From 71c75148bd9977101e16d0152fe48dd5e2ccb1aa Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 28 Aug 2023 20:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-08-28T20:00:25.281014+00:00 --- CVE-2017/CVE-2017-201xx/CVE-2017-20186.json | 4 +- CVE-2018/CVE-2018-250xx/CVE-2018-25089.json | 4 +- CVE-2020/CVE-2020-273xx/CVE-2020-27366.json | 20 ++ CVE-2021/CVE-2021-233xx/CVE-2021-23385.json | 8 +- CVE-2022/CVE-2022-370xx/CVE-2022-37050.json | 69 ++++++- CVE-2022/CVE-2022-383xx/CVE-2022-38349.json | 69 ++++++- CVE-2022/CVE-2022-442xx/CVE-2022-44215.json | 70 ++++++- CVE-2022/CVE-2022-470xx/CVE-2022-47022.json | 67 ++++++- CVE-2022/CVE-2022-481xx/CVE-2022-48174.json | 65 ++++++- CVE-2022/CVE-2022-485xx/CVE-2022-48522.json | 63 ++++++- CVE-2023/CVE-2023-19xx/CVE-2023-1997.json | 4 +- CVE-2023/CVE-2023-253xx/CVE-2023-25394.json | 8 +- CVE-2023/CVE-2023-338xx/CVE-2023-33850.json | 197 +++++++++++++++++++- CVE-2023/CVE-2023-386xx/CVE-2023-38666.json | 68 ++++++- CVE-2023/CVE-2023-386xx/CVE-2023-38667.json | 64 ++++++- CVE-2023/CVE-2023-386xx/CVE-2023-38668.json | 64 ++++++- CVE-2023/CVE-2023-389xx/CVE-2023-38996.json | 74 +++++++- CVE-2023/CVE-2023-390xx/CVE-2023-39062.json | 28 +++ CVE-2023/CVE-2023-391xx/CVE-2023-39141.json | 69 ++++++- CVE-2023/CVE-2023-395xx/CVE-2023-39560.json | 4 +- CVE-2023/CVE-2023-395xx/CVE-2023-39562.json | 24 +++ CVE-2023/CVE-2023-395xx/CVE-2023-39599.json | 73 +++++++- CVE-2023/CVE-2023-397xx/CVE-2023-39708.json | 4 +- CVE-2023/CVE-2023-397xx/CVE-2023-39709.json | 28 +++ CVE-2023/CVE-2023-398xx/CVE-2023-39810.json | 24 +++ CVE-2023/CVE-2023-405xx/CVE-2023-40590.json | 59 ++++++ CVE-2023/CVE-2023-407xx/CVE-2023-40748.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40749.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40750.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40751.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40752.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40753.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40754.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40755.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40756.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40757.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40758.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40759.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40760.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40761.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40762.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40763.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40764.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40765.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40766.json | 4 +- CVE-2023/CVE-2023-407xx/CVE-2023-40767.json | 4 +- CVE-2023/CVE-2023-408xx/CVE-2023-40846.json | 4 +- CVE-2023/CVE-2023-44xx/CVE-2023-4427.json | 75 +++++++- CVE-2023/CVE-2023-45xx/CVE-2023-4547.json | 6 +- CVE-2023/CVE-2023-45xx/CVE-2023-4548.json | 6 +- README.md | 55 ++++-- 51 files changed, 1313 insertions(+), 144 deletions(-) create mode 100644 CVE-2020/CVE-2020-273xx/CVE-2020-27366.json create mode 100644 CVE-2023/CVE-2023-390xx/CVE-2023-39062.json create mode 100644 CVE-2023/CVE-2023-395xx/CVE-2023-39562.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39709.json create mode 100644 CVE-2023/CVE-2023-398xx/CVE-2023-39810.json create mode 100644 CVE-2023/CVE-2023-405xx/CVE-2023-40590.json diff --git a/CVE-2017/CVE-2017-201xx/CVE-2017-20186.json b/CVE-2017/CVE-2017-201xx/CVE-2017-20186.json index 41df7b5cfa3..3744f600937 100644 --- a/CVE-2017/CVE-2017-201xx/CVE-2017-20186.json +++ b/CVE-2017/CVE-2017-201xx/CVE-2017-20186.json @@ -2,8 +2,8 @@ "id": "CVE-2017-20186", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-28T13:15:08.937", - "lastModified": "2023-08-28T13:15:08.937", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25089.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25089.json index e1c5505409a..23802c22835 100644 --- a/CVE-2018/CVE-2018-250xx/CVE-2018-25089.json +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25089.json @@ -2,8 +2,8 @@ "id": "CVE-2018-25089", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-28T13:15:09.100", - "lastModified": "2023-08-28T13:15:09.100", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json b/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json new file mode 100644 index 00000000000..8070edfb6db --- /dev/null +++ b/CVE-2020/CVE-2020-273xx/CVE-2020-27366.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2020-27366", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T18:15:08.593", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local attackers to execute arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://pastebin.com/sr0JR1ys", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-233xx/CVE-2021-23385.json b/CVE-2021/CVE-2021-233xx/CVE-2021-23385.json index b8ba6cc7b83..0d0423c35d0 100644 --- a/CVE-2021/CVE-2021-233xx/CVE-2021-23385.json +++ b/CVE-2021/CVE-2021-233xx/CVE-2021-23385.json @@ -2,8 +2,8 @@ "id": "CVE-2021-23385", "sourceIdentifier": "report@snyk.io", "published": "2022-08-02T14:15:10.017", - "lastModified": "2022-08-09T12:47:02.960", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-28T19:15:07.507", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -96,6 +96,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00034.html", + "source": "report@snyk.io" + }, { "url": "https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234", "source": "report@snyk.io", diff --git a/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json b/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json index 9be57c4fafc..277d2e68a19 100644 --- a/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json +++ b/CVE-2022/CVE-2022-370xx/CVE-2022-37050.json @@ -2,23 +2,82 @@ "id": "CVE-2022-37050", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.657", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T18:34:27.900", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C423A5DA-DDB6-41EB-8E6B-4DFD4D03FE42" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-383xx/CVE-2022-38349.json b/CVE-2022/CVE-2022-383xx/CVE-2022-38349.json index ca5a49e3090..880f1164ee8 100644 --- a/CVE-2022/CVE-2022-383xx/CVE-2022-38349.json +++ b/CVE-2022/CVE-2022-383xx/CVE-2022-38349.json @@ -2,23 +2,82 @@ "id": "CVE-2022-38349", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:23.880", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T18:29:41.430", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freedesktop:poppler:22.08.0:*:*:*:*:*:*:*", + "matchCriteriaId": "032FA2DC-3A55-4599-BFC7-ECF428D33247" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-442xx/CVE-2022-44215.json b/CVE-2022/CVE-2022-442xx/CVE-2022-44215.json index 131eb07d8a7..acaf93b1244 100644 --- a/CVE-2022/CVE-2022-442xx/CVE-2022-44215.json +++ b/CVE-2022/CVE-2022-442xx/CVE-2022-44215.json @@ -2,23 +2,83 @@ "id": "CVE-2022-44215", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:29.777", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T18:21:23.103", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:southrivertech:titan_ftp_server:*:*:*:*:*:*:*:*", + "versionEndIncluding": "19.0", + "matchCriteriaId": "95740E8D-D52A-4ADF-822A-AC2E60ACB02A" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1oLJaqs5RRNQLT1Hyy-tgEzzhGLB0506J/view?usp=sharing", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/JBalanza/CVE-2022-44215", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-470xx/CVE-2022-47022.json b/CVE-2022/CVE-2022-470xx/CVE-2022-47022.json index 9a9b1cd3bf0..63ff6998bce 100644 --- a/CVE-2022/CVE-2022-470xx/CVE-2022-47022.json +++ b/CVE-2022/CVE-2022-470xx/CVE-2022-47022.json @@ -2,19 +2,78 @@ "id": "CVE-2022-47022", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:30.547", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T18:39:41.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:open-mpi:hwloc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.1.0", + "versionEndIncluding": "2.9.2", + "matchCriteriaId": "B915E20D-5CE9-4E0A-A624-9066F29A512C" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/open-mpi/hwloc/issues/544", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json b/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json index 645a2258811..bdc4487b977 100644 --- a/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json +++ b/CVE-2022/CVE-2022-481xx/CVE-2022-48174.json @@ -2,19 +2,76 @@ "id": "CVE-2022-48174", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:31.080", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T18:53:37.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.35.0", + "matchCriteriaId": "0CD0AEFF-77FD-4EFB-89C5-11227CEFCDF3" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.busybox.net/show_bug.cgi?id=15216", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-485xx/CVE-2022-48522.json b/CVE-2022/CVE-2022-485xx/CVE-2022-48522.json index 4b824209fe7..6e87d0e12ea 100644 --- a/CVE-2022/CVE-2022-485xx/CVE-2022-48522.json +++ b/CVE-2022/CVE-2022-485xx/CVE-2022-48522.json @@ -2,19 +2,74 @@ "id": "CVE-2022-48522", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:31.153", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:02:14.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perl:perl:5.34.0:-:*:*:*:*:*:*", + "matchCriteriaId": "ED202CAF-C081-41FF-948C-84A9ECADCE2A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json index 77e7870588d..4abbede2436 100644 --- a/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1997", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2023-08-28T16:15:08.627", - "lastModified": "2023-08-28T16:15:08.627", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json index ba61fbc8d3c..1e3ee042ab8 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25394.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25394", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-17T00:15:08.967", - "lastModified": "2023-05-25T17:57:14.570", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-28T18:15:08.750", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "tags": [ "Product" ] + }, + { + "url": "https://www.kb.cert.org/vuls/id/757109", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33850.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33850.json index 6116fa72ed4..2417bbc15bf 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33850.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33850.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33850", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-22T21:15:07.837", - "lastModified": "2023-08-23T13:17:22.070", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:51:25.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -34,22 +54,187 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*", + "matchCriteriaId": "3D5EA02F-AA81-4101-9CE2-46ED4DE76B25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*", + "matchCriteriaId": "569BF866-989C-4BF4-B80E-962F8979FD8B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BB032B5B-3B05-4809-8BF2-E08255E19475" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", + "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", + "matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", + "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7010369", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7022413", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7022414", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38666.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38666.json index a5226decd77..089ba73af75 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38666.