From 6c05af780a78acf2578047e8370f599e93ffdcbb Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 25 Aug 2023 18:00:37 +0000 Subject: [PATCH] Auto-Update: 2023-08-25T18:00:33.975572+00:00 --- CVE-2020/CVE-2020-117xx/CVE-2020-11711.json | 28 +++++++ CVE-2020/CVE-2020-182xx/CVE-2020-18232.json | 64 +++++++++++++- CVE-2020/CVE-2020-188xx/CVE-2020-18831.json | 71 ++++++++++++++-- CVE-2020/CVE-2020-217xx/CVE-2020-21710.json | 72 ++++++++++++++-- CVE-2020/CVE-2020-218xx/CVE-2020-21890.json | 66 ++++++++++++++- CVE-2020/CVE-2020-222xx/CVE-2020-22217.json | 68 ++++++++++++++- CVE-2020/CVE-2020-222xx/CVE-2020-22218.json | 64 +++++++++++++- CVE-2020/CVE-2020-229xx/CVE-2020-22916.json | 68 +++++++++++++-- CVE-2020/CVE-2020-266xx/CVE-2020-26652.json | 76 ++++++++++++++++- CVE-2021/CVE-2021-293xx/CVE-2021-29390.json | 63 +++++++++++++- CVE-2022/CVE-2022-44xx/CVE-2022-4452.json | 4 +- CVE-2023/CVE-2023-202xx/CVE-2023-20224.json | 73 ++++++++++++++-- CVE-2023/CVE-2023-202xx/CVE-2023-20229.json | 61 +++++++++++++- CVE-2023/CVE-2023-202xx/CVE-2023-20237.json | 82 +++++++++++++++++- CVE-2023/CVE-2023-332xx/CVE-2023-33241.json | 85 +++++++++++++++++-- CVE-2023/CVE-2023-34xx/CVE-2023-3481.json | 58 ++++++++++++- CVE-2023/CVE-2023-36xx/CVE-2023-3604.json | 53 +++++++++++- CVE-2023/CVE-2023-36xx/CVE-2023-3667.json | 53 +++++++++++- CVE-2023/CVE-2023-372xx/CVE-2023-37250.json | 75 +++++++++++++++-- CVE-2023/CVE-2023-382xx/CVE-2023-38201.json | 55 ++++++++++++ CVE-2023/CVE-2023-389xx/CVE-2023-38906.json | 85 +++++++++++++++++-- CVE-2023/CVE-2023-389xx/CVE-2023-38908.json | 91 ++++++++++++++++++-- CVE-2023/CVE-2023-389xx/CVE-2023-38909.json | 92 +++++++++++++++++++-- CVE-2023/CVE-2023-396xx/CVE-2023-39666.json | 85 +++++++++++++++++-- CVE-2023/CVE-2023-399xx/CVE-2023-39939.json | 90 ++++++++++++++++++-- CVE-2023/CVE-2023-39xx/CVE-2023-3936.json | 53 +++++++++++- CVE-2023/CVE-2023-39xx/CVE-2023-3954.json | 65 +++++++++++++-- CVE-2023/CVE-2023-400xx/CVE-2023-40034.json | 75 +++++++++++++++-- CVE-2023/CVE-2023-400xx/CVE-2023-40068.json | 88 ++++++++++++++++++-- CVE-2023/CVE-2023-402xx/CVE-2023-40273.json | 10 +-- CVE-2023/CVE-2023-407xx/CVE-2023-40796.json | 20 +++++ CVE-2023/CVE-2023-407xx/CVE-2023-40797.json | 20 +++++ CVE-2023/CVE-2023-407xx/CVE-2023-40798.json | 20 +++++ CVE-2023/CVE-2023-407xx/CVE-2023-40799.json | 6 +- CVE-2023/CVE-2023-408xx/CVE-2023-40800.json | 4 +- CVE-2023/CVE-2023-408xx/CVE-2023-40801.json | 4 +- CVE-2023/CVE-2023-408xx/CVE-2023-40802.json | 4 +- CVE-2023/CVE-2023-409xx/CVE-2023-40915.json | 4 +- CVE-2023/CVE-2023-43xx/CVE-2023-4373.json | 64 +++++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4417.json | 76 ++++++++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4434.json | 56 ++++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4435.json | 56 ++++++++++++- CVE-2023/CVE-2023-44xx/CVE-2023-4446.json | 61 ++++++++++++-- CVE-2023/CVE-2023-45xx/CVE-2023-4534.json | 4 +- README.md | 74 ++++++++--------- 45 files changed, 2240 insertions(+), 206 deletions(-) create mode 100644 CVE-2020/CVE-2020-117xx/CVE-2020-11711.json create mode 100644 CVE-2023/CVE-2023-382xx/CVE-2023-38201.json create mode 100644 CVE-2023/CVE-2023-407xx/CVE-2023-40796.json create mode 100644 CVE-2023/CVE-2023-407xx/CVE-2023-40797.json create mode 100644 CVE-2023/CVE-2023-407xx/CVE-2023-40798.json diff --git a/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json b/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json new file mode 100644 index 00000000000..6dc9c2a1606 --- /dev/null +++ b/CVE-2020/CVE-2020-117xx/CVE-2020-11711.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2020-11711", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-25T16:15:07.857", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://advisories.stormshield.eu/2020-011/", + "source": "cve@mitre.org" + }, + { + "url": "https://twitter.com/_ACKNAK_", + "source": "cve@mitre.org" + }, + { + "url": "https://www.digitemis.com/category/blog/actualite/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-182xx/CVE-2020-18232.json b/CVE-2020/CVE-2020-182xx/CVE-2020-18232.json index d534dbbce36..dfba8349f37 100644 --- a/CVE-2020/CVE-2020-182xx/CVE-2020-18232.json +++ b/CVE-2020/CVE-2020-182xx/CVE-2020-18232.json @@ -2,19 +2,75 @@ "id": "CVE-2020-18232", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:15:54.903", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:41:20.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hdfgroup:hdf5:1.10.4:*:*:*:*:*:*:*", + "matchCriteriaId": "1C82BB0E-2A5E-4273-8CF6-A3ED216F95F2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/winson2004aa/PAAFS/tree/master/vul2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-188xx/CVE-2020-18831.json b/CVE-2020/CVE-2020-188xx/CVE-2020-18831.json index e5127a64b4d..7ee9ebf8539 100644 --- a/CVE-2020/CVE-2020-188xx/CVE-2020-18831.json +++ b/CVE-2020/CVE-2020-188xx/CVE-2020-18831.json @@ -2,23 +2,84 @@ "id": "CVE-2020-18831", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:15:56.220", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:10:04.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:exiv2:exiv2:0.27.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9E196C7D-A075-43E0-A620-C2D7C0EB559F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Exiv2/exiv2/issues/828", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.exiv2.org/download.