE-2023/CVE-2023-225xx/CVE-2023-22516.json | 4 +- CVE-2023/CVE-2023-225xx/CVE-2023-22521.json | 4 +- CVE-2023/CVE-2023-262xx/CVE-2023-26222.json | 77 +- CVE-2023/CVE-2023-326xx/CVE-2023-32641.json | 61 +- CVE-2023/CVE-2023-326xx/CVE-2023-32662.json | 61 +- CVE-2023/CVE-2023-327xx/CVE-2023-32701.json | 70 +- CVE-2023/CVE-2023-338xx/CVE-2023-33872.json | 60 +- CVE-2023/CVE-2023-340xx/CVE-2023-34060.json | 91 +- CVE-2023/CVE-2023-340xx/CVE-2023-34062.json | 71 +- CVE-2023/CVE-2023-343xx/CVE-2023-34314.json | 61 +- CVE-2023/CVE-2023-343xx/CVE-2023-34350.json | 61 +- CVE-2023/CVE-2023-344xx/CVE-2023-34430.json | 61 +- CVE-2023/CVE-2023-349xx/CVE-2023-34997.json | 61 +- CVE-2023/CVE-2023-360xx/CVE-2023-36007.json | 64 +- CVE-2023/CVE-2023-360xx/CVE-2023-36049.json | 677 ++++++- CVE-2023/CVE-2023-364xx/CVE-2023-36437.json | 64 +- CVE-2023/CVE-2023-365xx/CVE-2023-36558.json | 129 +- CVE-2023/CVE-2023-415xx/CVE-2023-41570.json | 70 +- CVE-2023/CVE-2023-456xx/CVE-2023-45614.json | 91 +- CVE-2023/CVE-2023-456xx/CVE-2023-45615.json | 91 +- CVE-2023/CVE-2023-456xx/CVE-2023-45625.json | 91 +- CVE-2023/CVE-2023-456xx/CVE-2023-45626.json | 91 +- CVE-2023/CVE-2023-456xx/CVE-2023-45627.json | 91 +- CVE-2023/CVE-2023-473xx/CVE-2023-47308.json | 77 +- CVE-2023/CVE-2023-473xx/CVE-2023-47309.json | 70 +- CVE-2023/CVE-2023-473xx/CVE-2023-47384.json | 68 +- CVE-2023/CVE-2023-475xx/CVE-2023-47580.json | 80 +- CVE-2023/CVE-2023-475xx/CVE-2023-47581.json | 80 +- CVE-2023/CVE-2023-475xx/CVE-2023-47582.json | 80 +- CVE-2023/CVE-2023-476xx/CVE-2023-47628.json | 48 +- CVE-2023/CVE-2023-476xx/CVE-2023-47643.json | 63 + CVE-2023/CVE-2023-476xx/CVE-2023-47678.json | 89 +- CVE-2023/CVE-2023-482xx/CVE-2023-48226.json | 75 + CVE-2023/CVE-2023-48xx/CVE-2023-4889.json | 64 +- CVE-2023/CVE-2023-50xx/CVE-2023-5055.json | 4 +- CVE-2023/CVE-2023-51xx/CVE-2023-5189.json | 74 +- CVE-2023/CVE-2023-59xx/CVE-2023-5984.json | 85 +- CVE-2023/CVE-2023-59xx/CVE-2023-5985.json | 85 +- README.md | 72 +- 64 files changed, 5711 insertions(+), 316 deletions(-) create mode 100644 CVE-2021/CVE-2021-384xx/CVE-2021-38405.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20208.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20265.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20272.json create mode 100644 CVE-2023/CVE-2023-202xx/CVE-2023-20274.json create mode 100644 CVE-2023/CVE-2023-476xx/CVE-2023-47643.json create mode 100644 CVE-2023/CVE-2023-482xx/CVE-2023-48226.json diff --git a/CVE-2015/CVE-2015-40xx/CVE-2015-4036.json b/CVE-2015/CVE-2015-40xx/CVE-2015-4036.json index 18a6d63713d..9be41356c08 100644 --- a/CVE-2015/CVE-2015-40xx/CVE-2015-4036.json +++ b/CVE-2015/CVE-2015-40xx/CVE-2015-4036.json @@ -2,8 +2,8 @@ "id": "CVE-2015-4036", "sourceIdentifier": "cve@mitre.org", "published": "2015-08-31T20:59:01.653", - "lastModified": "2016-12-22T02:59:50.960", - "vulnStatus": "Modified", + "lastModified": "2023-11-21T19:15:17.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,8 +63,79 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.18.0", - "matchCriteriaId": "BDF86B9D-ABF3-4D78-B026-BA65BD2AB6CD" + "versionStartExcluding": "3.6", + "versionEndExcluding": "3.10.90", + "matchCriteriaId": "D3255027-0A48-43E5-9E50-89A18E256E98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11", + "versionEndExcluding": "3.12.44", + "matchCriteriaId": "8D0C4C2A-444F-4959-BBA9-AEBD29C2CA7E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.13", + "versionEndExcluding": "3.14.57", + "matchCriteriaId": "8A11EA50-ADF8-4F55-975C-C7DB23C9B455" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.15", + "versionEndExcluding": "3.16.35", + "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "3.18.25", + "matchCriteriaId": "1CE06EBF-9588-4C87-A85F-8224C668D218" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.19", + "versionEndExcluding": "4.0", + "matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:-:*:*:*:*:*:*", + "matchCriteriaId": "E7D72FF4-3906-4585-B39A-A9B194F53204" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc2:*:*:*:*:*:*", + "matchCriteriaId": "61B347F1-DB7C-4078-AED9-BF4906F0DEB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0FCBD80-8462-4642-B2F0-54896776CF07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc4:*:*:*:*:*:*", + "matchCriteriaId": "42F72762-D825-4B81-93BB-5B7F54313F46" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc5:*:*:*:*:*:*", + "matchCriteriaId": "41FDE042-F389-4580-BEBB-EBAB4F562477" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc6:*:*:*:*:*:*", + "matchCriteriaId": "329C7DD0-9CEA-4D15-B0FE-B3565EE53A63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc7:*:*:*:*:*:*", + "matchCriteriaId": "A6067C5D-29B3-4EE2-BDCA-3F204F25F1C0" } ] } @@ -74,46 +145,77 @@ "references": [ { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2015/05/13/4", "source": "cve@mitre.org", "tags": [ - "Exploit" + "Exploit", + "Mailing List", + "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/74664", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "URL Repurposed", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id/1033729", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "URL Repurposed" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2633-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2634-1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1189864", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/59c816c1f24df0204e01851431d3bab3eb76719c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2018/CVE-2018-25xx/CVE-2018-2579.json b/CVE-2018/CVE-2018-25xx/CVE-2018-2579.json index fe154a3ebf1..746c07e1565 100644 --- a/CVE-2018/CVE-2018-25xx/CVE-2018-2579.json +++ b/CVE-2018/CVE-2018-25xx/CVE-2018-2579.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2579", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:18.227", - "lastModified": "2022-05-13T14:57:21.947", + "lastModified": "2023-11-21T19:13:33.743", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102663", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-25xx/CVE-2018-2581.json b/CVE-2018/CVE-2018-25xx/CVE-2018-2581.json index a0d156beff8..eb3fccf48be 100644 --- a/CVE-2018/CVE-2018-25xx/CVE-2018-2581.json +++ b/CVE-2018/CVE-2018-25xx/CVE-2018-2581.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2581", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:18.320", - "lastModified": "2022-08-12T18:04:42.840", + "lastModified": "2023-11-21T19:13:17.797", "vulnStatus": "Analyzed", "descriptions": [ { @@ -94,8 +94,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -109,8 +109,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" } ] } @@ -284,14 +284,18 @@ "url": "http://www.securityfocus.com/bid/102636", "source": "secalert_us@oracle.com", "tags": [ - "Broken Link" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ - "Broken Link" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { diff --git a/CVE-2018/CVE-2018-25xx/CVE-2018-2582.json b/CVE-2018/CVE-2018-25xx/CVE-2018-2582.json index 88508715977..57107bcac92 100644 --- a/CVE-2018/CVE-2018-25xx/CVE-2018-2582.json +++ b/CVE-2018/CVE-2018-25xx/CVE-2018-2582.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2582", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:18.367", - "lastModified": "2022-05-13T14:57:21.977", + "lastModified": "2023-11-21T19:13:28.723", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -89,8 +89,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" } ] } @@ -249,6 +249,7 @@ "url": "http://www.securityfocus.com/bid/102597", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -257,6 +258,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-25xx/CVE-2018-2588.json b/CVE-2018/CVE-2018-25xx/CVE-2018-2588.json index ec3b94d8ea3..7e2ff013bb2 100644 --- a/CVE-2018/CVE-2018-25xx/CVE-2018-2588.json +++ b/CVE-2018/CVE-2018-25xx/CVE-2018-2588.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2588", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:18.600", - "lastModified": "2022-05-13T14:57:21.993", + "lastModified": "2023-11-21T19:13:22.147", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102661", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-25xx/CVE-2018-2599.json b/CVE-2018/CVE-2018-25xx/CVE-2018-2599.json index d25f9d03976..da5d2e7dee8 100644 --- a/CVE-2018/CVE-2018-25xx/CVE-2018-2599.json +++ b/CVE-2018/CVE-2018-25xx/CVE-2018-2599.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2599", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:19.087", - "lastModified": "2022-05-13T14:57:22.020", + "lastModified": "2023-11-21T19:09:02.703", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102633", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2602.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2602.json index f698efada8d..01d73da3823 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2602.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2602.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2602", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:19.240", - "lastModified": "2022-05-13T14:57:22.050", + "lastModified": "2023-11-21T19:09:12.173", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" } ] } @@ -323,14 +323,16 @@ "url": "http://www.securityfocus.com/bid/102642", "source": "secalert_us@oracle.com", "tags": [ - "VDB Entry", - "Third Party Advisory" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2603.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2603.json index 4ee9f6ed93e..80d11be933f 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2603.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2603.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2603", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:19.287", - "lastModified": "2022-05-13T14:57:22.070", + "lastModified": "2023-11-21T19:08:46.987", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,14 +329,16 @@ "url": "http://www.securityfocus.com/bid/102625", "source": "secalert_us@oracle.com", "tags": [ - "VDB Entry", - "Third Party Advisory" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2618.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2618.json index f50a43786d2..8478d25757c 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2618.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2618.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2618", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:19.990", - "lastModified": "2022-05-13T14:57:22.087", + "lastModified": "2023-11-21T19:10:41.570", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102612", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2627.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2627.json index 2735cf3ab4a..e8fcc99f7c4 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2627.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2627.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2627", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:20.397", - "lastModified": "2022-08-12T18:04:36.307", + "lastModified": "2023-11-21T19:13:38.713", "vulnStatus": "Analyzed", "descriptions": [ { @@ -89,8 +89,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" } ] } @@ -264,14 +264,18 @@ "url": "http://www.securityfocus.com/bid/102584", "source": "secalert_us@oracle.com", "tags": [ - "Broken Link" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ - "Broken Link" + "Broken Link", + "Third Party Advisory", + "VDB Entry" ] }, { diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2629.