diff --git a/CVE-2014/CVE-2014-08xx/CVE-2014-0883.json b/CVE-2014/CVE-2014-08xx/CVE-2014-0883.json index 8e6ee7e4b24..c63177ed3d6 100644 --- a/CVE-2014/CVE-2014-08xx/CVE-2014-0883.json +++ b/CVE-2014/CVE-2014-08xx/CVE-2014-0883.json @@ -2,12 +2,12 @@ "id": "CVE-2014-0883", "sourceIdentifier": "psirt@us.ibm.com", "published": "2018-04-20T21:29:00.220", - "lastModified": "2018-05-18T17:06:41.183", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-09T02:15:07.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site scripting (XSS) vulnerability in IBM Power Hardware Management Console (HMC) 7R7.1.0, 7R7.2.0, 7R7.3.0 through 7R7.3.5, 7R7.7.0 through SP3, and 7R7.8.0 before SP1 allows remote attackers to inject arbitrary web script or HTML via the user name on the logon screen. IBM X-Force ID: 91163." + "value": "IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.\u00a0 IBM X-Force ID:\u00a0 91163." }, { "lang": "es", @@ -60,6 +60,29 @@ "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.3 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true } ] }, @@ -73,6 +96,16 @@ "value": "CWE-79" } ] + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ @@ -144,12 +177,12 @@ ], "references": [ { - "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1019972", - "source": "psirt@us.ibm.com", - "tags": [ - "Patch", - "Vendor Advisory" - ] + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91163", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/security-bulletin-power-hardware-management-console-hmc-cve-2014-0883", + "source": "psirt@us.ibm.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json index 9f28cec9b6e..51b2e59b814 100644 --- a/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json +++ b/CVE-2023/CVE-2023-00xx/CVE-2023-0001.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0001", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2023-02-08T18:15:11.523", - "lastModified": "2023-11-08T21:15:08.247", + "lastModified": "2023-11-09T01:15:07.547", "vulnStatus": "Modified", "descriptions": [ { @@ -108,6 +108,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/11/08/10", + "source": "psirt@paloaltonetworks.com" + }, { "url": "http://www.openwall.com/lists/oss-security/2023/11/08/2", "source": "psirt@paloaltonetworks.com" diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20902.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20902.json new file mode 100644 index 00000000000..dbc76abd6f7 --- /dev/null +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20902.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-20902", + "sourceIdentifier": "security@vmware.com", + "published": "2023-11-09T01:15:07.660", + "lastModified": "2023-11-09T01:15:07.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below,\u00a0 Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to \ncreate jobs/stop job tasks and retrieve job task information.\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-449xx/CVE-2023-44954.json b/CVE-2023/CVE-2023-449xx/CVE-2023-44954.json index ebbb7defd75..98313ecf331 100644 --- a/CVE-2023/CVE-2023-449xx/CVE-2023-44954.json +++ b/CVE-2023/CVE-2023-449xx/CVE-2023-44954.json @@ -2,23 +2,86 @@ "id": "CVE-2023-44954", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T23:15:07.900", - "lastModified": "2023-11-02T12:54:36.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-09T01:10:13.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross Site Scripting en BigTree CMS v.4.5.7 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro ID en las funciones de configuraci\u00f3n del desarrollador." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bigtreecms:bigtree_cms:4.5.7:*:*:*:*:*:*:*", + "matchCriteriaId": "AF526441-5124-43D0-B334-57B1B8BFCAD7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Ciber-Mike/BigTree_CMS-Stored_XSS-Developer_Settings/blob/main/README.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://www.bigtreecms.org/download/core/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45201.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45201.json index 15aac9b8d53..28ab218e0cf 100644 --- a/CVE-2023/CVE-2023-452xx/CVE-2023-45201.json +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45201.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45201", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-01T22:15:08.643", - "lastModified": "2023-11-02T12:54:36.497", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-09T01:07:57.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities.\u00a0The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.