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-217xx/CVE-2020-21710.json b/CVE-2020/CVE-2020-217xx/CVE-2020-21710.json index be5021aec94..4d94d3d3633 100644 --- a/CVE-2020/CVE-2020-217xx/CVE-2020-21710.json +++ b/CVE-2020/CVE-2020-217xx/CVE-2020-21710.json @@ -2,23 +2,85 @@ "id": "CVE-2020-21710", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:16.127", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:12:07.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*", + "matchCriteriaId": "089333A5-72AA-4E68-8A8E-81876AAC9DD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=701843", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-218xx/CVE-2020-21890.json b/CVE-2020/CVE-2020-218xx/CVE-2020-21890.json index a894a1855cf..b4b30ec3eef 100644 --- a/CVE-2020/CVE-2020-218xx/CVE-2020-21890.json +++ b/CVE-2020/CVE-2020-218xx/CVE-2020-21890.json @@ -2,19 +2,77 @@ "id": "CVE-2020-21890", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:18.730", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:15:04.217", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:9.50:*:*:*:*:*:*:*", + "matchCriteriaId": "089333A5-72AA-4E68-8A8E-81876AAC9DD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.ghostscript.com/show_bug.cgi?id=701846", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-222xx/CVE-2020-22217.json b/CVE-2020/CVE-2020-222xx/CVE-2020-22217.json index 0bf129c85a7..8874895da23 100644 --- a/CVE-2020/CVE-2020-222xx/CVE-2020-22217.json +++ b/CVE-2020/CVE-2020-222xx/CVE-2020-22217.json @@ -2,19 +2,79 @@ "id": "CVE-2020-22217", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.050", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:42:21.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:c-ares:c-ares:1.16.1:*:*:*:*:*:*:*", + "matchCriteriaId": "F414AE45-51A4-439A-9522-74D765564707" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:c-ares:c-ares:1.70.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09D51C0F-7CF1-4179-89B2-1F9FD53112C6" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/c-ares/c-ares/issues/333", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-222xx/CVE-2020-22218.json b/CVE-2020/CVE-2020-222xx/CVE-2020-22218.json index e53c1889b1e..abe3a067dc0 100644 --- a/CVE-2020/CVE-2020-222xx/CVE-2020-22218.json +++ b/CVE-2020/CVE-2020-222xx/CVE-2020-22218.json @@ -2,19 +2,75 @@ "id": "CVE-2020-22218", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.120", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:51:52.637", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libssh2:libssh2:1.10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F25E23F0-5D4C-4436-A262-EC251272FDA4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/libssh2/libssh2/pull/476", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json b/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json index 5538f4bb747..d4c91f2fd9a 100644 --- a/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json +++ b/CVE-2020/CVE-2020-229xx/CVE-2020-22916.json @@ -2,23 +2,81 @@ "id": "CVE-2020-22916", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.407", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:53:54.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tukaani:xz:5.2.5:*:*:*:*:*:*:*", + "matchCriteriaId": "0AB0898C-225A-4BB8-B6B1-ED309063DFBD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/snappyJack/CVE-request-XZ-5.2.5-has-denial-of-service-vulnerability", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://tukaani.org/xz/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-266xx/CVE-2020-26652.json b/CVE-2020/CVE-2020-266xx/CVE-2020-26652.json index e26cd105016..c093d030aa4 100644 --- a/CVE-2020/CVE-2020-266xx/CVE-2020-26652.json +++ b/CVE-2020/CVE-2020-266xx/CVE-2020-26652.json @@ -2,19 +2,87 @@ "id": "CVE-2020-26652", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:19.943", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:56:03.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:realtek:rtl8812au_firmware:5.6.4.2:*:*:*:*:*:*:*", + "matchCriteriaId": "957AECA6-1567-42B3-996E-0786C82DCB84" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:realtek:rtl8812au:-:*:*:*:*:*:*:*", + "matchCriteriaId": "35471A81-70F6-4162-BC0A-E5A7D070333C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/aircrack-ng/rtl8812au/issues/730", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-293xx/CVE-2021-29390.json b/CVE-2021/CVE-2021-293xx/CVE-2021-29390.json index c3b90df65fc..6eb56d08d57 100644 --- a/CVE-2021/CVE-2021-293xx/CVE-2021-29390.json +++ b/CVE-2021/CVE-2021-293xx/CVE-2021-29390.json @@ -2,19 +2,74 @@ "id": "CVE-2021-29390", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:20.237", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:58:28.547", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:2.0.90:*:*:*:*:*:*:*", + "matchCriteriaId": "AA5809B6-0C5C-44C6-A2BF-4CE81A4D9200" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943797", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json b/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json index 692e6988b81..d1dfc561fa4 100644 --- a/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json +++ b/CVE-2022/CVE-2022-44xx/CVE-2022-4452.json @@ -2,8 +2,8 @@ "id": "CVE-2022-4452", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-25T15:15:08.040", - "lastModified": "2023-08-25T15:15:08.040", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20224.