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2629.json index 485973e8144..1a354347f8f 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2629.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2629.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2629", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:20.447", - "lastModified": "2022-05-13T14:57:22.113", + "lastModified": "2023-11-21T19:10:47.953", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102615", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2633.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2633.json index 10604b24997..72f1252505a 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2633.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2633.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2633", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:20.633", - "lastModified": "2022-05-13T14:57:22.137", + "lastModified": "2023-11-21T19:13:48.530", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -99,8 +99,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -119,8 +119,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" }, { "vulnerable": true, @@ -329,6 +329,7 @@ "url": "http://www.securityfocus.com/bid/102557", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -337,6 +338,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2018/CVE-2018-26xx/CVE-2018-2634.json b/CVE-2018/CVE-2018-26xx/CVE-2018-2634.json index 36c089d56da..fce3eb3ea6e 100644 --- a/CVE-2018/CVE-2018-26xx/CVE-2018-2634.json +++ b/CVE-2018/CVE-2018-26xx/CVE-2018-2634.json @@ -2,7 +2,7 @@ "id": "CVE-2018-2634", "sourceIdentifier": "secalert_us@oracle.com", "published": "2018-01-18T02:29:20.680", - "lastModified": "2022-05-13T14:57:22.160", + "lastModified": "2023-11-21T19:13:43.310", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -94,8 +94,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jdk:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "1D1ECEA2-55C5-4554-B3E7-A5BA268C0063" + "criteria": "cpe:2.3:a:oracle:jdk:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "796F8150-771C-4806-83D7-72C5F539ED1F" }, { "vulnerable": true, @@ -109,8 +109,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:oracle:jre:1.9.0.1:*:*:*:*:*:*:*", - "matchCriteriaId": "F1AAC9C9-0B1A-42F3-8E3D-60EEDED64678" + "criteria": "cpe:2.3:a:oracle:jre:9.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "76105155-2BDC-4A86-8DA4-4EC5362D5978" } ] } @@ -314,6 +314,7 @@ "url": "http://www.securityfocus.com/bid/102592", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -322,6 +323,7 @@ "url": "http://www.securitytracker.com/id/1040203", "source": "secalert_us@oracle.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2021/CVE-2021-275xx/CVE-2021-27502.json b/CVE-2021/CVE-2021-275xx/CVE-2021-27502.json index 71fb379dc23..268470fbd11 100644 --- a/CVE-2021/CVE-2021-275xx/CVE-2021-27502.json +++ b/CVE-2021/CVE-2021-275xx/CVE-2021-27502.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27502", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-21T18:15:07.510", - "lastModified": "2023-11-21T18:15:07.510", - "vulnStatus": "Received", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-275xx/CVE-2021-27504.json b/CVE-2021/CVE-2021-275xx/CVE-2021-27504.json index 0c51a986605..78ccfc6e013 100644 --- a/CVE-2021/CVE-2021-275xx/CVE-2021-27504.json +++ b/CVE-2021/CVE-2021-275xx/CVE-2021-27504.json @@ -2,8 +2,8 @@ "id": "CVE-2021-27504", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-11-21T18:15:07.713", - "lastModified": "2023-11-21T18:15:07.713", - "vulnStatus": "Received", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-318xx/CVE-2021-31852.json b/CVE-2021/CVE-2021-318xx/CVE-2021-31852.json index 47583a4655a..36a93da06ad 100644 --- a/CVE-2021/CVE-2021-318xx/CVE-2021-31852.json +++ b/CVE-2021/CVE-2021-318xx/CVE-2021-31852.json @@ -2,8 +2,8 @@ "id": "CVE-2021-31852", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2021-11-23T20:15:10.727", - "lastModified": "2023-11-07T03:35:08.797", - "vulnStatus": "Modified", + "lastModified": "2023-11-21T20:36:25.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -37,7 +37,7 @@ "impactScore": 2.7 }, { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "trellixpsirt@trellix.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -85,7 +85,17 @@ }, "weaknesses": [ { - "source": "01626437-bf8f-4d1c-912a-893b5eb04808", + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "trellixpsirt@trellix.com", "type": "Secondary", "description": [ { @@ -116,7 +126,11 @@ "references": [ { "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10372", - "source": "trellixpsirt@trellix.com" + "source": "trellixpsirt@trellix.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-384xx/CVE-2021-38405.json b/CVE-2021/CVE-2021-384xx/CVE-2021-38405.json new file mode 100644 index 00000000000..98088b40632 --- /dev/null +++ b/CVE-2021/CVE-2021-384xx/CVE-2021-38405.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2021-38405", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-11-21T19:15:07.647", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Datalogics APDFL library used in affected products is vulnerable to memory corruption condition\u00a0while parsing specially crafted PDF files. An attacker could leverage this vulnerability to execute code\u00a0in the context of the current process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-041-07", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-428xx/CVE-2022-42879.json b/CVE-2022/CVE-2022-428xx/CVE-2022-42879.json index ae9099e1daa..495ec7bc161 100644 --- a/CVE-2022/CVE-2022-428xx/CVE-2022-42879.json +++ b/CVE-2022/CVE-2022-428xx/CVE-2022-42879.json @@ -2,16 +2,40 @@ "id": "CVE-2022-42879", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:13.530", - "lastModified": "2023-11-14T19:30:41.887", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:28:19.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access." + }, + { + "lang": "es", + "value": "La desreferencia del puntero NULL en algunos controladores Intel(R) Arc(TM) e Iris(R) Xe - WHQL - Windows anteriores a la versi\u00f3n 31.0.101.4255 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,88 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:graphics_driver:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "31.0.101.4255", + "matchCriteriaId": "769A78AA-5380-4FA8-9B1B-6BC93F54952B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a310:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6D00BE1-565F-4E36-ABCB-7D6216D3C422" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a380:-:*:*:*:*:*:*:*", + "matchCriteriaId": "30DA34B3-3114-432A-9B81-B1E469BFBA35" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a530m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B10E0AF-31C4-4587-ABA0-E7F27A431D84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a550m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5F2A6623-160D-4712-91B4-7125C6F14587" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a570m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F5A65944-2A11-46D8-ABF0-1A62955D3FC2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1ABFDBB-F30C-4AE2-98B1-90542F427085" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a730m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "926E5E32-39B2-4CAD-AB41-9652518B3D8A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a750:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E92E63D9-B5E9-49F7-B96F-9C4BE6B8F41C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a770:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE38F333-3BA1-4C84-A311-5DFC90A0BEAA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:intel:arc_a770m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7538E01D-C5F4-4D0E-92A6-7D8F1FB95907" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00864.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json index 0599dade786..8feb161dd48 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json @@ -2,8 +2,8 @@ "id": "CVE-2023-0001", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2023-02-08T18:15:11.523", - "lastModified": "2023-11-10T15:15:07.930", - "vulnStatus": "Modified", + "lastModified": "2023-11-21T19:15:08.073", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -108,26 +108,6 @@ } ], "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/08/10", - "source": "psirt@paloaltonetworks.com" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/08/2", - "source": "psirt@paloaltonetworks.com" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/08/3", - "source": "psirt@paloaltonetworks.com" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/08/5", - "source": "psirt@paloaltonetworks.com" - }, - { - "url": "http://www.openwall.com/lists/oss-security/2023/11/10/1", - "source": "psirt@paloaltonetworks.com" - }, { "url": "https://security.paloaltonetworks.com/CVE-2023-0001", "source": "psirt@paloaltonetworks.com", diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20208.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20208.json new file mode 100644 index 00000000000..f38d526c7e4 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20208.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20208", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-21T19:15:08.567", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20265.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20265.json new file mode 100644 index 00000000000..657ea705b0f --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20265.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20265", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-21T19:15:08.747", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20272.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20272.json new file mode 100644 index 00000000000..a908227e071 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20272.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20272", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-21T19:15:08.920", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this vulnerability by uploading a malicious file to the web interface. A successful exploit could allow the attacker to replace files and gain access to sensitive server-side information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-mult-j-KxpNynR", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20274.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20274.json new file mode 100644 index 00000000000..c1bde9f81a4 --- /dev/null +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20274.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20274", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2023-11-21T19:15:09.087", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An attacker could exploit this vulnerability by modifying objects in the PHP Agent install directory, which would run with the same privileges as PHP. A successful exploit could allow a lower-privileged attacker to elevate their privileges to root on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.5 + } + ] + }, + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-php-authpriv-gEBwTvu5", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20519.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20519.json index 2c87e3a4f30..422dcdcd95b 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20519.