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38666.json @@ -2,19 +2,79 @@ "id": "CVE-2023-38666", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.170", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:46:35.200", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt." + }, + { + "lang": "es", + "value": "Se ha descubierto que Bento4 v1.6.0-639 contiene una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n \"AP4_Processor::ProcessFragments\" en \"mp4encrypt\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-639:*:*:*:*:*:*:*", + "matchCriteriaId": "A003FBD1-339C-409D-A304-7FEE97E23250" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/axiomatic-systems/Bento4/issues/784", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38667.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38667.json index 3a289898843..cc159340567 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38667.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38667.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38667", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.240", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:40:03.987", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*", + "matchCriteriaId": "BEA64E17-E981-49F6-A6C5-3D251093023F" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392812", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38668.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38668.json index a829842fc71..eef06e48a2a 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38668.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38668.json @@ -2,19 +2,75 @@ "id": "CVE-2023-38668", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.303", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:38:54.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nasm:netwide_assembler:2.16:*:*:*:*:*:*:*", + "matchCriteriaId": "1A0E7B12-65F6-4A80-BE2E-85B1EF02639F" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392811", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38996.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38996.json index f02b2e56638..dac72361e01 100644 --- a/CVE-2023/CVE-2023-389xx/CVE-2023-38996.json +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38996.json @@ -2,27 +2,89 @@ "id": "CVE-2023-38996", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.483", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:24:26.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:douran:dsgate:*:*:*:*:*:*:*:*", + "matchCriteriaId": "8C9D4EBB-1236-4FC3-A899-2D2029B2B78F" + } + ] + } + ] + } + ], "references": [ { "url": "https://douran.com/en-US/Dourtal/4797/page/DSGate", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://douran.com/fa-IR/Dourtal/4797/page/DSGate", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://gist.github.com/RNPG/53b579da330ba896aa8dc2d901e5e400", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json b/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json new file mode 100644 index 00000000000..fa8def1d5fb --- /dev/null +++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39062.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-39062", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T18:15:08.863", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/afine-com/CVE-2023-39062", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2023-39062", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/spipu/html2pdf/blob/92afd81823d62ad95eb9d034858311bb63aeb4ac/CHANGELOG.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39141.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39141.json index d6827258ba3..d34e65eeba6 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39141.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39141.json @@ -2,23 +2,82 @@ "id": "CVE-2023-39141", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.563", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:15:08.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ziahamza:webui-aria2:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D491B8C-CDA7-4E7C-86AB-650C71973259" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/JafarAkhondali/528fe6c548b78f454911fb866b23f66e", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/ziahamza/webui-aria2/blob/109903f0e2774cf948698cd95a01f77f33d7dd2c/node-server.js#L10", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json index 0ab051f3942..b169506ccc9 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39560", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T17:15:09.820", - "lastModified": "2023-08-28T17:15:09.820", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39562.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39562.json new file mode 100644 index 00000000000..268ca69dc29 --- /dev/null +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39562.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39562", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T19:15:07.747", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ChanStormstout/Pocs/blob/master/gpac_POC/id%3A000000%2Csig%3A06%2Csrc%3A003771%2Ctime%3A328254%2Cexecs%3A120473%2Cop%3Ahavoc%2Crep%3A8", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gpac/gpac/issues/2537", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-395xx/CVE-2023-39599.json b/CVE-2023/CVE-2023-395xx/CVE-2023-39599.json index 6eb37df63b4..f059709f315 100644 --- a/CVE-2023/CVE-2023-395xx/CVE-2023-39599.json +++ b/CVE-2023/CVE-2023-395xx/CVE-2023-39599.json @@ -2,23 +2,86 @@ "id": "CVE-2023-39599", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-22T19:16:39.633", - "lastModified": "2023-08-22T20:10:36.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-08-28T19:08:09.323", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en CSZ CMS v1.3.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro \"Social Settings\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-39599/Readme.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39708.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39708.json index cf2e1e449d9..e87c039a5d9 100644 --- a/CVE-2023/CVE-2023-397xx/CVE-2023-39708.json +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39708.