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20224.json index 2a56af3ecae..f09c6a4bcbf 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20224.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20224.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20224", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-08-16T22:15:11.837", - "lastModified": "2023-08-18T17:15:09.787", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:52:52.807", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,18 +54,61 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:thousandeyes_enterprise_agent:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.230", + "matchCriteriaId": "7F8C5493-77A8-471C-8C40-20B48D378F68" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/174233/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Privilege-Escalation.html", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://seclists.org/fulldisclosure/2023/Aug/20", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thoueye-privesc-NVhHGwb3", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20229.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20229.json index e2f22dcf659..ae9f2619957 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20229.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20229.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20229", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-08-16T22:15:12.213", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:45:26.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +54,45 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:duo_device_health_application:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.0", + "matchCriteriaId": "A3CF83DE-5ECA-472E-B3D9-0055279C0745" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-dha-filewrite-xPMBMZAK", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20237.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20237.json index 3952b579c61..419d73be885 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20237.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20237.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20237", "sourceIdentifier": "ykramarz@cisco.com", "published": "2023-08-16T22:15:12.777", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:32:21.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -34,10 +54,66 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.9-589", + "matchCriteriaId": "5F939C0F-2514-44C9-ADF6-4DCB344529EB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:cisco:intersight_assist:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D811AADF-88B4-452D-BCE8-8F288E6F3AEC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:cisco:intersight_connected_virtual_appliance:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0C846A1B-7BAF-4352-8ED0-A175478E6222" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:cisco:intersight_private_virtual_appliance:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BB33AF02-AB30-4C29-BDD5-8BE8621DDCAF" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-332xx/CVE-2023-33241.json b/CVE-2023/CVE-2023-332xx/CVE-2023-33241.json index 6d9c8182f41..ef98e0bf299 100644 --- a/CVE-2023/CVE-2023-332xx/CVE-2023-33241.json +++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33241.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33241", "sourceIdentifier": "disclosures@halborn.com", "published": "2023-08-09T22:15:10.323", - "lastModified": "2023-08-10T01:51:18.907", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:14:33.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "disclosures@halborn.com", "type": "Secondary", @@ -34,26 +54,77 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gg18_project:gg18:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB48800C-F964-43D1-B0A5-0A9E4FF0983D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gg20_project:gg20:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3EB9A9BD-F519-4A6B-A525-6252DD8407FE" + } + ] + } + ] + } + ], "references": [ { "url": "https://eprint.iacr.org/2019/114.pdf", - "source": "disclosures@halborn.com" + "source": "disclosures@halborn.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://eprint.iacr.org/2020/540.pdf", - "source": "disclosures@halborn.com" + "source": "disclosures@halborn.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/fireblocks-labs/mpc-ecdsa-attacks-23", - "source": "disclosures@halborn.com" + "source": "disclosures@halborn.com", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/fireblocks-labs/safeheron-gg20-exploit-poc", - "source": "disclosures@halborn.com" + "source": "disclosures@halborn.com", + "tags": [ + "Exploit" + ] }, { "url": "https://www.fireblocks.com/blog/gg18-and-gg20-paillier-key-vulnerability-technical-report/", - "source": "disclosures@halborn.com" + "source": "disclosures@halborn.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json index 683460d5ee8..2f0cc67898d 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3481.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3481", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-08-21T11:15:07.360", - "lastModified": "2023-08-21T12:47:08.