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20519.json @@ -2,19 +2,119 @@ "id": "CVE-2023-20519", "sourceIdentifier": "psirt@amd.com", "published": "2023-11-14T19:15:15.533", - "lastModified": "2023-11-14T19:30:36.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:27:42.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad Use-After-Free en la administraci\u00f3n de una p\u00e1gina contextual de invitado SNP puede permitir que un hipervisor malicioso se haga pasar por el agente de migraci\u00f3n del invitado, lo que resulta en una posible p\u00e9rdida de integridad del invitado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:milanpi_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.0.a", + "matchCriteriaId": "D04D59C4-B1F2-477B-A1B6-ADCA15925FC3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:milanpi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1F64A4AA-A66B-4B2E-B8F1-F332E3945903" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:genoapi_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.0.3", + "matchCriteriaId": "F21375AC-B510-4A7C-8382-D98710569550" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:genoapi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0EC5CF20-1E17-4F25-A186-5AFD1D0AC641" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3002", - "source": "psirt@amd.com" + "source": "psirt@amd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-205xx/CVE-2023-20596.json b/CVE-2023/CVE-2023-205xx/CVE-2023-20596.json index 34319ff5cb9..e3f308fb14e 100644 --- a/CVE-2023/CVE-2023-205xx/CVE-2023-20596.json +++ b/CVE-2023/CVE-2023-205xx/CVE-2023-20596.json @@ -2,19 +2,1855 @@ "id": "CVE-2023-20596", "sourceIdentifier": "psirt@amd.com", "published": "2023-11-14T19:15:16.083", - "lastModified": "2023-11-14T19:30:36.547", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:28:27.040", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Una validaci\u00f3n de entrada incorrecta en SMM Supervisor puede permitir que un atacante con un controlador SMI comprometido obtenga acceso a Ring0, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5700g_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "6EEF80D5-DFA2-4751-A1F7-E769D7D4B46D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5700g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6746407-9EC7-49B2-93B4-926174F2A457" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5700ge_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "AF726744-1ED4-41A1-A118-F770060B3EB3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5700ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B481C5C-90C3-4DC2-85DF-F1EA0F409DF3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5600g_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "0711A972-5E88-448E-9586-98F8017F08B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDE6B0E7-AE27-4DE8-8AF2-801E57F5FC30" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5600ge_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "33D2C3BA-7A30-49D8-8BAD-4C2010260B7D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F59A2AF2-5D13-480B-93CD-70AB6AEB60F5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_5300g_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "6D53AACA-360B-477C-A3A8-30575F8A4434" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5300g:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D34308FA-D6D1-4024-95F5-45C86EFBF00A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_5300ge_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam4v2_1.2.0.b", + "matchCriteriaId": "0A553B39-2550-4E53-847E-E2EF70F0EED5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5300ge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94E19774-C744-46AC-B8F8-2B3E2BB19050" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7950x3d_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "CAAE29CB-3B06-45DD-8ECA-D676720F91FE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7950x3d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F05C8669-6348-4A1B-B1D4-D22022E1F67E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7950x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "A0DE0AB2-74A7-4772-88B5-F6F0620A4C9A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7950x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD6C7D37-C94B-4301-8C0A-5A00B3569D6E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7900x3d_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "BF9492C5-67AD-4901-A2DD-90F712C737BE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7900x3d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "86CAA682-9666-4929-B1AC-D9DB3109DB1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7900_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "AD1DD731-223F-4877-97B1-27690BCCF095" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5602B902-9FDB-4946-BE4C-236262285F2F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7900x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "661C6F00-6162-4E19-BCDD-295FADEA3FA3" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7900x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AA666DF3-C5F3-4127-A8EE-B784DD41F642" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_pro_7945_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "CBD2B44F-C398-4AE1-85C6-03B3345F40AA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_pro_7945:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3DE32CA-168F-4812-AEAE-D771EB01E15D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7800x3d_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "46D11597-4467-4703-9B95-29620845B27A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7800x3d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA6CD984-A8C7-4B23-8FF9-896C503EBA37" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7700x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "F166E95C-FD8D-4D07-9B37-458154E34D11" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7700x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "225E8405-04FF-4885-92C8-8581ACC66E06" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7700_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "FE2203EE-5932-43C9-9F1B-797B76D945EF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7700:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76121981-8DC2-4779-833E-4B15CFCF7FC3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_pro_7745_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "FA159F6B-0076-4A4C-84CC-787BD38C9962" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_pro_7745:-:*:*:*:*:*:*:*", + "matchCriteriaId": "00DEBFA8-6007-4EAE-AD11-6D477ADE4E63" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7600x_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "960018F9-5EB4-41C6-83D5-0D66115DBDE9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7600x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C05D51F-469D-487D-9FC8-E1AD699A6F74" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7600_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "98E24444-6670-46B4-9ECC-106C84E169DE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6740A06F-4512-427D-9CB9-A4A6DB046BA3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_pro_7645_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "9B374914-767B-4838-B994-A2C37495F342" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7645:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2787C72-42D5-42B0-BE5B-E548B319BCF4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7500f_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "comboam5pi_1.0.8.0", + "matchCriteriaId": "5F269C44-A4FA-4D2B-82BD-C49EAF526C34" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7500f:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1232B034-1214-4F9A-823D-DC76D5C5956B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_5980hx_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "44A1DB8C-EEE4-40E6-A5F1-B0969DCEFC70" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_5980hx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8308D5A2-0985-487C-B16C-4EEF835BDD4F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_5980hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "35954F0F-8BCF-4070-B89F-CD96993909C2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_5980hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C00179A-620B-4DC7-893A-11AFAB9EE13C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_5900hx_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "AF79D918-2FFD-4ABA-AF94-57338B9C742C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_5900hx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AB9BDB04-877C-472D-A3BB-6C32FF269E00" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_5900hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "0A2C3D9A-4DD0-4538-B248-CD2A90FC0198" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_5900hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE64730D-B284-450E-9450-72AAEBAE2000" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5800h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "075717AC-01F7-4FF2-94CA-C49EEA15ACA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5800h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7A1449EC-F9D9-4846-A6E1-56F0B1EE8849" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5800hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "9E24CD07-3BD0-45EA-BEC7-1FD74914DB67" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5800hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8FEDF9F0-CE97-4A9F-B4C2-EB3CF6E9507D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5825u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "D2BD1F51-6D87-4D1E-A67A-09E42185B108" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5825u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BF398C51-EB53-4C3F-8D88-BD3931D9293F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_5800u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "5A75B064-737F-4750-817B-A46244C60EF0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_5800u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2A09152-93D2-493D-8CE0-8A4F30F0DD39" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5600h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "1638CF0C-047A-45D0-B522-E022055A5C1B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9A5FDA44-978A-4ACC-9A42-00929DFE485B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5600hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "35D5BE39-5678-4742-8545-4B77F638933A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FD963142-F19B-42C9-AB46-8F24CD773BE0" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5625u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "5FCD9CE1-26B7-4589-93C8-800543FCCA1D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5625u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C16BC515-84AE-432F-853B-822E737C242F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5600u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "3B2E0FA6-17D1-4F31-8BBA-D799B6193A72" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5600u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "85D64E8F-BB90-4425-9980-9D2E2B74E83B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5560u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "691CF38C-BE0A-41B6-B0D9-555C3889F375" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5560u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94BB2CE6-E989-43EE-B501-