\n\n" + }, + { + "lang": "es", + "value": "Online Examination System v1.0 es afectado por m\u00faltiples vulnerabilidades de Open Redirect. El par\u00e1metro 'q' del recurso admin.php permite a un atacante redirigir a un usuario v\u00edctima a un sitio web arbitrario utilizando una URL manipulada." } ], "metrics": { @@ -36,7 +40,7 @@ }, "weaknesses": [ { - "source": "help@fluidattacks.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +48,50 @@ "value": "CWE-601" } ] + }, + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748" + } + ] + } + ] } ], "references": [ { "url": "https://fluidattacks.com/advisories/uchida", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com" + "source": "help@fluidattacks.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-464xx/CVE-2023-46482.json b/CVE-2023/CVE-2023-464xx/CVE-2023-46482.json index 3b80d23f500..c87d4de52eb 100644 --- a/CVE-2023/CVE-2023-464xx/CVE-2023-46482.json +++ b/CVE-2023/CVE-2023-464xx/CVE-2023-46482.json @@ -2,19 +2,78 @@ "id": "CVE-2023-46482", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-01T19:15:45.393", - "lastModified": "2023-11-02T12:54:39.827", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-09T00:56:40.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en wuzhicms v.4.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funcionalidad de copia de seguridad de la base de datos en el componente coreframe/app/database/admin/index.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wuzhicms:wuzhicms:4.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2B76E69A-B2F3-4359-A7C0-046CEE2FAEEB" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/XTo-o1/PHP/blob/main/wuzhicms/WUZHI%20CMS%20v4.1.0%20SQL%20Injection%20Vulnerability%20in%20Database%20Backup%20Functionality.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47005.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47005.json new file mode 100644 index 00000000000..56426e70436 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47005.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47005", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-09T01:15:07.830", + "lastModified": "2023-11-09T01:15:07.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/3/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47006.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47006.json new file mode 100644 index 00000000000..2a5794985a2 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47006.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47006", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-09T01:15:07.883", + "lastModified": "2023-11-09T01:15:07.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/1/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47007.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47007.json new file mode 100644 index 00000000000..42cbc243a46 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47007.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47007", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-09T01:15:07.930", + "lastModified": "2023-11-09T01:15:07.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/2/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47008.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47008.json new file mode 100644 index 00000000000..d5efe618fd7 --- /dev/null +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47008.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47008", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-09T01:15:07.977", + "lastModified": "2023-11-09T01:15:07.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/XYIYM/Digging/blob/main/ASUS/RT-AX57/4/1.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json index 7a29d572298..6732d3e81e7 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5157.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5157", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-27T15:19:41.807", - "lastModified": "2023-11-07T04:23:33.877", + "lastModified": "2023-11-09T02:15:07.873", "vulnStatus": "Modified", "descriptions": [ { @@ -37,7 +37,7 @@ "impactScore": 3.6 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -70,7 +70,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -286,6 +286,14 @@ "Third Party Advisory" ] }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6821", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6822", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-5157", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5349.