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:01:54.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cve-coordination@google.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:critters:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.0.17", + "versionEndIncluding": "0.0.19", + "matchCriteriaId": "666AC14C-1E3E-442F-815A-686CA0098417" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/GoogleChromeLabs/critters/security/advisories/GHSA-cx3j-qqxj-9597", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json index d85c2a34ba1..d805158463e 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3604.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3604", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.260", - "lastModified": "2023-08-21T18:35:09.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:35:44.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpexpertsio:change_wp_admin_login:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.4", + "matchCriteriaId": "BB661D74-396D-49CF-9AC8-F8782546EDCB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/8f6615e8-f607-4ce4-a0e0-d5fc841ead16", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json index d6d494984b6..3f356b0a73c 100644 --- a/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3667.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3667", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.617", - "lastModified": "2023-08-21T18:35:09.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:00:11.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bitapps:bit_assist:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.9", + "matchCriteriaId": "CEC48703-7E01-4F58-A935-064C76186EDB" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/9f2f3f85-6812-46b5-9175-c56f6852afd7", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json index bb9bf44ee47..4c6af32bd5b 100644 --- a/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37250.json @@ -2,27 +2,90 @@ "id": "CVE-2023-37250", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-20T08:15:09.013", - "lastModified": "2023-08-21T19:15:08.427", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:15:00.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:unity:parsec:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.0", + "matchCriteriaId": "4AE5936B-5A8B-4E54-B8BD-00D9DC3026A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://unity3d.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.kb.cert.org/vuls/id/287122", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json new file mode 100644 index 00000000000..4159804fc57 --- /dev/null +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38201.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38201", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-08-25T17:15:08.530", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-38201", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222693", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/keylime/keylime/security/advisories/GHSA-f4r5-q63f-gcww", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json index 511f984fb28..f4b44ff8e8c 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38906.json @@ -2,23 +2,98 @@ "id": "CVE-2023-38906", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T00:15:07.920", - "lastModified": "2023-08-22T12:41:26.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:51:19.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", + "matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51" + } + ] + } + ] + } + ], "references": [ { "url": "https://arxiv.org/abs/2308.09019", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json index 6e33a0cc3a3..6fd6f5f7b51 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38908.json @@ -2,27 +2,106 @@ "id": "CVE-2023-38908", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T01:15:08.153", - "lastModified": "2023-08-22T12:41:26.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:50:42.373", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", + "matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51" + } + ] + } + ] + } + ], "references": [ { "url": "https://arxiv.org/abs/2308.09019", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://arxiv.org/pdf/2308.09019.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json index 2de71f8ccb5..45223e1ad4f 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38909.json @@ -2,27 +2,107 @@ "id": "CVE-2023-38909", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T01:15:08.537", - "lastModified": "2023-08-22T12:41:26.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:48:53.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tp-link:tapo:2.8.14:*:*:*:*:*:*:*", + "matchCriteriaId": "D392C8A7-8A3F-490A-90B5-F7D7BFDC7F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tp-link:tapo_l530e_firmware:1.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0427C4E5-322A-40F0-AA88-2FF57A32885F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tp-link:tapo_l530e:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49091A2E-84FF-4A44-87EE-2BA8C366BE51" + } + ] + } + ] + } + ], "references": [ { "url": "https://arxiv.org/abs/2308.09019", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://arxiv.org/pdf/2308.09019.