0DA6079BA420" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_5500h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "5F9C231E-98A6-49EE-A090-69D9C0DDA030" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_5500h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C443EB-CF9B-4B50-A0F2-CD652D5E1467" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_5425u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "2DBA2870-E8E3-40E8-9CE3-2D4E0AA7689D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5425u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "74236755-56DA-4245-A07F-DF9817D8F01D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_5400u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "E5E06C18-3F26-4FBB-929E-CC3FC5E430BC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5400u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B1390DB-9E89-4C57-93F7-06B36EFDE579" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_5125c_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "cezannepi-fp6_1.0.0.fa", + "matchCriteriaId": "367AB427-A2E0-4AAA-898D-051E37021A33" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_5125c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A5F962DD-90D5-47AB-8ABC-36E925821636" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_6980hx_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "8E9B5E3C-29F9-496D-8B75-78A2C8D6AF85" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_6980hx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3674D656-9623-4B39-AADE-158FE70FF29F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_6980hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "78B92D2C-ECF3-4E8F-8898-3F4975070CDA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_6980hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B21FB338-F944-40F9-8F0C-99B471AAD51E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_6900hx_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "F4310C94-5D56-4227-84BF-307A1AF6E649" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_6900hx:-:*:*:*:*:*:*:*", + "matchCriteriaId": "528D6AB3-01D9-41F1-90A7-FF5ADF66D4CC" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_6900hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "1D4A6487-DF0A-4BFA-A8EE-2B8429BBF4AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_6900hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DA29FE4D-C9A2-46FB-8EC5-3067F56ED080" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_6800h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "EE792803-6092-4F8F-9487-4C07446506E5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_6800h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "09B085FF-EAEA-42BC-BA60-3AA9B76141B9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_6800hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "7CBC4C6B-8A0D-4848-9B58-90680776034C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_6800hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "760F20CC-9034-462C-A25E-C009E2218C38" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_6800u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "F0355AAB-8D62-442D-81B4-DD24E6ADF92E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_6800u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1D2CBCEA-AB4F-444C-9CCD-A976003F796C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_6600h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "36C464AA-717F-43C2-ABC8-FDD72BCA1D0D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_6600h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D260012-5D8F-4B36-8B88-82DB0291EE9D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_6600hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "394C5DE7-A870-4706-8C95-11CCD9378396" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_6600hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B34AD7A-1C4A-4A4B-87EA-B7BE207F2E67" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_6600u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "10EF81DB-0588-43E1-BE64-DEB31B182286" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_6600u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "025E494E-953E-426E-BE89-6F2360A3AAC4" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7735hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "26E9089E-6558-4C34-B146-DDE5166B4B9D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7735hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E5A8E7A-3430-41B9-8B3C-D9D462A2CEC2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7736u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "3AB0DAF1-C669-40EE-B17F-504305F20CF9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7736u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5D50E8EA-ECB2-463D-BA51-D13CF5A02266" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7735u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "456AFA1F-4087-407A-819A-B83C68DF138A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7735u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD9171F4-F05E-4183-91BB-8DAD0A5EB0D2" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7535hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "4321936B-CE87-40BF-99DA-F351C20B44F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7535hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE36D471-57BF-4385-A825-029F7313E4DB" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7535u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "286CE144-C810-4943-898F-9A0A6598EF06" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7535u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "082BE536-F29C-4A73-B030-A19DD3A448B3" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_7335u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "rembrandtpi-fp7_1.0.0.9b", + "matchCriteriaId": "D4F7A62A-D1D9-484D-980E-F8CD0895AFA7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_7335u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "495E436C-B0EE-4B72-AB49-332F4752C140" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_pro_7940hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "43A6043A-EEB1-4900-8440-AE7FD9FDB45E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_pro_7940hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "018A02C9-2A5C-43E2-8CCD-4D03C119C22B" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_9_7940h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "68449651-E659-4C51-9F5C-151B61AAC7F4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_9_7940h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5A7E6806-A7AC-4C96-960B-B8934CEA2439" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_pro_7840hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "9588BAA0-727A-44DE-934E-8FDABF7FFA9F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_pro_7840hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8480A7E0-882C-4B03-ADBC-697304B0B7C5" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_7840h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "DCAB4C90-A50D-4B24-A297-17E9F3F0D9AC" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_7840h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2D0429F-F186-4F78-9AE0-574E3A39926D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_7_pro_7840u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "60A924EA-A0F8-47C6-8EDC-2DB14A06A617" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_7_pro_7840u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E0E7D4C-2E62-4EAE-8CC6-574A72746489" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_pro_7640hs_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "19A6258E-3927-4B9A-991F-1FEEFC5D0658" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7640hs:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0E3657C6-1047-4CA9-8D44-C7143F7D877D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_7640h_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "FDA1B722-9CDE-48A6-824F-1603ED79BE55" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_7640h:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BBC1EFF4-FED3-4583-84D3-E7BFC1FE53B8" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_pro_7640u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "995672A4-1597-42B0-96C2-8418FF01BE7C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7640u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F482819-EAEC-47E8-93AF-E38FE7F5B1F9" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_pro_7545u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "B9C4F313-5154-4DA4-BB82-D6C9762623E9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7545u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E9FED55-880B-47E1-B627-5A2645A47F5F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_5_pro_7540u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "51E48D1A-5097-489B-9865-308672E99B6B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_5_pro_7540u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D82E1AF6-F906-4008-8DF5-F5BD0DF200DE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:amd:ryzen_3_7440u_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "phoenixpi-fp8-fp7_1.0.0.2", + "matchCriteriaId": "B5D17316-14D3-4D2E-82A1-62DE22D05F36" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:amd:ryzen_3_7440u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1C4FDE72-050C-4A72-A4F4-9C1D5273CADD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7011", - "source": "psirt@amd.com" + "source": "psirt@amd.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22516.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22516.json index 88891eb7c0f..c0e29b0f7a2 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22516.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22516.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22516", "sourceIdentifier": "security@atlassian.com", "published": "2023-11-21T18:15:07.910", - "lastModified": "2023-11-21T18:15:07.910", - "vulnStatus": "Received", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-225xx/CVE-2023-22521.json b/CVE-2023/CVE-2023-225xx/CVE-2023-22521.json index f1d75bfd10d..57af7f6d497 100644 --- a/CVE-2023/CVE-2023-225xx/CVE-2023-22521.json +++ b/CVE-2023/CVE-2023-225xx/CVE-2023-22521.json @@ -2,8 +2,8 @@ "id": "CVE-2023-22521", "sourceIdentifier": "security@atlassian.com", "published": "2023-11-21T18:15:08.070", - "lastModified": "2023-11-21T18:15:08.070", - "vulnStatus": "Received", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26222.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26222.json index b2028f57acc..1475fe717b3 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26222.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26222.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26222", "sourceIdentifier": "security@tibco.com", "published": "2023-11-14T20:15:07.517", - "lastModified": "2023-11-14T21:38:09.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:59:20.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.\n\n" + }, + { + "lang": "es", + "value": "El componente Web Application de TIBCO Software Inc. TIBCO EBX y TIBCO Product and Service Catalog con tecnolog\u00eda TIBCO EBX contiene una vulnerabilidad f\u00e1cilmente explotable que permite a un atacante con pocos privilegios y acceso a la red ejecutar un XSS almacenado en el sistema afectado. Los productos afectados son TIBCO EBX de TIBCO Software Inc.: versiones 5.9.22 y anteriores, versiones 6.0.13 y siguientes y TIBCO Product and Service Catalog con tecnolog\u00eda TIBCO EBX: versiones 5.0.0 y siguientes." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@tibco.com", "type": "Secondary", @@ -34,10 +58,57 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", + "versionEndIncluding": "5.0.0", + "matchCriteriaId": "FBEE6A78-3EEB-46E0-9002-EFBC59852828" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.1.1", + "versionEndExcluding": "5.9.23", + "matchCriteriaId": "3B525D42-7A21-4A4C-AD00-D13256623927" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.14", + "matchCriteriaId": "E4217A0B-6B58-4C68-917D-58571CD8CB01" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.tibco.com/services/support/advisories", - "source": "security@tibco.com" + "source": "security@tibco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32641.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32641.json index 9e604764f55..002dc0c6764 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32641.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32641.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32641", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:26.043", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:29:33.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en el firmware para Intel(R) QAT anterior a la versi\u00f3n QAT20.L.1.0.40-00004 puede permitir la escalada de privilegios y la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:quickassist_technology:*:*:*:*:*:linux:*:*", + "versionEndExcluding": "1.0.40-00004", + "matchCriteriaId": "EAC4134A-7434-43C5-9694-5DD4639CE8FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00945.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-326xx/CVE-2023-32662.json b/CVE-2023/CVE-2023-326xx/CVE-2023-32662.json index e0b32348a17..778a149274a 100644 --- a/CVE-2023/CVE-2023-326xx/CVE-2023-32662.json +++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32662.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32662", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:26.987", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:41:02.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n inadecuada en alg\u00fan software de instalaci\u00f3n de la herramienta Intel Battery Life Diagnostic Tool anterior a la versi\u00f3n 2.2.1 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.1", + "matchCriteriaId": "FD5E894A-220F-46C6-BF57-F2C1A5DADF3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32701.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32701.json index 859707af163..d793ccca6f0 100644 --- a/CVE-2023/CVE-2023-327xx/CVE-2023-32701.json +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32701.json @@ -2,16 +2,40 @@ "id": "CVE-2023-32701", "sourceIdentifier": "secure@blackberry.com", "published": "2023-11-14T19:15:27.163", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:56:58.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": " Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. \n\n" + }, + { + "lang": "es", + "value": "Una validaci\u00f3n de entrada inadecuada en Networking Stack de QNX SDP versiones 6.6, 7.0 y 7.1 podr\u00eda permitir que un atacante cause potencialmente la divulgaci\u00f3n de informaci\u00f3n o una condici\u00f3n de denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "secure@blackberry.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "secure@blackberry.com", "type": "Secondary", @@ -46,10 +80,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FF1D7FB0-C40B-4DD6-B3C5-D90FBCCBAF23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "058D8A14-E99C-4AA9-BE27-794B8D8B9E49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E0E19A3D-96D9-4DF2-8E56-E2D917B1A9EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112401", - "source": "secure@blackberry.com" + "source": "secure@blackberry.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33872.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33872.json index 0b76b26a567..3797cd2de08 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33872.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33872.json @@ -2,16 +2,40 @@ "id": "CVE-2023-33872", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:27.343", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:57:06.720", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access." + }, + { + "lang": "es", + "value": "Un control de acceso inadecuado en la aplicaci\u00f3n Intel Support para Android en todas las versiones puede permitir que un usuario autenticado permita potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:support:*:*:*:*:*:android:*:*", + "matchCriteriaId": "5E92F6C3-54D5-47BE-8359-A3B79ADD5D91" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00976.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34060.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34060.json index 2390e6b53e6..9521e8838f5 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34060.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34060.json @@ -2,8 +2,8 @@ "id": "CVE-2023-34060", "sourceIdentifier": "security@vmware.com", "published": "2023-11-14T21:15:09.253", - "lastModified": "2023-11-16T16:15:30.597", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:59:44.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,100 @@ "value": "VMware Cloud Director Appliance contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en caso de que VMware Cloud Director Appliance se haya actualizado a 10.5 desde una versi\u00f3n anterior. En una versi\u00f3n actualizada de VMware Cloud Director Appliance 10.5, un actor malicioso con acceso de red al dispositivo puede eludir las restricciones de inicio de sesi\u00f3n al autenticarse en el puerto 22 (ssh) o el puerto 5480 (consola de administraci\u00f3n del dispositivo). Esta omisi\u00f3n no est\u00e1 presente en el puerto 443 (proveedor de VCD e inicio de sesi\u00f3n del inquilino). En una nueva instalaci\u00f3n de VMware Cloud Director Appliance 10.5, la omisi\u00f3n no est\u00e1 presente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vmware:cloud_director:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.5", + "matchCriteriaId": "9A59ACB8-0B73-4E23-A36E-552DEC6DDB01" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:vmware:photon_os:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89F14E0F-78B4-4EBE-89E5-AC9C10C586C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/vmware/photon/wiki/Security-Update-3.0-687", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/vmware/photon/wiki/Security-Update-4.0-512", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://github.com/vmware/photon/wiki/Security-Update-5.0-143", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.vmware.com/security/advisories/VMSA-2023-0026.html", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-340xx/CVE-2023-34062.json b/CVE-2023/CVE-2023-340xx/CVE-2023-34062.json index 3727df671c8..452787c72e9 100644 --- a/CVE-2023/CVE-2023-340xx/CVE-2023-34062.json +++ b/CVE-2023/CVE-2023-340xx/CVE-2023-34062.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34062", "sourceIdentifier": "security@vmware.com", "published": "2023-11-15T10:15:07.277", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:11:45.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack.\n\nSpecifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources.\n\n\n" + }, + { + "lang": "es", + "value": "En Reactor Netty HTTP Server, versiones 1.1.x anteriores a 1.1.13 y versiones 1.0.x anteriores a 1.0.39, un usuario malintencionado puede enviar una solicitud utilizando una URL especialmente manipulada que puede provocar un ataque Directory Traversal. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si el servidor HTTP Reactor Netty est\u00e1 configurado para servir recursos est\u00e1ticos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@vmware.com", "type": "Secondary", @@ -34,10 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.0.39", + "matchCriteriaId": "4510B84A-88E7-49FB-96C3-9EC35F850DE9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pivotal:reactor_netty:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.1.0", + "versionEndExcluding": "1.1.13", + "matchCriteriaId": "6C4793FB-0D8F-4B59-A9A7-22CFCA249735" + } + ] + } + ] + } + ], "references": [ { "url": "https://spring.io/security/cve-2023-34062", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34314.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34314.json index 2ca86f73edf..6afb61ac55f 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34314.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34314.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34314", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:27.887", - "lastModified": "2023-11-14T19:30:24.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:57:15.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Los permisos heredados inseguros en algunos software Intel(R) Simics Simulator anteriores a la versi\u00f3n 1.7.2 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:simics_simulator:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.2", + "matchCriteriaId": "5E9C9600-4553-4F50-BEB5-6FBB95D1686D" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00943.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34350.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34350.json index 1da99c1ed16..d8b021003b3 100644 --- a/CVE-2023/CVE-2023-343xx/CVE-2023-34350.json +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34350.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34350", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:28.063", - "lastModified": "2023-11-14T19:30:20.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:57:25.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "El elemento de ruta de b\u00fasqueda no controlado en algunos software Intel(R) XTU anteriores a la versi\u00f3n 7.12.0.15 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.12.0.15", + "matchCriteriaId": "70124C21-7455-4C06-BD72-75FD8C77B9EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00941.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-344xx/CVE-2023-34430.json b/CVE-2023/CVE-2023-344xx/CVE-2023-34430.json index 3994d0942fe..93bcce74cfe 100644 --- a/CVE-2023/CVE-2023-344xx/CVE-2023-34430.json +++ b/CVE-2023/CVE-2023-344xx/CVE-2023-34430.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34430", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:28.240", - "lastModified": "2023-11-14T19:30:20.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:57:33.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "La ruta de b\u00fasqueda no controlada en algunos software Intel Battery Life Diagnostic Tool anterior a la versi\u00f3n 2.2.1 puede permitir que un usuario autenticado potencialmente habilite la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:battery_life_diagnostic_tool:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.2.1", + "matchCriteriaId": "FD5E894A-220F-46C6-BF57-F2C1A5DADF3C" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00843.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-349xx/CVE-2023-34997.json b/CVE-2023/CVE-2023-349xx/CVE-2023-34997.json index 82c53fe10cd..e4982d5dc1d 100644 --- a/CVE-2023/CVE-2023-349xx/CVE-2023-34997.json +++ b/CVE-2023/CVE-2023-349xx/CVE-2023-34997.json @@ -2,16 +2,40 @@ "id": "CVE-2023-34997", "sourceIdentifier": "secure@intel.com", "published": "2023-11-14T19:15:28.590", - "lastModified": "2023-11-14T19:30:20.