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5349.json index c9c3d2ed420..1825b3421c4 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5349.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5349.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5349", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-30T21:15:07.643", - "lastModified": "2023-11-07T23:10:48.580", - "vulnStatus": "Analyzed", + "lastModified": "2023-11-09T02:15:08.000", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -144,6 +144,10 @@ "tags": [ "Patch" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3XMQ2KWPYGT447EKPENGXXHKAQ5NUWF/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5765.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5765.json index 92229128f25..c8802dcc8e8 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5765.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5765.json @@ -2,19 +2,91 @@ "id": "CVE-2023-5765", "sourceIdentifier": "security@devolutions.net", "published": "2023-11-01T18:15:10.020", - "lastModified": "2023-11-01T18:17:40.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-09T01:26:48.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.\n" + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en la funci\u00f3n de analizador de contrase\u00f1as en Devolutions Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante omitir los permisos mediante el cambio de fuente de datos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.2.33", + "matchCriteriaId": "8880342C-889A-4F06-8E7B-01E8410B7BA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5766.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5766.json index 4eed37d49f6..fea66d8ae98 100644 --- a/CVE-2023/CVE-2023-57xx/CVE-2023-5766.json +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5766.json @@ -2,19 +2,91 @@ "id": "CVE-2023-5766", "sourceIdentifier": "security@devolutions.net", "published": "2023-11-01T18:15:10.063", - "lastModified": "2023-11-01T18:17:40.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-11-09T01:24:32.057", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\n\nA remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.\n\n\n" + }, + { + "lang": "es", + "value": "Una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Remote Desktop Manager 2023.2.33 y versiones anteriores en Windows permite a un atacante ejecutar c\u00f3digo de forma remota desde otra sesi\u00f3n de usuario de Windows en el mismo host a trav\u00e9s de un paquete TCP especialmente manipulado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.2.33", + "matchCriteriaId": "8880342C-889A-4F06-8E7B-01E8410B7BA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0019/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 33d1e40fdd8..fa3ae508464 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-09T00:55:19.712637+00:00 +2023-11-09T03:00:21.586232+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-09T00:52:05.187000+00:00 +2023-11-09T02:15:08+00:00 ``` ### Last Data Feed Release @@ -23,74 +23,39 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-11-08T01:00:13.554656+00:00 +2023-11-09T01:00:13.564668+00:00 ``` ### Total Number of included CVEs ```plain -230203 +230208 ``` ### CVEs added in the last Commit -Recently added CVEs: `24` +Recently added CVEs: `5` -* [CVE-2021-43609](CVE-2021/CVE-2021-436xx/CVE-2021-43609.json) (`2023-11-09T00:15:07.663`) -* [CVE-2023-39435](CVE-2023/CVE-2023-394xx/CVE-2023-39435.json) (`2023-11-08T23:15:08.310`) -* [CVE-2023-3959](CVE-2023/CVE-2023-39xx/CVE-2023-3959.json) (`2023-11-08T23:15:08.523`) -* [CVE-2023-43571](CVE-2023/CVE-2023-435xx/CVE-2023-43571.json) (`2023-11-08T23:15:08.703`) -* [CVE-2023-43572](CVE-2023/CVE-2023-435xx/CVE-2023-43572.json) (`2023-11-08T23:15:08.883`) -* [CVE-2023-43573](CVE-2023/CVE-2023-435xx/CVE-2023-43573.json) (`2023-11-08T23:15:09.063`) -* [CVE-2023-43574](CVE-2023/CVE-2023-435xx/CVE-2023-43574.json) (`2023-11-08T23:15:09.250`) -* [CVE-2023-43575](CVE-2023/CVE-2023-435xx/CVE-2023-43575.json) (`2023-11-08T23:15:09.450`) -* [CVE-2023-43576](CVE-2023/CVE-2023-435xx/CVE-2023-43576.json) (`2023-11-08T23:15:09.670`) -* [CVE-2023-43577](CVE-2023/CVE-2023-435xx/CVE-2023-43577.json) (`2023-11-08T23:15:09.847`) -* [CVE-2023-43578](CVE-2023/CVE-2023-435xx/CVE-2023-43578.json) (`2023-11-08T23:15:10.020`) -* [CVE-2023-43579](CVE-2023/CVE-2023-435xx/CVE-2023-43579.json) (`2023-11-08T23:15:10.200`) -* [CVE-2023-43580](CVE-2023/CVE-2023-435xx/CVE-2023-43580.json) (`2023-11-08T23:15:10.383`) -* [CVE-2023-43581](CVE-2023/CVE-2023-435xx/CVE-2023-43581.json) (`2023-11-08T23:15:10.550`) -* [CVE-2023-43755](CVE-2023/CVE-2023-437xx