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] }, { "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-396xx/CVE-2023-39666.json b/CVE-2023/CVE-2023-396xx/CVE-2023-39666.json index 3749cb6cfae..9b58a9b8c0c 100644 --- a/CVE-2023/CVE-2023-396xx/CVE-2023-39666.json +++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39666.json @@ -2,27 +2,100 @@ "id": "CVE-2023-39666", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-18T03:15:21.913", - "lastModified": "2023-08-18T12:43:51.207", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:15:17.530", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dir-842_firmware:1.05b02:*:*:*:*:*:*:*", + "matchCriteriaId": "D761A5D9-8CAC-4056-A5B0-21917EAA53A4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dir-842:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C05AE997-7966-4CCA-B58A-93B684D55F60" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Davidteeri/Bug-Report/blob/main/D-Link/DIR-842%20buffer%20overflow.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://support.dlink.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.dlink.com/en/security-bulletin/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39939.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39939.json index 7594cc259bf..9757f383a69 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39939.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39939.json @@ -2,27 +2,105 @@ "id": "CVE-2023-39939", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-21T09:15:10.280", - "lastModified": "2023-08-21T12:47:08.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:08:34.140", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.2.3m", + "matchCriteriaId": "D2A2C8DB-069C-43B0-B15E-8B56E92E5304" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:luxsoft:luxcal_web_calendar:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.2.3l", + "matchCriteriaId": "762AC990-3256-4610-BC78-35C1833DEC4E" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN04876736/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.luxsoft.eu/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.luxsoft.eu/?download", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json index 0b53ec9b457..6afd5cc555a 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3936.json @@ -2,15 +2,38 @@ "id": "CVE-2023-3936", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:49.967", - "lastModified": "2023-08-21T18:35:09.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:02:58.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { "source": "contact@wpscan.com", @@ -23,10 +46,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "7.2.1", + "matchCriteriaId": "992DF2FB-717E-43F0-98B4-865A462D4D29" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/6d09a5d3-046d-47ef-86b4-c024ea09dc0f", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json b/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json index 5314a2e1213..97fcd68307f 100644 --- a/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json +++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3954.json @@ -2,18 +2,41 @@ "id": "CVE-2023-3954", "sourceIdentifier": "contact@wpscan.com", "published": "2023-08-21T17:15:50.047", - "lastModified": "2023-08-21T18:35:09.707", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:16:42.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ { - "source": "contact@wpscan.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -21,12 +44,44 @@ "value": "CWE-79" } ] + }, + { + "source": "contact@wpscan.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:multiparcels:multiparcels_shipping_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.15.4", + "matchCriteriaId": "D4222FF5-97DF-45FF-A189-D8231E113EBD" + } + ] + } + ] } ], "references": [ { "url": "https://wpscan.com/vulnerability/b463ccbb-2dc1-479f-bc88-becd204b2dc0", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json index 3466d8f0375..62d237eda65 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40034.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40034", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-16T21:15:10.087", - "lastModified": "2023-08-17T12:53:44.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:43:47.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +56,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +76,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:woodpecker-ci:woodpecker:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.0.2", + "matchCriteriaId": "1EFD3D08-B24D-4822-9C72-C4FA7DF5CE84" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/woodpecker-ci/woodpecker/commit/6e4c2f84cc84661d58cf1c0e5c421a46070bb105", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/woodpecker-ci/woodpecker/pull/2221", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/woodpecker-ci/woodpecker/pull/2222", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-4gcf-5m39-98mc", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40068.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40068.json index b1051807cb9..86ef4463948 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40068.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40068.json @@ -2,31 +2,105 @@ "id": "CVE-2023-40068", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-08-21T09:15:10.430", - "lastModified": "2023-08-21T12:47:08.