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:57:40.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access." + }, + { + "lang": "es", + "value": "Los permisos heredados inseguros en el instalador de algunos software de Intel Server Configuration Utility anteriores a la versi\u00f3n 16.0.9 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secure@intel.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + }, { "source": "secure@intel.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:intel:server_configuration_utility:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.0.9", + "matchCriteriaId": "BE9882BF-1158-4A70-9B10-C2F15FD95591" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00925.html", - "source": "secure@intel.com" + "source": "secure@intel.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36007.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36007.json index 35cb1c051be..7f1b208d8ee 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36007.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36007.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36007", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T21:15:09.633", - "lastModified": "2023-11-14T21:38:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:12:40.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability" + }, + { + "lang": "es", + "value": "Microsoft env\u00eda una encuesta de voz del cliente desde la vulnerabilidad de suplantaci\u00f3n de identidad de Dynamics 365" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:send_customer_voice_survey_from_dynamics_365:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0.0.8", + "matchCriteriaId": "92BF08E3-A27C-4A6B-A8E7-AEED3452A9AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36007", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36049.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36049.json index 76bf62bf0b2..5d258049861 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36049.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36049.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36049", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T21:15:10.083", - "lastModified": "2023-11-14T21:38:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:25:39.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en .NET, .NET Framework y Visual Studio" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,657 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", + "matchCriteriaId": "D400E856-2B2E-4CEA-8CA5-309FDF371CEA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:-:*:*:*:*:*:*", + "matchCriteriaId": "23317443-1968-4791-9F20-AD3B308A83D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", + "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:arm64:*", + "matchCriteriaId": "B0301BA0-81DB-4FC1-9BC3-EB48A56BC608" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "8E3C1327-F331-4448-A253-00EAC7428317" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8EDC4407-7E92-4E60-82F0-0C87D1860D3A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", + "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", + "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x86:*", + "matchCriteriaId": "EDCDBC70-9AB7-47F3-BD61-28860EEE5065" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", + "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", + "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.25", + "matchCriteriaId": "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.14", + "matchCriteriaId": "73A23066-A84B-4E76-B0ED-63BA1A9C1263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.2", + "versionEndExcluding": "17.2.22", + "matchCriteriaId": "9EABB880-0CBA-45CD-A197-CB1EE1710061" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.4", + "versionEndExcluding": "17.4.14", + "matchCriteriaId": "BCC513DB-075E-4D09-B289-902F3C16BFB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.6", + "versionEndExcluding": "17.6.10", + "matchCriteriaId": "56738F2F-8802-4ADB-AC7C-9BAD67626C75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.7", + "versionEndExcluding": "17.7.7", + "matchCriteriaId": "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36049", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36437.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36437.json index b1071d005fe..7613f4b821b 100644 --- a/CVE-2023/CVE-2023-364xx/CVE-2023-36437.json +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36437.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36437", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T21:15:10.667", - "lastModified": "2023-11-14T21:38:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:00:37.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Azure DevOps Server Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del servidor Azure DevOps" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:azure_pipelines_agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.39.1", + "matchCriteriaId": "37D0BC79-E23A-4982-8A7A-F292F79A3621" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-365xx/CVE-2023-36558.json b/CVE-2023/CVE-2023-365xx/CVE-2023-36558.json index bde60c0e6a1..60e0ffb48e6 100644 --- a/CVE-2023/CVE-2023-365xx/CVE-2023-36558.json +++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36558.json @@ -2,16 +2,40 @@ "id": "CVE-2023-36558", "sourceIdentifier": "secure@microsoft.com", "published": "2023-11-14T22:15:29.323", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:01:19.307", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "ASP.NET Core - Security Feature Bypass Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de funciones de seguridad en ASP.NET Core" } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "secure@microsoft.com", "type": "Secondary", @@ -34,10 +58,109 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.25", + "matchCriteriaId": "BC1456FF-8BB7-4D7D-A03E-22A2CDE8A094" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.14", + "matchCriteriaId": "73A23066-A84B-4E76-B0ED-63BA1A9C1263" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc1:*:*:*:*:*:*", + "matchCriteriaId": "5F3CB225-CDF6-4730-A20C-891AB87CBB9A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:8.0.0:rc2:*:*:*:*:*:*", + "matchCriteriaId": "6F9C3F37-0A3B-45D4-86B1-B42FDA8D8EA7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "6.0.25", + "matchCriteriaId": "C29B573F-A45D-440B-913F-27AB0A46BCA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:asp.net_core:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.14", + "matchCriteriaId": "E923109F-46CA-4581-933D-D65C83D72390" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:asp.net_core:8.0.0:-:*:*:*:*:*:*", + "matchCriteriaId": "81F3914E-4A24-4434-8487-31F45948BE86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.2", + "versionEndExcluding": "17.2.22", + "matchCriteriaId": "9EABB880-0CBA-45CD-A197-CB1EE1710061" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.4", + "versionEndExcluding": "17.4.14", + "matchCriteriaId": "BCC513DB-075E-4D09-B289-902F3C16BFB7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.6", + "versionEndExcluding": "17.6.10", + "matchCriteriaId": "56738F2F-8802-4ADB-AC7C-9BAD67626C75" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.7", + "versionEndExcluding": "17.7.7", + "matchCriteriaId": "CD1B0CE9-6A87-47DC-A27B-9587A6B5B45D" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36558", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-415xx/CVE-2023-41570.json b/CVE-2023/CVE-2023-415xx/CVE-2023-41570.json index dc6238dc8e5..3978b278896 100644 --- a/CVE-2023/CVE-2023-415xx/CVE-2023-41570.json +++ b/CVE-2023/CVE-2023-415xx/CVE-2023-41570.json @@ -2,19 +2,81 @@ "id": "CVE-2023-41570", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T23:15:09.270", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:13:07.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que MikroTik RouterOS v7.1 a 7.11 conten\u00eda mecanismos de control de acceso incorrectos para la API Rest." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*", + "versionStartIncluding": "7.1", + "versionEndExcluding": "7.12", + "matchCriteriaId": "3E9E61C3-F25A-43A2-AA35-A495453C2670" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.enricobassetti.it/2023/11/cve-2023-41570-access-control-vulnerability-in-mikrotik-rest-api/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45614.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45614.json index bc819a07d6c..a2acfd0775a 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45614.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45614.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45614", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:09.313", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:41:44.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45615.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45615.json index 055c1c7c0f0..2bb5e6ec081 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45615.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45615.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45615", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:09.487", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:53:21.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.\n\n" + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de desbordamiento del b\u00fafer en CLI Service subyacente que podr\u00edan provocar la ejecuci\u00f3n remota de c\u00f3digo no autenticado mediante el env\u00edo de paquetes especialmente manipulados destinados al puerto UDP (8211) PAPI (protocolo de administraci\u00f3n de puntos de acceso de Aruba). La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar c\u00f3digo arbitrario como usuario privilegiado en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45625.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45625.json index 7f308f2ec36..eca5f66087c 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45625.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45625.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45625", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:11.243", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:51:31.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n" + }, + { + "lang": "es", + "value": "Existen m\u00faltiples vulnerabilidades de inyecci\u00f3n de comandos autenticados en la interfaz de l\u00ednea de comandos. La explotaci\u00f3n exitosa de estas vulnerabilidades da como resultado la capacidad de ejecutar comandos arbitrarios como usuario privilegiado en el sistema operativo subyacente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45626.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45626.json index b430eb3933a..61e44a1bc03 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45626.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45626.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45626", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:11.410", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:58:43.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles.\n\n" + }, + { + "lang": "es", + "value": "Se ha identificado una vulnerabilidad autenticada que permite a un atacante establecer de manera efectiva la ejecuci\u00f3n de c\u00f3digo arbitrario persistente y altamente privilegiado a lo largo de los ciclos de arranque." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-456xx/CVE-2023-45627.json b/CVE-2023/CVE-2023-456xx/CVE-2023-45627.json index 0f975a2c81b..6d954a3228b 100644 --- a/CVE-2023/CVE-2023-456xx/CVE-2023-45627.json +++ b/CVE-2023/CVE-2023-456xx/CVE-2023-45627.json @@ -2,16 +2,40 @@ "id": "CVE-2023-45627", "sourceIdentifier": "security-alert@hpe.com", "published": "2023-11-14T23:15:11.573", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:00:49.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal\n\noperation of the affected access point.\n\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Denegaci\u00f3n de Servicio (DoS) autenticada en CLI Service. La explotaci\u00f3n exitosa de esta vulnerabilidad da como resultado la capacidad de interrumpir el funcionamiento normal del punto de acceso afectado." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "security-alert@hpe.com", "type": "Secondary", @@ -34,10 +58,71 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.0.0", + "versionEndExcluding": "10.4.0.3", + "matchCriteriaId": "0C237FC8-2B47-4070-96DD-54D68F9BD5EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "23C407BC-FF30-4EBE-9084-67943E6D62E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0.0", + "versionEndExcluding": "8.6.0.23", + "matchCriteriaId": "DF39B093-B7A9-4657-A7F0-343E7CE7D59D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.10.0.0", + "versionEndExcluding": "8.10.0.9", + "matchCriteriaId": "B3B1AE0D-0B1E-4B75-8815-9C0D46A6B44F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hp:instantos:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.11.0.0", + "versionEndExcluding": "8.11.2.0", + "matchCriteriaId": "73FB686A-47E8-4900-AC7A-7A37152FD543" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt", - "source": "security-alert@hpe.com" + "source": "security-alert@hpe.com", + "tags": [ + "Mitigation", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47308.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47308.json index 00895fd91c5..2c4cf22bcb0 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47308.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47308.json @@ -2,19 +2,88 @@ "id": "CVE-2023-47308", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T01:15:07.810", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:14:36.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In the module \"Newsletter Popup PRO with Voucher/Coupon code\" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection." + }, + { + "lang": "es", + "value": "En el m\u00f3dulo \"Newsletter Popup PRO con c\u00f3digo de Bono/Cup\u00f3n\" (newsletterpop) anterior a la versi\u00f3n 2.6.1 de Active Design para PrestaShop, un invitado puede realizar inyecci\u00f3n SQL en las versiones afectadas. El m\u00e9todo `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` tiene llamadas SQL sensibles que pueden ejecutarse con una llamada http trivial y explotarse para falsificar una inyecci\u00f3n SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:activedesign:newsletterpop:*:*:*:*:*:prestashop:*:*", + "versionStartIncluding": "2.3.1", + "versionEndIncluding": "2.4.53", + "matchCriteriaId": "9BABF95F-992D-4F6C-9537-5CAA2475C80C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:activedesign:newsletterpop:*:*:*:*:*:prestashop:*:*", + "versionStartIncluding": "2.5.2", + "versionEndExcluding": "2.6.1", + "matchCriteriaId": "6A49ABA7-DD7E-4CEB-A72E-6357AA52A441" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2023-11-09-newsletterpop.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47309.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47309.json index 3d466166a60..de8c88d70d3 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47309.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47309.json @@ -2,19 +2,81 @@ "id": "CVE-2023-47309", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-15T01:15:07.860", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:47:36.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile." + }, + { + "lang": "es", + "value": "Nukium nkmgls anterior a la versi\u00f3n 3.0.2 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nukium:gls:*:*:*:*:*:prestashop:*:*", + "versionEndExcluding": "3.0.2", + "matchCriteriaId": "06E23F44-AC35-4740-9CE4-E7D50AE87AF3" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://security.friendsofpresta.org/modules/2023/11/14/nkmgls.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47384.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47384.json index 47c2c528290..e011612d4fe 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47384.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47384.json @@ -2,19 +2,79 @@ "id": "CVE-2023-47384", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-14T20:15:08.417", - "lastModified": "2023-11-14T21:38:09.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:58:59.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master conten\u00eda una p\u00e9rdida de memoria en la funci\u00f3n gf_isom_add_chapter en /isomedia/isom_write.c. Esta vulnerabilidad permite a los atacantes provocar una Denegaci\u00f3n de Servicio (DoS) a trav\u00e9s de un archivo MP4 manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:2.3-dev-rev617-g671976fcc-master:*:*:*:*:*:*:*", + "matchCriteriaId": "F540C691-D615-4A9B-8DD6-69B8488E3BA1" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/gpac/gpac/issues/2672", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47580.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47580.json index 4e780fd7cdc..327b7707b9b 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47580.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47580.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47580", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-15T06:15:28.030", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:36:59.427", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,87 @@ "value": "Existen m\u00faltiples problemas de restricci\u00f3n inadecuada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria en TELLUS V4.0.17.0 y anteriores y TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56" + } + ] + } + ] + } + ], "references": [ { "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jvn.jp/en/vu/JVNVU93840158/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47581.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47581.json index 913ebb15962..d7cfa246ea2 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47581.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47581.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47581", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-15T06:15:28.080", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:17:19.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,87 @@ "value": "Existe una vulnerabilidad de lectura fuera de los l\u00edmites en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56" + } + ] + } + ] + } + ], "references": [ { "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jvn.jp/en/vu/JVNVU93840158/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-475xx/CVE-2023-47582.json b/CVE-2023/CVE-2023-475xx/CVE-2023-47582.json index b2f579d4233..c340fd4b02b 100644 --- a/CVE-2023/CVE-2023-475xx/CVE-2023-47582.json +++ b/CVE-2023/CVE-2023-475xx/CVE-2023-47582.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47582", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-15T06:15:28.127", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:23:46.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,87 @@ "value": "El acceso a la vulnerabilidad de puntero no inicializado existe en TELLUS V4.0.17.0 y anteriores y en TELLUS Lite V4.0.17.0 y anteriores. Si un usuario abre un archivo especialmente manipulado (archivo X1, V8 o V9), se puede revelar informaci\u00f3n y/o se puede ejecutar c\u00f3digo arbitrario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "16ADEC6F-9ADC-423C-A463-413097BDBC3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fujielectric:tellus_lite:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.0.17.0", + "matchCriteriaId": "A35F3F07-97F2-47A2-877D-AFF28F7AAE56" + } + ] + } + ] + } + ], "references": [ { "url": "https://hakko-elec.co.jp/site/download/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jvn.jp/en/vu/JVNVU93840158/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json index fec19a11ded..6b4fd68cd27 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47628.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47628", "sourceIdentifier": "security-advisories@github.com", "published": "2023-11-14T01:15:08.137", - "lastModified": "2023-11-14T15:15:54.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:10:25.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,10 +70,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.12.1", + "matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47643.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47643.json new file mode 100644 index 00000000000..1ba200cb698 --- /dev/null +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47643.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-47643", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-21T20:15:07.270", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "SuiteCRM is a Customer Relationship Management (CRM) software application. Prior to version 8.4.2, Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. An attacker can obtain the GraphQL schema and understand the entire attack surface of the API, including sensitive fields such as UserHash. This issue is patched in version 8.4.2. There are no known workarounds." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/salesagility/SuiteCRM-Core/commit/117dd8172793a239f71c91222606bf00677eeb33", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/salesagility/SuiteCRM-Core/security/advisories/GHSA-fxww-jqfv-9rrr", + "source": "security-advisories@github.com" + }, + { + "url": "https://www.apollographql.com/blog/graphql/security/why-you-should-disable-graphql-introspection-in-production/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47678.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47678.json index 26c0c0ffaca..86a5bdc0e1d 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47678.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47678.json @@ -2,27 +2,104 @@ "id": "CVE-2023-47678", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-11-15T02:15:06.800", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:44:06.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de control de acceso inadecuado en todas las versiones del RT-AC87U. Un atacante puede leer o escribir archivos a los que no est\u00e1 previsto acceder conect\u00e1ndose a un dispositivo de destino a trav\u00e9s de tftp." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:asus:rt-ac87u_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "4CE7F61F-6CEB-4EFA-A534-3A42F75CEACF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:asus:rt-ac87u:-:*:*:*:*:*:*:*", + "matchCriteriaId": "317B2498-88CE-431F-97E1-EFE7F7E34E05" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://jvn.jp/en/vu/JVNVU96079387/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.asus.com/event/network/EOL-product/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.asus.com/support/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48226.