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39708", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T14:15:09.033", - "lastModified": "2023-08-28T14:15:09.033", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json new file mode 100644 index 00000000000..449a8ede430 --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39709.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-39709", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T19:15:07.830", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/Arajawat007/4cb86f9239c73ccfeaf466352513b188#file-cve-2023-39709", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-398xx/CVE-2023-39810.json b/CVE-2023/CVE-2023-398xx/CVE-2023-39810.json new file mode 100644 index 00000000000..8938ccb75ce --- /dev/null +++ b/CVE-2023/CVE-2023-398xx/CVE-2023-39810.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39810", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-28T19:15:07.893", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://busybox.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40590.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40590.json new file mode 100644 index 00000000000..37526a0e063 --- /dev/null +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40590.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-40590", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-08-28T18:15:08.937", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": " GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. An attacker can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the attacker to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\\\Program Files\\\\Git\\\\cmd\\\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + } + ], + "references": [ + { + "url": "https://docs.python.org/3/library/subprocess.html#popen-constructor", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40748.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40748.json index 463a6821e4b..52c9a69d101 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40748.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40748.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40748", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.397", - "lastModified": "2023-08-28T13:15:09.397", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40749.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40749.json index 8ed6efdb69a..19f1d25f679 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40749.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40749.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40749", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.477", - "lastModified": "2023-08-28T13:15:09.477", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40750.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40750.json index c0909ab5e1c..c57cda06dcb 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40750.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40750.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40750", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.557", - "lastModified": "2023-08-28T13:15:09.557", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40751.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40751.json index ca2f6a271a3..a4d719171e5 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40751.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40751.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40751", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.630", - "lastModified": "2023-08-28T13:15:09.630", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40752.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40752.json index 0ca2894e29c..ece26330187 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40752.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40752.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40752", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.707", - "lastModified": "2023-08-28T13:15:09.707", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40753.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40753.json index 5862afcc0f3..edb7c7fd913 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40753.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40753.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40753", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.797", - "lastModified": "2023-08-28T13:15:09.797", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40754.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40754.json index 80d1b67d5e7..55faea7dc10 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40754.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40754.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40754", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.883", - "lastModified": "2023-08-28T13:15:09.883", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.370", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40755.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40755.json index d9a0c4af0cd..a08bbb7a5dd 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40755.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40755.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40755", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:09.953", - "lastModified": "2023-08-28T13:15:09.953", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40756.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40756.json index 79436dc07e0..f9d35acecde 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40756.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40756.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40756", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.033", - "lastModified": "2023-08-28T13:15:10.033", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40757.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40757.json index 8a07b1234a4..3c33911ef28 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40757.