/CVE-2023-43755.json) (`2023-11-08T23:15:10.727`) -* [CVE-2023-45075](CVE-2023/CVE-2023-450xx/CVE-2023-45075.json) (`2023-11-08T23:15:10.900`) -* [CVE-2023-45076](CVE-2023/CVE-2023-450xx/CVE-2023-45076.json) (`2023-11-08T23:15:11.077`) -* [CVE-2023-45077](CVE-2023/CVE-2023-450xx/CVE-2023-45077.json) (`2023-11-08T23:15:11.250`) -* [CVE-2023-45078](CVE-2023/CVE-2023-450xx/CVE-2023-45078.json) (`2023-11-08T23:15:11.443`) -* [CVE-2023-45079](CVE-2023/CVE-2023-450xx/CVE-2023-45079.json) (`2023-11-08T23:15:11.617`) -* [CVE-2023-45225](CVE-2023/CVE-2023-452xx/CVE-2023-45225.json) (`2023-11-08T23:15:11.790`) -* [CVE-2023-4249](CVE-2023/CVE-2023-42xx/CVE-2023-4249.json) (`2023-11-08T23:15:11.967`) -* [CVE-2023-37533](CVE-2023/CVE-2023-375xx/CVE-2023-37533.json) (`2023-11-09T00:15:07.870`) -* [CVE-2023-37790](CVE-2023/CVE-2023-377xx/CVE-2023-37790.json) (`2023-11-09T00:15:08.037`) +* [CVE-2023-20902](CVE-2023/CVE-2023-209xx/CVE-2023-20902.json) (`2023-11-09T01:15:07.660`) +* [CVE-2023-47005](CVE-2023/CVE-2023-470xx/CVE-2023-47005.json) (`2023-11-09T01:15:07.830`) +* [CVE-2023-47006](CVE-2023/CVE-2023-470xx/CVE-2023-47006.json) (`2023-11-09T01:15:07.883`) +* [CVE-2023-47007](CVE-2023/CVE-2023-470xx/CVE-2023-47007.json) (`2023-11-09T01:15:07.930`) +* [CVE-2023-47008](CVE-2023/CVE-2023-470xx/CVE-2023-47008.json) (`2023-11-09T01:15:07.977`) ### CVEs modified in the last Commit -Recently modified CVEs: `59` +Recently modified CVEs: `9` -* [CVE-2023-45112](CVE-2023/CVE-2023-451xx/CVE-2023-45112.json) (`2023-11-08T23:14:28.533`) -* [CVE-2023-45111](CVE-2023/CVE-2023-451xx/CVE-2023-45111.json) (`2023-11-08T23:14:35.887`) -* [CVE-2023-42645](CVE-2023/CVE-2023-426xx/CVE-2023-42645.json) (`2023-11-08T23:15:52.477`) -* [CVE-2023-42647](CVE-2023/CVE-2023-426xx/CVE-2023-42647.json) (`2023-11-08T23:16:02.367`) -* [CVE-2023-42653](CVE-2023/CVE-2023-426xx/CVE-2023-42653.json) (`2023-11-08T23:16:13.907`) -* [CVE-2023-42655](CVE-2023/CVE-2023-426xx/CVE-2023-42655.json) (`2023-11-08T23:16:27.247`) -* [CVE-2023-42750](CVE-2023/CVE-2023-427xx/CVE-2023-42750.json) (`2023-11-08T23:16:38.097`) -* [CVE-2023-45328](CVE-2023/CVE-2023-453xx/CVE-2023-45328.json) (`2023-11-08T23:17:15.513`) -* [CVE-2023-46378](CVE-2023/CVE-2023-463xx/CVE-2023-46378.json) (`2023-11-08T23:17:43.707`) -* [CVE-2023-46278](CVE-2023/CVE-2023-462xx/CVE-2023-46278.json) (`2023-11-08T23:22:08.177`) -* [CVE-2023-5895](CVE-2023/CVE-2023-58xx/CVE-2023-5895.json) (`2023-11-08T23:25:26.707`) -* [CVE-2023-5894](CVE-2023/CVE-2023-58xx/CVE-2023-5894.json) (`2023-11-08T23:34:02.963`) -* [CVE-2023-46245](CVE-2023/CVE-2023-462xx/CVE-2023-46245.json) (`2023-11-08T23:39:37.247`) -* [CVE-2023-46240](CVE-2023/CVE-2023-462xx/CVE-2023-46240.json) (`2023-11-08T23:43:22.447`) -* [CVE-2023-5893](CVE-2023/CVE-2023-58xx/CVE-2023-5893.json) (`2023-11-08T23:48:59.917`) -* [CVE-2023-32839](CVE-2023/CVE-2023-328xx/CVE-2023-32839.json) (`2023-11-08T23:50:02.083`) -* [CVE-2023-32838](CVE-2023/CVE-2023-328xx/CVE-2023-32838.json) (`2023-11-08T23:50:22.660`) -* [CVE-2023-32836](CVE-2023/CVE-2023-328xx/CVE-2023-32836.json) (`2023-11-08T23:50:44.607`) -* [CVE-2023-5892](CVE-2023/CVE-2023-58xx/CVE-2023-5892.json) (`2023-11-08T23:54:30.143`) -* [CVE-2023-5891](CVE-2023/CVE-2023-58xx/CVE-2023-5891.json) (`2023-11-09T00:00:28.930`) -* [CVE-2023-5890](CVE-2023/CVE-2023-58xx/CVE-2023-5890.json) (`2023-11-09T00:02:57.837`) -* [CVE-2023-42425](CVE-2023/CVE-2023-424xx/CVE-2023-42425.json) (`2023-11-09T00:06:40.200`) -* [CVE-2023-46239](CVE-2023/CVE-2023-462xx/CVE-2023-46239.json) (`2023-11-09T00:14:04.070`) -* [CVE-2023-20086](CVE-2023/CVE-2023-200xx/CVE-2023-20086.json) (`2023-11-09T00:44:44.573`) -* [CVE-2023-44025](CVE-2023/CVE-2023-440xx/CVE-2023-44025.json) (`2023-11-09T00:52:05.187`) +* [CVE-2014-0883](CVE-2014/CVE-2014-08xx/CVE-2014-0883.json) (`2023-11-09T02:15:07.550`) +* [CVE-2023-46482](CVE-2023/CVE-2023-464xx/CVE-2023-46482.json) (`2023-11-09T00:56:40.200`) +* [CVE-2023-45201](CVE-2023/CVE-2023-452xx/CVE-2023-45201.json) (`2023-11-09T01:07:57.550`) +* [CVE-2023-44954](CVE-2023/CVE-2023-449xx/CVE-2023-44954.json) (`2023-11-09T01:10:13.367`) +* [CVE-2023-0001](CVE-2023/CVE-2023-00xx/CVE-2023-0001.json) (`2023-11-09T01:15:07.547`) +* [CVE-2023-5766](CVE-2023/CVE-2023-57xx/CVE-2023-5766.json) (`2023-11-09T01:24:32.057`) +* [CVE-2023-5765](CVE-2023/CVE-2023-57xx/CVE-2023-5765.json) (`2023-11-09T01:26:48.773`) +* [CVE-2023-5157](CVE-2023/CVE-2023-51xx/CVE-2023-5157.json) (`2023-11-09T02:15:07.873`) +* [CVE-2023-5349](CVE-2023/CVE-2023-53xx/CVE-2023-5349.json) (`2023-11-09T02:15:08.000`) ## Download and Usage