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:10:43.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*", + "versionStartIncluding": "6.1.0", + "versionEndIncluding": "6.1.7", + "matchCriteriaId": "8EF03DA3-87E4-4449-BE67-43FEBE09952B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*", + "versionStartIncluding": "6.1.0", + "versionEndIncluding": "6.1.7", + "matchCriteriaId": "E5706ED3-7C74-487F-B198-A0EB7FAE9DD3" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN98946408/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://wordpress.org/plugins/advanced-custom-fields/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.advancedcustomfields.com/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] }, { "url": "https://www.advancedcustomfields.com/blog/acf-6-1-8/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40273.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40273.json index 1c13c0d79ce..251a9050694 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40273.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40273.json @@ -2,7 +2,7 @@ "id": "CVE-2023-40273", "sourceIdentifier": "security@apache.org", "published": "2023-08-23T16:15:09.803", - "lastModified": "2023-08-23T21:15:09.263", + "lastModified": "2023-08-25T16:15:08.150", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,10 +24,6 @@ } ], "references": [ - { - "url": "http://www.openwall.com/lists/oss-security/2023/08/23/1", - "source": "security@apache.org" - }, { "url": "https://github.com/apache/airflow/pull/33347", "source": "security@apache.org" @@ -35,6 +31,10 @@ { "url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "source": "security@apache.org" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/08/23/1", + "source": "security@apache.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json new file mode 100644 index 00000000000..cf6096659a3 --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40796.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40796", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-25T16:15:08.323", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Phicomm k2 v22.6.529.216 is vulnerable to command injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lst-oss/Vulnerability/tree/main/Phicomm/k2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40797.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40797.json new file mode 100644 index 00000000000..17c9f09a509 --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40797.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40797", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-25T16:15:08.427", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/sub_4781A4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40798.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40798.json new file mode 100644 index 00000000000..151453b5ca1 --- /dev/null +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40798.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40798", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-25T16:15:08.510", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/lst-oss/Vulnerability/tree/main/Tenda/AC23/formSetIPv6status-formGetWanParameter", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40799.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40799.json index 4ee4cbbd6ad..1bff3c732c1 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40799.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40799.json @@ -2,12 +2,12 @@ "id": "CVE-2023-40799", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T15:15:09.307", - "lastModified": "2023-08-25T15:15:09.307", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Tenda AC23 Vv16.03.07.45_cn AC23 is vulnerable to Buffer via sub_450A4C function." + "value": "Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40800.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40800.json index 6fb6c40d807..594540c18cb 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40800.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40800.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40800", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T15:15:09.390", - "lastModified": "2023-08-25T15:15:09.390", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40801.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40801.json index 75e0b4136fd..baee03c3ce5 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40801.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40801.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40801", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T15:15:09.470", - "lastModified": "2023-08-25T15:15:09.470", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40802.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40802.json index 3391d4662eb..a5a28110e27 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40802.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40802.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40802", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T15:15:09.550", - "lastModified": "2023-08-25T15:15:09.550", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40915.