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40757.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40757", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.087", - "lastModified": "2023-08-28T13:15:10.087", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40758.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40758.json index 59b05918623..3dd6fd32014 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40758.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40758.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40758", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.147", - "lastModified": "2023-08-28T13:15:10.147", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40759.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40759.json index 879b8ce5d5b..11f2ba007cc 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40759.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40759.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40759", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.207", - "lastModified": "2023-08-28T13:15:10.207", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40760.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40760.json index d676039d2ec..29c6a3f18f5 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40760.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40760.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40760", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.267", - "lastModified": "2023-08-28T13:15:10.267", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40761.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40761.json index ff3dc8b464a..633566f6032 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40761.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40761.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40761", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.327", - "lastModified": "2023-08-28T13:15:10.327", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40762.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40762.json index 2dc1b2d0ba4..684cf0bd765 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40762.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40762.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40762", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.387", - "lastModified": "2023-08-28T13:15:10.387", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40763.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40763.json index 61ccff54b2c..afe73ede310 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40763.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40763.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40763", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.467", - "lastModified": "2023-08-28T13:15:10.467", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40764.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40764.json index 2b6f478bbf3..51f2e278eea 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40764.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40764.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40764", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.533", - "lastModified": "2023-08-28T13:15:10.533", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40765.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40765.json index e1ff4298c90..4fe967ca1b0 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40765.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40765.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40765", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.593", - "lastModified": "2023-08-28T13:15:10.593", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40766.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40766.json index 82b52ad4b76..523bd14553e 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40766.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40766.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40766", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.657", - "lastModified": "2023-08-28T13:15:10.657", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-407xx/CVE-2023-40767.json b/CVE-2023/CVE-2023-407xx/CVE-2023-40767.json index 311cdf2e4c2..987c6a5cd16 100644 --- a/CVE-2023/CVE-2023-407xx/CVE-2023-40767.json +++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40767.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40767", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T13:15:10.713", - "lastModified": "2023-08-28T13:15:10.713", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40846.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40846.json index 3466cf9d760..95a53943955 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40846.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40846.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40846", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T14:15:09.197", - "lastModified": "2023-08-28T14:15:09.197", - "vulnStatus": "Received", + "lastModified": "2023-08-28T19:28:54.367", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json index ac620382bdc..ddcb348a017 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4427.json @@ -2,27 +2,90 @@ "id": "CVE-2023-4427", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-08-23T00:15:09.073", - "lastModified": "2023-08-26T16:15:42.597", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-08-28T19:55:42.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "116.0.5845.110", + "matchCriteriaId": "1FFC5A2F-C97A-4FD2-825D-A3C18A1D4D78" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1470668", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5483", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4547.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4547.json index 0e32fe6e57f..fa386316e1a 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4547.