admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-21T20:00:38.779443+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-21 20:00:42 +00:00
parent a39adc01eb
commit 73e047114d
59 changed files with 2634 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
CVE-2023/CVE-2023-212xx/CVE-2023-21286.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21286",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.603",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:16:14.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/a65429742caf05205ea7f1c2fdd1119ca652b810",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21287.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21287",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.663",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:17:43.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21288.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21288",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.727",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:35:46.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21289.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21289",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.790",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:47:03.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21290.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21290",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.853",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:49:23.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-212xx/CVE-2023-21292.json
View File

@ -2,23 +2,97 @@
"id": "CVE-2023-21292",
"sourceIdentifier": "security@android.com",
"published": "2023-08-14T22:15:13.927",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:50:48.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F120D280-287A-474F-9DC5-CBBC4B4C7237"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F3B54CC6-C4CB-4BBD-AADC-BC7A80F4F621"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "08A26AC2-409E-499A-B0D5-8C2B5038947D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2023-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-264xx/CVE-2023-26469.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26469",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-17T19:15:12.143",
"lastModified": "2023-08-18T12:43:51.207",
"lastModified": "2023-08-21T19:15:08.140",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -12,6 +12,10 @@
],
"metrics": {},
"references": [
{
"url": "http://packetstormsecurity.com/files/174248/Jorani-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Orange-Cyberdefense/CVE-repository/tree/master",
"source": "cve@mitre.org"

4
CVE-2023/CVE-2023-314xx/CVE-2023-31447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:46.847",
"lastModified": "2023-08-21T17:15:46.847",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-320xx/CVE-2023-32002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32002",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-21T17:15:47.000",
"lastModified": "2023-08-21T17:15:47.000",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-33xx/CVE-2023-3366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3366",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:48.927",
"lastModified": "2023-08-21T17:15:48.927",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-36xx/CVE-2023-3604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3604",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.260",
"lastModified": "2023-08-21T17:15:49.260",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-36xx/CVE-2023-3667.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3667",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.617",
"lastModified": "2023-08-21T17:15:49.617",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-372xx/CVE-2023-37250.json
View File

@ -2,16 +2,20 @@
"id": "CVE-2023-37250",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-20T08:15:09.013",
"lastModified": "2023-08-21T12:47:18.157",
"lastModified": "2023-08-21T19:15:08.427",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs."
"value": "Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in \"Per User\" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version."
}
],
"metrics": {},
"references": [
{
"url": "https://support.parsec.app/hc/en-us/articles/18311425588237-CVE-2023-37250",
"source": "cve@mitre.org"
},
{
"url": "https://unity3d.com",
"source": "cve@mitre.org"

4
CVE-2023/CVE-2023-380xx/CVE-2023-38035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38035",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-21T17:15:47.457",
"lastModified": "2023-08-21T17:15:47.457",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-388xx/CVE-2023-38836.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38836",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:47.633",
"lastModified": "2023-08-21T17:15:47.633",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38961.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38961",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:47.973",
"lastModified": "2023-08-21T17:15:47.973",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-389xx/CVE-2023-38976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38976",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.127",
"lastModified": "2023-08-21T17:15:48.127",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-390xx/CVE-2023-39061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39061",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.277",
"lastModified": "2023-08-21T17:15:48.277",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-390xx/CVE-2023-39094.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39094",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.437",
"lastModified": "2023-08-21T17:15:48.437",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-391xx/CVE-2023-39106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39106",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.587",
"lastModified": "2023-08-21T17:15:48.587",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-396xx/CVE-2023-39660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.797",
"lastModified": "2023-08-21T17:15:48.797",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