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40915.json index da9b900a2b9..69e30e5e588 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40915.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40915", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-25T15:15:09.627", - "lastModified": "2023-08-25T15:15:09.627", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json index dfd8962940c..c95619dc3bb 100644 --- a/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json +++ b/CVE-2023/CVE-2023-43xx/CVE-2023-4373.json @@ -2,19 +2,75 @@ "id": "CVE-2023-4373", "sourceIdentifier": "security@devolutions.net", "published": "2023-08-21T19:15:08.787", - "lastModified": "2023-08-22T12:41:26.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:57:11.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.2.19", + "matchCriteriaId": "2B3DFE86-D742-4603-9500-9D78DA42CBA9" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0015/", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json index 51954676f72..9482fe99cd5 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4417.json @@ -2,19 +2,87 @@ "id": "CVE-2023-4417", "sourceIdentifier": "security@devolutions.net", "published": "2023-08-21T19:15:09.187", - "lastModified": "2023-08-22T19:16:41.680", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:55:22.950", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devolutions:remote_desktop_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.2.19", + "matchCriteriaId": "2B3DFE86-D742-4603-9500-9D78DA42CBA9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2023-0015", - "source": "security@devolutions.net" + "source": "security@devolutions.net", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4434.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4434.json index ee629baecf4..efe94936608 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4434.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4434", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-20T01:15:10.050", - "lastModified": "2023-08-21T12:47:18.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:57:45.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*", + "versionEndExcluding": "build88", + "matchCriteriaId": "87A3E342-311A-4502-9F49-BA572D3E6D3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4435.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4435.json index f7415330257..ffe90c79ce7 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4435.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4435.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4435", "sourceIdentifier": "security@huntr.dev", "published": "2023-08-20T01:15:10.773", - "lastModified": "2023-08-21T12:47:18.157", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T17:34:31.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*", + "versionEndExcluding": "build88", + "matchCriteriaId": "87A3E342-311A-4502-9F49-BA572D3E6D3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch", + "Third Party Advisory" + ] }, { "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4446.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4446.json index a4d98b91c13..fe8cc55f1f7 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4446.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4446.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4446", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-21T01:15:10.320", - "lastModified": "2023-08-21T12:47:13.573", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-25T16:26:29.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openrapid:rapidcms:1.3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "D66CF166-4A08-45F5-9577-38D3CE25AFBA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/OpenRapid/rapidcms/issues/3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.237567", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.237567", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json index b91bc9468ba..ffcc4e11faf 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4534.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4534", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-25T15:15:09.887", - "lastModified": "2023-08-25T15:15:09.887", - "vulnStatus": "Received", + "lastModified": "2023-08-25T17:51:53.297", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index a31495fb8c6..ed4a08dd646 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-25T16:00:30.436334+00:00 +2023-08-25T18:00:33.975572+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-25T15:57:53.300000+00:00 +2023-08-25T17:58:28.547000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223450 +223455 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `5` -* [CVE-2022-4452](CVE-2022/CVE-2022-44xx/CVE-2022-4452.json) (`2023-08-25T15:15:08.040`) -* [CVE-2023-39742](CVE-2023/CVE-2023-397xx/CVE-2023-39742.json) (`2023-08-25T14:15:09.763`) -* [CVE-2023-41167](CVE-2023/CVE-2023-411xx/CVE-2023-41167.json) (`2023-08-25T14:15:10.150`) -* [CVE-2023-40799](CVE-2023/CVE-2023-407xx/CVE-2023-40799.json) (`2023-08-25T15:15:09.307`) -* [CVE-2023-40800](CVE-2023/CVE-2023-408xx/CVE-2023-40800.json) (`2023-08-25T15:15:09.390`) -* [CVE-2023-40801](CVE-2023/CVE-2023-408xx/CVE-2023-40801.json) (`2023-08-25T15:15:09.470`) -* [CVE-2023-40802](CVE-2023/CVE-2023-408xx/CVE-2023-40802.json) (`2023-08-25T15:15:09.550`) -* [CVE-2023-40915](CVE-2023/CVE-2023-409xx/CVE-2023-40915.json) (`2023-08-25T15:15:09.627`) -* [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-25T15:15:09.887`) +* [CVE-2020-11711](CVE-2020/CVE-2020-117xx/CVE-2020-11711.json) (`2023-08-25T16:15:07.857`) +* [CVE-2023-40796](CVE-2023/CVE-2023-407xx/CVE-2023-40796.json) (`2023-08-25T16:15:08.323`) +* [CVE-2023-40797](CVE-2023/CVE-2023-407xx/CVE-2023-40797.json) (`2023-08-25T16:15:08.427`) +* [CVE-2023-40798](CVE-2023/CVE-2023-407xx/CVE-2023-40798.json) (`2023-08-25T16:15:08.510`) +* [CVE-2023-38201](CVE-2023/CVE-2023-382xx/CVE-2023-38201.json) (`2023-08-25T17:15:08.530`) ### CVEs