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4547.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4547", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-26T09:15:09.057", - "lastModified": "2023-08-28T05:16:07.333", + "lastModified": "2023-08-28T18:15:09.063", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174343/SPA-Cart-eCommerce-CMS-1.9.0.3-Cross-Site-Scripting.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.238058", "source": "cna@vuldb.com" diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4548.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4548.json index 0c6c724fa09..36b6a17d201 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4548.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4548.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4548", "sourceIdentifier": "cna@vuldb.com", "published": "2023-08-26T10:15:11.277", - "lastModified": "2023-08-28T05:16:07.333", + "lastModified": "2023-08-28T18:15:09.227", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -72,6 +72,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174344/SPA-Cart-eCommerce-CMS-1.9.0.3-SQL-Injection.html", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.238059", "source": "cna@vuldb.com" diff --git a/README.md b/README.md index 655c008e4c1..634a122723a 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-28T18:00:25.157865+00:00 +2023-08-28T20:00:25.281014+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-28T17:46:02.613000+00:00 +2023-08-28T19:55:42.107000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,50 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223561 +223567 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `6` -* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T16:15:08.627`) -* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T17:15:09.820`) +* [CVE-2020-27366](CVE-2020/CVE-2020-273xx/CVE-2020-27366.json) (`2023-08-28T18:15:08.593`) +* [CVE-2023-39062](CVE-2023/CVE-2023-390xx/CVE-2023-39062.json) (`2023-08-28T18:15:08.863`) +* [CVE-2023-40590](CVE-2023/CVE-2023-405xx/CVE-2023-40590.json) (`2023-08-28T18:15:08.937`) +* [CVE-2023-39562](CVE-2023/CVE-2023-395xx/CVE-2023-39562.json) (`2023-08-28T19:15:07.747`) +* [CVE-2023-39709](CVE-2023/CVE-2023-397xx/CVE-2023-39709.json) (`2023-08-28T19:15:07.830`) +* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-08-28T19:15:07.893`) ### CVEs modified in the last Commit -Recently modified CVEs: `12` +Recently modified CVEs: `44` -* [CVE-2020-21583](CVE-2020/CVE-2020-215xx/CVE-2020-21583.json) (`2023-08-28T16:35:03.030`) -* [CVE-2020-26683](CVE-2020/CVE-2020-266xx/CVE-2020-26683.json) (`2023-08-28T16:44:27.123`) -* [CVE-2021-34193](CVE-2021/CVE-2021-341xx/CVE-2021-34193.json) (`2023-08-28T17:04:48.407`) -* [CVE-2021-35309](CVE-2021/CVE-2021-353xx/CVE-2021-35309.json) (`2023-08-28T17:23:51.530`) -* [CVE-2021-40263](CVE-2021/CVE-2021-402xx/CVE-2021-40263.json) (`2023-08-28T17:25:01.043`) -* [CVE-2021-46312](CVE-2021/CVE-2021-463xx/CVE-2021-46312.json) (`2023-08-28T17:40:07.023`) -* [CVE-2021-46310](CVE-2021/CVE-2021-463xx/CVE-2021-46310.json) (`2023-08-28T17:46:02.613`) -* [CVE-2023-20232](CVE-2023/CVE-2023-202xx/CVE-2023-20232.json) (`2023-08-28T16:00:45.907`) -* [CVE-2023-32563](CVE-2023/CVE-2023-325xx/CVE-2023-32563.json) (`2023-08-28T16:15:09.003`) -* [CVE-2023-37151](CVE-2023/CVE-2023-371xx/CVE-2023-37151.json) (`2023-08-28T16:15:09.600`) -* [CVE-2023-4273](CVE-2023/CVE-2023-42xx/CVE-2023-4273.json) (`2023-08-28T16:15:09.860`) -* [CVE-2023-27576](CVE-2023/CVE-2023-275xx/CVE-2023-27576.json) (`2023-08-28T17:15:09.600`) +* [CVE-2023-40759](CVE-2023/CVE-2023-407xx/CVE-2023-40759.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40760](CVE-2023/CVE-2023-407xx/CVE-2023-40760.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40761](CVE-2023/CVE-2023-407xx/CVE-2023-40761.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40762](CVE-2023/CVE-2023-407xx/CVE-2023-40762.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40763](CVE-2023/CVE-2023-407xx/CVE-2023-40763.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40764](CVE-2023/CVE-2023-407xx/CVE-2023-40764.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40765](CVE-2023/CVE-2023-407xx/CVE-2023-40765.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40766](CVE-2023/CVE-2023-407xx/CVE-2023-40766.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40767](CVE-2023/CVE-2023-407xx/CVE-2023-40767.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-39708](CVE-2023/CVE-2023-397xx/CVE-2023-39708.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40846](CVE-2023/CVE-2023-408xx/CVE-2023-40846.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-1997](CVE-2023/CVE-2023-19xx/CVE-2023-1997.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-39560](CVE-2023/CVE-2023-395xx/CVE-2023-39560.json) (`2023-08-28T19:28:54.367`) +* [CVE-2023-40748](CVE-2023/CVE-2023-407xx/CVE-2023-40748.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40749](CVE-2023/CVE-2023-407xx/CVE-2023-40749.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40750](CVE-2023/CVE-2023-407xx/CVE-2023-40750.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40751](CVE-2023/CVE-2023-407xx/CVE-2023-40751.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40752](CVE-2023/CVE-2023-407xx/CVE-2023-40752.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40753](CVE-2023/CVE-2023-407xx/CVE-2023-40753.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-40754](CVE-2023/CVE-2023-407xx/CVE-2023-40754.json) (`2023-08-28T19:28:54.370`) +* [CVE-2023-38668](CVE-2023/CVE-2023-386xx/CVE-2023-38668.json) (`2023-08-28T19:38:54.383`) +* [CVE-2023-38667](CVE-2023/CVE-2023-386xx/CVE-2023-38667.json) (`2023-08-28T19:40:03.987`) +* [CVE-2023-38666](CVE-2023/CVE-2023-386xx/CVE-2023-38666.json) (`2023-08-28T19:46:35.200`) +* [CVE-2023-33850](CVE-2023/CVE-2023-338xx/CVE-2023-33850.json) (`2023-08-28T19:51:25.020`) +* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-08-28T19:55:42.107`) ## Download and Usage