100
CVE-2023/CVE-2023-399xx/CVE-2023-39948.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39948",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.693",
"lastModified": "2023-08-21T04:15:10.683",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:17:43.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,22 +76,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.5",
"matchCriteriaId": "A5F6650B-AD38-4E23-94EC-691A17D787EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eprosima:fast_dds:2.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9255BCA-332A-4107-9A21-95907F1B6F2C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/files/11117197/fastdds-assert.pcap.zip",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/eProsima/Fast-DDS/issues/3422",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5481",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2023/CVE-2023-399xx/CVE-2023-39949.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39949",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-11T14:15:13.807",
"lastModified": "2023-08-21T04:15:10.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:17:36.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,22 +66,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eprosima:fast_dds:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.5",
"matchCriteriaId": "A5F6650B-AD38-4E23-94EC-691A17D787EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eprosima:fast_dds:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D74922AF-7F3C-4F24-8924-298BA00F4204"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/blob/v2.9.0/src/cpp/rtps/messages/MessageReceiver.cpp#L1059",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/eProsima/Fast-DDS/issues/3236",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5481",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-39xx/CVE-2023-3936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3936",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:49.967",
"lastModified": "2023-08-21T17:15:49.967",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-39xx/CVE-2023-3954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3954",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-08-21T17:15:50.047",
"lastModified": "2023-08-21T17:15:50.047",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

193
CVE-2023/CVE-2023-400xx/CVE-2023-40023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40023",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-14T20:15:12.530",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:10:59.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +76,169 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "46F3DA06-8197-447A-BCE3-D838062BD344"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DA076EFA-4FED-4894-A46D-7DF553B331B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "72C59A71-E85A-4684-9638-DCB1D8F4872F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "EABBAB5A-2C5B-4D7A-BAC0-55901CF817BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "776E7D1A-29AD-4B66-8BE4-F35D3408934C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "29A9F6F9-1E01-4898-B29A-A29ADF96EEF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "F9B9AB79-69F4-4CA8-984A-8E2629F9FE51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "394A1DC3-36A3-4605-AC06-A60D545D6FC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp5:*:*:*:*:*:*",
"matchCriteriaId": "676D35A7-BB18-47C6-AD6C-632956C9C7A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp6:*:*:*:*:*:*",
"matchCriteriaId": "E594F631-6069-4303-B069-8AA800F677F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp7:*:*:*:*:*:*",
"matchCriteriaId": "1300104E-98A7-4B3E-97A5-FF039E71625B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp8:*:*:*:*:*:*",
"matchCriteriaId": "6BD1798E-CF01-4A84-80DF-F25BD1536982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.1:sp9:*:*:*:*:*:*",
"matchCriteriaId": "6E7E08F1-D67D-41CB-B42D-49A7B333AE58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6332A9BD-0B5A-4969-B55B-F272A511E1ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp1:*:*:*:*:*:*",
"matchCriteriaId": "F3F488F4-C4A8-42A9-A7B7-32807AF02AA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp2:*:*:*:*:*:*",
"matchCriteriaId": "C85FBE1E-DF14-46C9-A5FF-D4DE67198CEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp3:*:*:*:*:*:*",
"matchCriteriaId": "4A2A688A-E1E0-4EE5-B71B-3CBFBD513D6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp4:*:*:*:*:*:*",
"matchCriteriaId": "8A50F230-6189-40C7-AB17-A9C542D63B6E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp5:*:*:*:*:*:*",
"matchCriteriaId": "F069B61E-527E-4311-8A1B-2F596DC6041D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp6:*:*:*:*:*:*",
"matchCriteriaId": "44A6D499-215E-4311-A104-81C788187D6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.2:sp7:*:*:*:*:*:*",
"matchCriteriaId": "71ABAD8C-795C-4BA3-B431-06F8A05ECD2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:-:*:*:*:*:*:*",
"matchCriteriaId": "9EC848A3-5489-4A76-AD14-4A145500E294"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "FC3B8C85-0058-4B8E-9306-6F82D47A7787"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "E41C8D32-620B-4453-952D-DE5F31428133"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "79730955-D4B1-4A62-9BE2-E2ACB9B4E704"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yaklang:yaklang:1.2.4:-:*:*:*:*:*:*",
"matchCriteriaId": "54936273-80E5-4FC5-B2F9-EF6923ABB6E3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yaklang/yaklang/pull/295",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/yaklang/yaklang/pull/296",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/yaklang/yaklang/security/advisories/GHSA-xvhg-w6qc-m3qq",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2023/CVE-2023-400xx/CVE-2023-40024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40024",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-14T20:15:12.837",
"lastModified": "2023-08-15T12:29:16.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:15:25.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +66,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nexb:scancode.io:*:*:*:*:*:*:*:*",
"versionEndIncluding": "32.5.1",
"matchCriteriaId": "30C9948F-8470-41F9-9DA5-2FEB954189F7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nexB/scancode.io/blob/dd7769fbc97c84545579cebf1dc4838214098a11/CHANGELOG.rst#v3252-2023-08-14",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/nexB/scancode.io/security/advisories/GHSA-6xcx-gx7r-rccj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-402xx/CVE-2023-40291.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-40291",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T04:15:11.133",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:26:45.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*",
"matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF"
}
]
}
]
}
],
"references": [
{
"url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-402xx/CVE-2023-40292.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-40292",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T04:15:11.203",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:37:53.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*",
"matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF"
}
]
}
]
}
],
"references": [
{
"url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-402xx/CVE-2023-40293.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-40293",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T04:15:11.273",
"lastModified": "2023-08-14T13:06:15.630",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:38:08.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:samsung:harman_infotainment:20190525031613:*:*:*:*:*:*:*",
"matchCriteriaId": "428F9CD5-4676-4598-A715-F2E1FBCADDAF"
}
]
}
]
}
],
"references": [
{
"url": "https://autohack.in/2023/07/26/dude-its-my-car-how-to-develop-intimacy-with-your-car/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-403xx/CVE-2023-40352.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-40352",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T19:15:08.607",
"lastModified": "2023-08-21T19:15:08.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.mcafee.com/en-us/consumer-corporate/mcafee-labs/product-security-bulletins.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.mcafee.com/support/?articleId=TS103462&page=shell&shell=article-view",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4323.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4323",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:10.790",
"lastModified": "2023-08-15T20:01:42.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:41:27.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4324.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4324",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:10.847",
"lastModified": "2023-08-15T20:01:42.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:41:15.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4325.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4325",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:10.900",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:41:08.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4326.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4326",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:10.957",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:41:02.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-43xx/CVE-2023-4327.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-4327",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.010",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:40:55.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-43xx/CVE-2023-4328.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-4328",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.060",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:40:49.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4329.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4329",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.117",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:40:42.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4330.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4330",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.177",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:40:31.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4331.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4331",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.230",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:40:23.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4332.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4332",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.290",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:39:08.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-43xx/CVE-2023-4333.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-4333",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.347",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:38:35.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4334.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4334",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.397",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:46:04.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller Web server (nginx) is serving private files without any authentication"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