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48226.json new file mode 100644 index 00000000000..5b80c69cbc0 --- /dev/null +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48226.json @@ -0,0 +1,75 @@ +{ + "id": "CVE-2023-48226", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-11-21T20:15:07.543", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://bugcrowd.com/vulnerability-rating-taxonomy", + "source": "security-advisories@github.com" + }, + { + "url": "https://capec.mitre.org/data/definitions/242.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://cwe.mitre.org/data/definitions/20.html", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/openreplay/openreplay/blob/main/api/chalicelib/utils/html/invitation.html#L421", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/openreplay/openreplay/security/advisories/GHSA-xpfv-454c-3fj4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4889.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4889.json index 5f74b01a4fd..d0bde1d733a 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4889.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4889", "sourceIdentifier": "security@wordfence.com", "published": "2023-11-15T07:15:14.580", - "lastModified": "2023-11-15T13:54:23.007", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:28:48.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -38,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:shareaholic:shareaholic:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "9.7.8", + "matchCriteriaId": "162978C6-2C74-4ADC-981E-8955A387654F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/2995413/shareaholic#file51", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5055.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5055.json index 6568653b57f..56f137fa198 100644 --- a/CVE-2023/CVE-2023-50xx/CVE-2023-5055.json +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5055.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5055", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2023-11-21T18:15:09.023", - "lastModified": "2023-11-21T18:15:09.023", - "vulnStatus": "Received", + "lastModified": "2023-11-21T20:31:33.013", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5189.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5189.json index 3d4c61d5f53..c1b4b9b84df 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5189.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5189.json @@ -2,16 +2,40 @@ "id": "CVE-2023-5189", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-14T23:15:12.290", - "lastModified": "2023-11-15T02:28:40.150", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:05:17.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en Ansible al extraer archivos comprimidos. Un atacante podr\u00eda crear un tarball malicioso para que, al utilizar el importador galaxy de Ansible Automation Hub, se pueda colocar un enlace simb\u00f3lico en el disco, lo que provocar\u00eda la sobrescritura de los archivos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -34,14 +58,56 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:ansible_automation_platform:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7B4BE2D6-43C3-4065-A213-5DB1325DC78F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-5189", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2234387", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json index 6ad7b79ac33..2d0a5b3a2ec 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5984.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5984", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.043", - "lastModified": "2023-11-15T13:54:26.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T19:31:38.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -50,10 +70,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "6F157E99-370C-46CD-BB4F-88BC5B55E8B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1936E11C-833A-4E02-A0F9-D53E12FB88D5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5985.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5985.json index 421f8851810..d23eff15a50 100644 --- a/CVE-2023/CVE-2023-59xx/CVE-2023-5985.json +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5985.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5985", "sourceIdentifier": "cybersecurity@se.com", "published": "2023-11-15T04:15:19.290", - "lastModified": "2023-11-15T13:54:26.693", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-21T20:08:25.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "cybersecurity@se.com", "type": "Secondary", @@ -50,10 +70,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:ion8650_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "6F157E99-370C-46CD-BB4F-88BC5B55E8B0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1DA97CA0-DDE0-4418-9D72-7D463C003693" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:schneider-electric:ion8800_firmware:*:*:*:*:*:*:*:*", + "matchCriteriaId": "1936E11C-833A-4E02-A0F9-D53E12FB88D5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B3449157-3715-4D89-A3BD-49EE47160B25" + } + ] + } + ] + } + ], "references": [ { "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-318-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-318-01.pdf", - "source": "cybersecurity@se.com" + "source": "cybersecurity@se.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 8bd29d1265b..aa6f7532ff4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-21T19:00:18.107652+00:00 +2023-11-21T21:00:17.887493+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-21T18:50:21.977000+00:00 +2023-11-21T20:53:21.610000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -231224 +231231 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `7` -* [CVE-2021-27502](CVE-2021/CVE-2021-275xx/CVE-2021-27502.json) (`2023-11-21T18:15:07.510`) -* [CVE-2021-27504](CVE-2021/CVE-2021-275xx/CVE-2021-27504.json) (`2023-11-21T18:15:07.713`) -* [CVE-2023-22516](CVE-2023/CVE-2023-225xx/CVE-2023-22516.json) (`2023-11-21T18:15:07.910`) -* [CVE-2023-22521](CVE-2023/CVE-2023-225xx/CVE-2023-22521.json) (`2023-11-21T18:15:08.070`) -* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-11-21T18:15:09.023`) +* [CVE-2021-38405](CVE-2021/CVE-2021-384xx/CVE-2021-38405.json) (`2023-11-21T19:15:07.647`) +* [CVE-2023-20208](CVE-2023/CVE-2023-202xx/CVE-2023-20208.json) (`2023-11-21T19:15:08.567`) +* [CVE-2023-20265](CVE-2023/CVE-2023-202xx/CVE-2023-20265.json) (`2023-11-21T19:15:08.747`) +* [CVE-2023-20272](CVE-2023/CVE-2023-202xx/CVE-2023-20272.json) (`2023-11-21T19:15:08.920`) +* [CVE-2023-20274](CVE-2023/CVE-2023-202xx/CVE-2023-20274.json) (`2023-11-21T19:15:09.087`) +* [CVE-2023-47643](CVE-2023/CVE-2023-476xx/CVE-2023-47643.json) (`2023-11-21T20:15:07.270`) +* [CVE-2023-48226](CVE-2023/CVE-2023-482xx/CVE-2023-48226.json) (`2023-11-21T20:15:07.543`) ### CVEs modified in the last Commit -Recently modified CVEs: `36` +Recently modified CVEs: `56` -* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2023-11-21T17:15:07.663`) -* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-11-21T17:15:07.763`) -* [CVE-2023-4004](CVE-2023/CVE-2023-40xx/CVE-2023-4004.json) (`2023-11-21T17:15:07.873`) -* [CVE-2023-4147](CVE-2023/CVE-2023-41xx/CVE-2023-4147.json) (`2023-11-21T17:15:08.033`) -* [CVE-2023-5367](CVE-2023/CVE-2023-53xx/CVE-2023-5367.json) (`2023-11-21T17:15:08.180`) -* [CVE-2023-28376](CVE-2023/CVE-2023-283xx/CVE-2023-28376.json) (`2023-11-21T17:41:53.923`) -* [CVE-2023-31203](CVE-2023/CVE-2023-312xx/CVE-2023-31203.json) (`2023-11-21T17:54:07.040`) -* [CVE-2023-32279](CVE-2023/CVE-2023-322xx/CVE-2023-32279.json) (`2023-11-21T17:54:26.863`) -* [CVE-2023-32283](CVE-2023/CVE-2023-322xx/CVE-2023-32283.json) (`2023-11-21T17:54:43.380`) -* [CVE-2023-32638](CVE-2023/CVE-2023-326xx/CVE-2023-32638.json) (`2023-11-21T17:54:57.823`) -* [CVE-2023-3961](CVE-2023/CVE-2023-39xx/CVE-2023-3961.json) (`2023-11-21T18:15:08.227`) -* [CVE-2023-42669](CVE-2023/CVE-2023-426xx/CVE-2023-42669.json) (`2023-11-21T18:15:08.343`) -* [CVE-2023-45161](CVE-2023/CVE-2023-451xx/CVE-2023-45161.json) (`2023-11-21T18:15:08.443`) -* [CVE-2023-45163](CVE-2023/CVE-2023-451xx/CVE-2023-45163.json) (`2023-11-21T18:15:08.543`) -* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-21T18:15:08.623`) -* [CVE-2023-4806](CVE-2023/CVE-2023-48xx/CVE-2023-4806.json) (`2023-11-21T18:15:08.727`) -* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-11-21T18:15:08.873`) -* [CVE-2023-5178](CVE-2023/CVE-2023-51xx/CVE-2023-5178.json) (`2023-11-21T18:15:09.220`) -* [CVE-2023-5380](CVE-2023/CVE-2023-53xx/CVE-2023-5380.json) (`2023-11-21T18:15:09.313`) -* [CVE-2023-5964](CVE-2023/CVE-2023-59xx/CVE-2023-5964.json) (`2023-11-21T18:15:09.550`) -* [CVE-2023-36018](CVE-2023/CVE-2023-360xx/CVE-2023-36018.json) (`2023-11-21T18:15:33.700`) -* [CVE-2023-29504](CVE-2023/CVE-2023-295xx/CVE-2023-29504.json) (`2023-11-21T18:34:22.367`) -* [CVE-2023-38411](CVE-2023/CVE-2023-384xx/CVE-2023-38411.json) (`2023-11-21T18:44:14.920`) -* [CVE-2023-29177](CVE-2023/CVE-2023-291xx/CVE-2023-29177.json) (`2023-11-21T18:47:17.137`) -* [CVE-2023-39230](CVE-2023/CVE-2023-392xx/CVE-2023-39230.json) (`2023-11-21T18:50:21.977`) +* [CVE-2023-34997](CVE-2023/CVE-2023-349xx/CVE-2023-34997.json) (`2023-11-21T19:57:40.767`) +* [CVE-2023-45626](CVE-2023/CVE-2023-456xx/CVE-2023-45626.json) (`2023-11-21T19:58:43.770`) +* [CVE-2023-47384](CVE-2023/CVE-2023-473xx/CVE-2023-47384.json) (`2023-11-21T19:58:59.553`) +* [CVE-2023-26222](CVE-2023/CVE-2023-262xx/CVE-2023-26222.json) (`2023-11-21T19:59:20.710`) +* [CVE-2023-34060](CVE-2023/CVE-2023-340xx/CVE-2023-34060.json) (`2023-11-21T19:59:44.507`) +* [CVE-2023-36437](CVE-2023/CVE-2023-364xx/CVE-2023-36437.json) (`2023-11-21T20:00:37.933`) +* [CVE-2023-45627](CVE-2023/CVE-2023-456xx/CVE-2023-45627.json) (`2023-11-21T20:00:49.907`) +* [CVE-2023-36558](CVE-2023/CVE-2023-365xx/CVE-2023-36558.json) (`2023-11-21T20:01:19.307`) +* [CVE-2023-5189](CVE-2023/CVE-2023-51xx/CVE-2023-5189.json) (`2023-11-21T20:05:17.837`) +* [CVE-2023-5985](CVE-2023/CVE-2023-59xx/CVE-2023-5985.json) (`2023-11-21T20:08:25.323`) +* [CVE-2023-34062](CVE-2023/CVE-2023-340xx/CVE-2023-34062.json) (`2023-11-21T20:11:45.330`) +* [CVE-2023-41570](CVE-2023/CVE-2023-415xx/CVE-2023-41570.json) (`2023-11-21T20:13:07.453`) +* [CVE-2023-47308](CVE-2023/CVE-2023-473xx/CVE-2023-47308.json) (`2023-11-21T20:14:36.287`) +* [CVE-2023-47581](CVE-2023/CVE-2023-475xx/CVE-2023-47581.json) (`2023-11-21T20:17:19.600`) +* [CVE-2023-47582](CVE-2023/CVE-2023-475xx/CVE-2023-47582.json) (`2023-11-21T20:23:46.320`) +* [CVE-2023-20519](CVE-2023/CVE-2023-205xx/CVE-2023-20519.json) (`2023-11-21T20:27:42.837`) +* [CVE-2023-20596](CVE-2023/CVE-2023-205xx/CVE-2023-20596.json) (`2023-11-21T20:28:27.040`) +* [CVE-2023-4889](CVE-2023/CVE-2023-48xx/CVE-2023-4889.json) (`2023-11-21T20:28:48.533`) +* [CVE-2023-32641](CVE-2023/CVE-2023-326xx/CVE-2023-32641.json) (`2023-11-21T20:29:33.007`) +* [CVE-2023-22516](CVE-2023/CVE-2023-225xx/CVE-2023-22516.json) (`2023-11-21T20:31:33.013`) +* [CVE-2023-22521](CVE-2023/CVE-2023-225xx/CVE-2023-22521.json) (`2023-11-21T20:31:33.013`) +* [CVE-2023-5055](CVE-2023/CVE-2023-50xx/CVE-2023-5055.json) (`2023-11-21T20:31:33.013`) +* [CVE-2023-47580](CVE-2023/CVE-2023-475xx/CVE-2023-47580.json) (`2023-11-21T20:36:59.427`) +* [CVE-2023-45614](CVE-2023/CVE-2023-456xx/CVE-2023-45614.json) (`2023-11-21T20:41:44.020`) +* [CVE-2023-45615](CVE-2023/CVE-2023-456xx/CVE-2023-45615.json) (`2023-11-21T20:53:21.610`) ## Download and Usage