modified in the last Commit -Recently modified CVEs: `31` +Recently modified CVEs: `39` -* [CVE-2020-24292](CVE-2020/CVE-2020-242xx/CVE-2020-24292.json) (`2023-08-25T15:34:45.413`) -* [CVE-2020-24293](CVE-2020/CVE-2020-242xx/CVE-2020-24293.json) (`2023-08-25T15:37:30.777`) -* [CVE-2020-24294](CVE-2020/CVE-2020-242xx/CVE-2020-24294.json) (`2023-08-25T15:44:37.527`) -* [CVE-2020-24295](CVE-2020/CVE-2020-242xx/CVE-2020-24295.json) (`2023-08-25T15:46:04.610`) -* [CVE-2020-22181](CVE-2020/CVE-2020-221xx/CVE-2020-22181.json) (`2023-08-25T15:51:30.537`) -* [CVE-2022-0850](CVE-2022/CVE-2022-08xx/CVE-2022-0850.json) (`2023-08-25T15:24:17.467`) -* [CVE-2023-36674](CVE-2023/CVE-2023-366xx/CVE-2023-36674.json) (`2023-08-25T14:08:11.103`) -* [CVE-2023-39741](CVE-2023/CVE-2023-397xx/CVE-2023-39741.json) (`2023-08-25T14:15:09.287`) -* [CVE-2023-39743](CVE-2023/CVE-2023-397xx/CVE-2023-39743.json) (`2023-08-25T14:15:09.957`) -* [CVE-2023-4445](CVE-2023/CVE-2023-44xx/CVE-2023-4445.json) (`2023-08-25T14:24:56.657`) -* [CVE-2023-39671](CVE-2023/CVE-2023-396xx/CVE-2023-39671.json) (`2023-08-25T14:51:35.360`) -* [CVE-2023-39674](CVE-2023/CVE-2023-396xx/CVE-2023-39674.json) (`2023-08-25T14:51:47.643`) -* [CVE-2023-39617](CVE-2023/CVE-2023-396xx/CVE-2023-39617.json) (`2023-08-25T14:56:11.560`) -* [CVE-2023-39618](CVE-2023/CVE-2023-396xx/CVE-2023-39618.json) (`2023-08-25T14:57:10.980`) -* [CVE-2023-39745](CVE-2023/CVE-2023-397xx/CVE-2023-39745.json) (`2023-08-25T15:02:19.863`) -* [CVE-2023-39747](CVE-2023/CVE-2023-397xx/CVE-2023-39747.json) (`2023-08-25T15:02:42.837`) -* [CVE-2023-39748](CVE-2023/CVE-2023-397xx/CVE-2023-39748.json) (`2023-08-25T15:02:59.867`) -* [CVE-2023-33242](CVE-2023/CVE-2023-332xx/CVE-2023-33242.json) (`2023-08-25T15:06:14.247`) -* [CVE-2023-4447](CVE-2023/CVE-2023-44xx/CVE-2023-4447.json) (`2023-08-25T15:12:40.690`) -* [CVE-2023-4448](CVE-2023/CVE-2023-44xx/CVE-2023-4448.json) (`2023-08-25T15:13:01.857`) -* [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-08-25T15:15:08.783`) -* [CVE-2023-2006](CVE-2023/CVE-2023-20xx/CVE-2023-2006.json) (`2023-08-25T15:23:55.877`) -* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-08-25T15:24:09.620`) -* [CVE-2023-2737](CVE-2023/CVE-2023-27xx/CVE-2023-2737.json) (`2023-08-25T15:42:05.057`) -* [CVE-2023-39543](CVE-2023/CVE-2023-395xx/CVE-2023-39543.json) (`2023-08-25T15:57:53.300`) +* [CVE-2023-37250](CVE-2023/CVE-2023-372xx/CVE-2023-37250.json) (`2023-08-25T16:15:00.827`) +* [CVE-2023-40273](CVE-2023/CVE-2023-402xx/CVE-2023-40273.json) (`2023-08-25T16:15:08.150`) +* [CVE-2023-39666](CVE-2023/CVE-2023-396xx/CVE-2023-39666.json) (`2023-08-25T16:15:17.530`) +* [CVE-2023-3954](CVE-2023/CVE-2023-39xx/CVE-2023-3954.json) (`2023-08-25T16:16:42.747`) +* [CVE-2023-4446](CVE-2023/CVE-2023-44xx/CVE-2023-4446.json) (`2023-08-25T16:26:29.003`) +* [CVE-2023-20237](CVE-2023/CVE-2023-202xx/CVE-2023-20237.json) (`2023-08-25T16:32:21.537`) +* [CVE-2023-3604](CVE-2023/CVE-2023-36xx/CVE-2023-3604.json) (`2023-08-25T16:35:44.563`) +* [CVE-2023-20229](CVE-2023/CVE-2023-202xx/CVE-2023-20229.json) (`2023-08-25T16:45:26.260`) +* [CVE-2023-3667](CVE-2023/CVE-2023-36xx/CVE-2023-3667.json) (`2023-08-25T17:00:11.147`) +* [CVE-2023-3936](CVE-2023/CVE-2023-39xx/CVE-2023-3936.json) (`2023-08-25T17:02:58.830`) +* [CVE-2023-4435](CVE-2023/CVE-2023-44xx/CVE-2023-4435.json) (`2023-08-25T17:34:31.577`) +* [CVE-2023-40034](CVE-2023/CVE-2023-400xx/CVE-2023-40034.json) (`2023-08-25T17:43:47.567`) +* [CVE-2023-38909](CVE-2023/CVE-2023-389xx/CVE-2023-38909.json) (`2023-08-25T17:48:53.440`) +* [CVE-2023-38908](CVE-2023/CVE-2023-389xx/CVE-2023-38908.json) (`2023-08-25T17:50:42.373`) +* [CVE-2023-38906](CVE-2023/CVE-2023-389xx/CVE-2023-38906.json) (`2023-08-25T17:51:19.590`) +* [CVE-2023-40799](CVE-2023/CVE-2023-407xx/CVE-2023-40799.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-40800](CVE-2023/CVE-2023-408xx/CVE-2023-40800.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-40801](CVE-2023/CVE-2023-408xx/CVE-2023-40801.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-40802](CVE-2023/CVE-2023-408xx/CVE-2023-40802.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-40915](CVE-2023/CVE-2023-409xx/CVE-2023-40915.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-4534](CVE-2023/CVE-2023-45xx/CVE-2023-4534.json) (`2023-08-25T17:51:53.297`) +* [CVE-2023-20224](CVE-2023/CVE-2023-202xx/CVE-2023-20224.json) (`2023-08-25T17:52:52.807`) +* [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-25T17:55:22.950`) +* [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-25T17:57:11.583`) +* [CVE-2023-4434](CVE-2023/CVE-2023-44xx/CVE-2023-4434.json) (`2023-08-25T17:57:45.133`) ## Download and Usage