75
CVE-2023/CVE-2023-43xx/CVE-2023-4335.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-4335",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.450",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:45:53.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4336.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4336",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.503",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:45:37.487",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4337.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4337",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.560",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:45:25.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4338.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4338",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.613",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:43:29.833",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4339.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4339",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.663",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:43:44.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4340.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4340",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.717",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:42:54.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4341.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4341",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.770",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:42:47.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4342.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4342",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.823",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:42:30.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4343.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4343",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.883",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:42:39.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

63
CVE-2023/CVE-2023-43xx/CVE-2023-4344.json
View File

@ -2,19 +2,74 @@
"id": "CVE-2023-4344",
"sourceIdentifier": "cret@cert.org",
"published": "2023-08-15T19:15:11.943",
"lastModified": "2023-08-15T20:01:35.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-08-21T18:42:16.053",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:broadcom:raid_controller_web_interface:51.12.0-2779:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E02E4F-627F-49C5-867F-E872EC6A208C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.broadcom.com/support/resources/product-security-center",
"source": "cret@cert.org"
"source": "cret@cert.org",
"tags": [
"Product"
]
}
]
}

20
CVE-2023/CVE-2023-43xx/CVE-2023-4373.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-4373",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:08.787",
"lastModified": "2023-08-21T19:15:08.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0015/",
"source": "security@devolutions.net"
}
]
}

6
CVE-2023/CVE-2023-44xx/CVE-2023-4407.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4407",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-08-18T13:15:09.830",
"lastModified": "2023-08-18T15:06:49.560",
"lastModified": "2023-08-21T19:15:08.937",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -72,6 +72,10 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174244/Credit-Lite-1.5.4-SQL-Injection.html",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.237511",
"source": "cna@vuldb.com"

43
CVE-2023/CVE-2023-44xx/CVE-2023-4417.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-4417",
"sourceIdentifier": "security@devolutions.net",
"published": "2023-08-21T19:15:09.187",
"lastModified": "2023-08-21T19:15:09.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@devolutions.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2023-0015",
"source": "security@devolutions.net"
}
]
}

4
CVE-2023/CVE-2023-44xx/CVE-2023-4456.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4456",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-21T17:15:50.283",
"lastModified": "2023-08-21T17:15:50.283",
"vulnStatus": "Received",
"lastModified": "2023-08-21T18:35:09.707",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

51
CVE-2023/CVE-2023-44xx/CVE-2023-4459.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-4459",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-08-21T19:15:09.373",
"lastModified": "2023-08-21T19:15:09.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4459",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219268",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd",
"source": "secalert@redhat.com"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-08-21T18:00:38.765995+00:00
2023-08-21T20:00:38.779443+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-08-21T17:58:05.637000+00:00
2023-08-21T19:15:09.373000+00:00
```
### Last Data Feed Release
@ -29,61 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
223074
223078
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `4`
* [CVE-2022-4367](CVE-2022/CVE-2022-43xx/CVE-2022-4367.json) (`2023-08-21T17:15:46.307`)
* [CVE-2023-31447](CVE-2023/CVE-2023-314xx/CVE-2023-31447.json) (`2023-08-21T17:15:46.847`)
* [CVE-2023-32002](CVE-2023/CVE-2023-320xx/CVE-2023-32002.json) (`2023-08-21T17:15:47.000`)
* [CVE-2023-38035](CVE-2023/CVE-2023-380xx/CVE-2023-38035.json) (`2023-08-21T17:15:47.457`)
* [CVE-2023-38836](CVE-2023/CVE-2023-388xx/CVE-2023-38836.json) (`2023-08-21T17:15:47.633`)
* [CVE-2023-38961](CVE-2023/CVE-2023-389xx/CVE-2023-38961.json) (`2023-08-21T17:15:47.973`)
* [CVE-2023-38976](CVE-2023/CVE-2023-389xx/CVE-2023-38976.json) (`2023-08-21T17:15:48.127`)
* [CVE-2023-39061](CVE-2023/CVE-2023-390xx/CVE-2023-39061.json) (`2023-08-21T17:15:48.277`)
* [CVE-2023-39094](CVE-2023/CVE-2023-390xx/CVE-2023-39094.json) (`2023-08-21T17:15:48.437`)
* [CVE-2023-39106](CVE-2023/CVE-2023-391xx/CVE-2023-39106.json) (`2023-08-21T17:15:48.587`)
* [CVE-2023-39660](CVE-2023/CVE-2023-396xx/CVE-2023-39660.json) (`2023-08-21T17:15:48.797`)
* [CVE-2023-3366](CVE-2023/CVE-2023-33xx/CVE-2023-3366.json) (`2023-08-21T17:15:48.927`)
* [CVE-2023-3604](CVE-2023/CVE-2023-36xx/CVE-2023-3604.json) (`2023-08-21T17:15:49.260`)
* [CVE-2023-3667](CVE-2023/CVE-2023-36xx/CVE-2023-3667.json) (`2023-08-21T17:15:49.617`)
* [CVE-2023-3936](CVE-2023/CVE-2023-39xx/CVE-2023-3936.json) (`2023-08-21T17:15:49.967`)
* [CVE-2023-3954](CVE-2023/CVE-2023-39xx/CVE-2023-3954.json) (`2023-08-21T17:15:50.047`)
* [CVE-2023-4456](CVE-2023/CVE-2023-44xx/CVE-2023-4456.json) (`2023-08-21T17:15:50.283`)
* [CVE-2023-40352](CVE-2023/CVE-2023-403xx/CVE-2023-40352.json) (`2023-08-21T19:15:08.607`)
* [CVE-2023-4373](CVE-2023/CVE-2023-43xx/CVE-2023-4373.json) (`2023-08-21T19:15:08.787`)
* [CVE-2023-4417](CVE-2023/CVE-2023-44xx/CVE-2023-4417.json) (`2023-08-21T19:15:09.187`)
* [CVE-2023-4459](CVE-2023/CVE-2023-44xx/CVE-2023-4459.json) (`2023-08-21T19:15:09.373`)
### CVEs modified in the last Commit
Recently modified CVEs: `60`
Recently modified CVEs: `54`
* [CVE-2023-0872](CVE-2023/CVE-2023-08xx/CVE-2023-0872.json) (`2023-08-21T17:12:20.407`)
* [CVE-2023-26961](CVE-2023/CVE-2023-269xx/CVE-2023-26961.json) (`2023-08-21T17:15:46.583`)
* [CVE-2023-32663](CVE-2023/CVE-2023-326xx/CVE-2023-32663.json) (`2023-08-21T17:15:47.183`)
* [CVE-2023-38840](CVE-2023/CVE-2023-388xx/CVE-2023-38840.json) (`2023-08-21T17:15:47.793`)
* [CVE-2023-28481](CVE-2023/CVE-2023-284xx/CVE-2023-28481.json) (`2023-08-21T17:18:27.813`)
* [CVE-2023-28482](CVE-2023/CVE-2023-284xx/CVE-2023-28482.json) (`2023-08-21T17:21:28.503`)
* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-08-21T17:24:22.070`)
* [CVE-2023-39292](CVE-2023/CVE-2023-392xx/CVE-2023-39292.json) (`2023-08-21T17:24:42.877`)
* [CVE-2023-40294](CVE-2023/CVE-2023-402xx/CVE-2023-40294.json) (`2023-08-21T17:25:38.010`)
* [CVE-2023-20586](CVE-2023/CVE-2023-205xx/CVE-2023-20586.json) (`2023-08-21T17:25:49.017`)
* [CVE-2023-20569](CVE-2023/CVE-2023-205xx/CVE-2023-20569.json) (`2023-08-21T17:26:07.933`)
* [CVE-2023-4350](CVE-2023/CVE-2023-43xx/CVE-2023-4350.json) (`2023-08-21T17:27:02.017`)
* [CVE-2023-4351](CVE-2023/CVE-2023-43xx/CVE-2023-4351.json) (`2023-08-21T17:29:16.257`)
* [CVE-2023-4352](CVE-2023/CVE-2023-43xx/CVE-2023-4352.json) (`2023-08-21T17:35:28.180`)
* [CVE-2023-40295](CVE-2023/CVE-2023-402xx/CVE-2023-40295.json) (`2023-08-21T17:35:53.970`)
* [CVE-2023-4353](CVE-2023/CVE-2023-43xx/CVE-2023-4353.json) (`2023-08-21T17:36:21.240`)
* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-08-21T17:37:13.257`)
* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-08-21T17:39:24.197`)
* [CVE-2023-4356](CVE-2023/CVE-2023-43xx/CVE-2023-4356.json) (`2023-08-21T17:40:42.347`)
* [CVE-2023-2916](CVE-2023/CVE-2023-29xx/CVE-2023-2916.json) (`2023-08-21T17:49:19.573`)
* [CVE-2023-39852](CVE-2023/CVE-2023-398xx/CVE-2023-39852.json) (`2023-08-21T17:51:08.113`)
* [CVE-2023-3721](CVE-2023/CVE-2023-37xx/CVE-2023-3721.json) (`2023-08-21T17:53:45.117`)
* [CVE-2023-4361](CVE-2023/CVE-2023-43xx/CVE-2023-4361.json) (`2023-08-21T17:54:24.567`)
* [CVE-2023-4308](CVE-2023/CVE-2023-43xx/CVE-2023-4308.json) (`2023-08-21T17:54:39.980`)
* [CVE-2023-39293](CVE-2023/CVE-2023-392xx/CVE-2023-39293.json) (`2023-08-21T17:58:05.637`)
* [CVE-2023-4330](CVE-2023/CVE-2023-43xx/CVE-2023-4330.json) (`2023-08-21T18:40:31.387`)
* [CVE-2023-4329](CVE-2023/CVE-2023-43xx/CVE-2023-4329.json) (`2023-08-21T18:40:42.853`)
* [CVE-2023-4328](CVE-2023/CVE-2023-43xx/CVE-2023-4328.json) (`2023-08-21T18:40:49.270`)
* [CVE-2023-4327](CVE-2023/CVE-2023-43xx/CVE-2023-4327.json) (`2023-08-21T18:40:55.273`)
* [CVE-2023-4326](CVE-2023/CVE-2023-43xx/CVE-2023-4326.json) (`2023-08-21T18:41:02.397`)
* [CVE-2023-4325](CVE-2023/CVE-2023-43xx/CVE-2023-4325.json) (`2023-08-21T18:41:08.710`)
* [CVE-2023-4324](CVE-2023/CVE-2023-43xx/CVE-2023-4324.json) (`2023-08-21T18:41:15.497`)
* [CVE-2023-4323](CVE-2023/CVE-2023-43xx/CVE-2023-4323.json) (`2023-08-21T18:41:27.860`)
* [CVE-2023-4344](CVE-2023/CVE-2023-43xx/CVE-2023-4344.json) (`2023-08-21T18:42:16.053`)
* [CVE-2023-4342](CVE-2023/CVE-2023-43xx/CVE-2023-4342.json) (`2023-08-21T18:42:30.650`)
* [CVE-2023-4343](CVE-2023/CVE-2023-43xx/CVE-2023-4343.json) (`2023-08-21T18:42:39.583`)
* [CVE-2023-4341](CVE-2023/CVE-2023-43xx/CVE-2023-4341.json) (`2023-08-21T18:42:47.613`)
* [CVE-2023-4340](CVE-2023/CVE-2023-43xx/CVE-2023-4340.json) (`2023-08-21T18:42:54.743`)
* [CVE-2023-4338](CVE-2023/CVE-2023-43xx/CVE-2023-4338.json) (`2023-08-21T18:43:29.833`)
* [CVE-2023-4339](CVE-2023/CVE-2023-43xx/CVE-2023-4339.json) (`2023-08-21T18:43:44.337`)
* [CVE-2023-4337](CVE-2023/CVE-2023-43xx/CVE-2023-4337.json) (`2023-08-21T18:45:25.530`)
* [CVE-2023-4336](CVE-2023/CVE-2023-43xx/CVE-2023-4336.json) (`2023-08-21T18:45:37.487`)
* [CVE-2023-4335](CVE-2023/CVE-2023-43xx/CVE-2023-4335.json) (`2023-08-21T18:45:53.070`)
* [CVE-2023-4334](CVE-2023/CVE-2023-43xx/CVE-2023-4334.json) (`2023-08-21T18:46:04.563`)
* [CVE-2023-21289](CVE-2023/CVE-2023-212xx/CVE-2023-21289.json) (`2023-08-21T18:47:03.143`)
* [CVE-2023-21290](CVE-2023/CVE-2023-212xx/CVE-2023-21290.json) (`2023-08-21T18:49:23.763`)
* [CVE-2023-21292](CVE-2023/CVE-2023-212xx/CVE-2023-21292.json) (`2023-08-21T18:50:48.783`)
* [CVE-2023-26469](CVE-2023/CVE-2023-264xx/CVE-2023-26469.json) (`2023-08-21T19:15:08.140`)
* [CVE-2023-37250](CVE-2023/CVE-2023-372xx/CVE-2023-37250.json) (`2023-08-21T19:15:08.427`)
* [CVE-2023-4407](CVE-2023/CVE-2023-44xx/CVE-2023-4407.json) (`2023-08-21T19:15:08.937`)
## Download and Usage